Posted By: pharook (Wake Up. Time To Die.) on 'CZprogram' Title: Re: CASOVACI REGISTR PENTIA Date: Sat Sep 6 17:02:30 1997 Xyster: """"""" > Schanim informace o nedokumentovany registru pentia, kterej pocita ticky > casovace ... hlavne jak ho precist ... PaJaSoft: """"""""" > Slysel jsem uz pred vice jak 2 lety, ze Pentium ma nedokumentovanych vice > registru pharook: """""""" Take celkem nevim, k cemu to vyuzit. 1, Sbernici, TLB ani pipeline Pentia krokovat nehodlam 2, Na kazdem PC je dostupny obvod 8254, nebo jeho obdoba, coz je casovac, z ktereho je mozne cist s presnosti 1 193 180 Hz. Takze proc se zbytecne specializovat na casovac Pentii. Ale treba se to nekomu hodi. Nasel jsem doma na disku takovy popis od nejakych nadsencu ze zeme, kde zitra znamena vcera (nebo spis kde to, co meli na zitra, snedli uz vcera). Kdyby nekdo chtel ten soubor cely, at mi mailne na pharook@karkulka.prf.cuni.cz Takze, predavam slovo... Potemkin's Hackers Group: """"""""""""""""""""""""" RDTSC - Read From Time Stamp Counter CPU: Pentium (tm) Type of Instruction: System/User Instruction: RDTSC Description: IF (CR4.TSD=0) or ((CR4.TSD=1) and (CPL=0)) THEN { EDX:EAX <- TSC; } ELSE { General Protection Fault INT 0DH (0) } END Note: TSC is one of MSR and after global hardware reset (not SRESET , but RESET ) it clear to 0000000000000000H. TSC is MSR index 10h. TSC may set using WRMSR instruction. TSC incremented every CPU core clock cycle. Flags Affected: None CPU mode: RM,PM0,SMM ; PM,VM if enable Physical Form: RDTSC COP (Code of Operation): 0FH 31H Clocks: Pentium : n/a [20-24] --------------------------------------------------- RDMSR - Read From Model Specified Register CPU: Pentium (tm), IBM 386SLC,486SLC,486SLC2 Type of Instruction: System Instruction: RDMSR Description: IF (ECX is valid number of MSR) and (CPL=0) THEN { EDX:EAX <- MSR [ECX]; } ELSE { General Protection Fault INT 0DH (0) } END Valid number Of MSR is: Pentium: 0-2,4-0Eh,10h-13h IBM 486SLC2: 1000H-1002H IBM 386SLC: 1000H-1001H IBM 486SLC: 1000H-1001H Flags Affected: None CPU mode: RM,PM0,SMM Physical Form: RDMSR COP (Code of Operation): 0FH 32H Clocks: Pentium : 20-24 Note: The MSR # 3,0fh and >13h are reserved. Do not execute RDMSR/WRMSR with this values. Register Description MSR 0 is Machine check Exception Address register (Read only) bits Description 63..32 Reserved 31..0 Machine Check Phisical Address MSR 1 is Machine Check Type register (Read Only) bits Description 63..5 Reserved 4 LOCK =1 if bus cycle called Machine Check was Locked =0 if --//-- not locked (normal) 3 M/IO# 2 D/C# State of output pins in bus cycle called 1 W/R# / Machine check 0 CHK (Check) =1 after last read MSR 1 was Machine Check Note: This bit Clearing on reading MSR 2,4,5,6,7,8,9,Ah,Bh,Ch,Dh,Eh used to perform Cache,TLB,BTB testing. This registers named Test Registers 0,2-C. MSR Eh is Test Register 12 (TR 12) (Read/Write) bits Description 63..4 Reserved 3 CI 2 SE 1 TR (Tracing Control) After reset clear to zero. This bit enable/disable special branch trace message cycle which generating when BTB hit. =0 disable =1 enable 0 NBP MSR 10h is Time Stamp Counter (TSC) (Read/Write) Time Stamp Counter (as all other MSRs) is clearing to 0 when RESET pin shutdown and unchanged when INIT pin shutdown. TSC is incremented every CPU core clock cycle. MSR 11h is Control/Event Select Register (CESR) (Read/Write) Init value after reset = 00000000000000000h bits Description 63..25 Reserved 24 Counting Method (Counter #1) =1 count CPU cycles =0 count events 23 Allow count in CPL=3 (Counter #1) =1 Yes =0 No 22 Allow count in CPL<3 (Counter #1) =1 Yes =0 No 21..16 Event Type for Counter #1 (see below) 15..9 Reserved 8 Counting Method (Counter #0) =1 count CPU cycles =0 count events 7 Allow count in CPL=3 (Counter #0) =1 Yes =0 No 6 Allow count in CPL<3 (Counter #0) =1 Yes =0 No 5..0 Event Type for counter #0 Value Event Type 00h Data Read 01h Data Write 02h Data TLB miss 03h Data Read Miss 04h Data Write miss 05h Write hit to Modified or Exclusive Cacheline 06h Data cache lines written back 07h Data cache snoops 08h Data cache snoops hit 09h Memory access in both pipes 0Ah Data bank access conflict 0Bh Misaligned data memory references 0Ch Code read 0Dh Code TLB miss 0Eh Code cache miss 0Fh Any segment register load 10h Segment descriptor cache accessed 11h Segment descriptor cache hit 12h Branches 13h BTB hit 14h Taken branch or BTB hit 15h Pipeline flushes 16h Instructions executed 17h Instruction executed in V pipes 18h Bus utilization 19h Pipeline stalled by write backups 1Ah Pipeline stalled by data memory read 1Bh Pipeline stalled by write to M or E line 1Ch Locked bus cycle 1Dh I/O cycle 1Eh Noncachable memory references 1Fh Pipeline stalled by AGI 20h-21h Reserved 22h FP operations 23h Breakpoint 0 match 24h Breakpoint 1 match 25h Breakpoint 2 match 26h Breakpoint 3 match 27h Hardware interrupt 28h Data read or data write 29h Data read/write miss 2Ah-3Fh Reserved MSR 12h is Counter #0 (Read/Write) bits Description 63..?? Reserved ??..0 Current counter value MSR 13h is Counter #1 (Read/Write) bits Description 63..?? Reserved ??..0 Current counter value MSR 1000H is Processor Operation Register (IBM only) (486SLC/486SLC2/386SLC) bits Description 63..19 Reserved 18 LWPLA (Low Power PLA) (reserved on IBM 386SLC) 17 BUSRD (Bus Read) (reserved on IBM 386SLC) 16 CPGE (Cache Parity Generate Error) (reserved on IBM 386SLC) 15 ECNPX (Enable cachebility of NPX operands) 14 EPWIA (Enable PWI ADS) 13 ELPWH (Enable Low Power Halt Mode) 12 XTOUT (Extend Out Instruction) 11 CRLD (Cache reload bit) 10 EIKEN (Enable internal KEN#) 9 DSCL (Disable cache Lock Mode) 8 Reserved 7 CE (Cache enable) 6 EDBS (Enable DBCS) 5 EPWI (Enable Power Interrupt) 4 EFSP (Enable Flush Snooping) 3 ENSP (Enable Snoop Input) 2 A20M (Address line 20 Mask) 1 CPCE (Cache Parity Checking Enable) 0 CPE (Cache Parity Error) MSR 1001H is Cache Region Control Register (IBM only) ( IBM 386SLC/486SLC/486SLC2) bits description 63..40 Reserved 39..32 Cache Memory Limit (CMLR) 31..16 1st MB Read Only (LMROR) 15..0 1st MB Cachable (LMCR) MSR 1002H is processor operation register (IBM only) (IBM 486SLC2 only) bits description 63..30 Reserved 29 EEDFS (Enable External Dynamic Frequency Shift) 28 DFSRY (Dynamic Frequency Shift Ready) 27 DFSMD (Dynamic Frequency Shift Mode) 26..24 CLKMD (Clock Mode) =000 x2 =011 x1 23..0 Reserved Note: MSRs usefull documented in "Supplement to Pentium Processors User's Manual" (Intel Corp. 1993,1994). IBM MSRs documented in "486SLC2 (tm) Microprocessor Data Sheet" (IBM Corp. 1993,Order number: VT05452) --------------------------------------------------- WRMSR - Write to From Model Specified Register CPU: Pentium (tm), IBM 486SLC2 Type of Instruction: System Instruction: WRMSR Description: IF (ECX is valid number of MSR) and (CPL=0) THEN { MSR [ECX] <- EDX:EAX; } ELSE { General Protection Fault INT 0DH (0) } END Flags Affected: None Note: Refer to RDMSR for more Info. CPU mode: RM,PM0,SMM Physical Form: WRMSR COP (Code of Operation): 0FH 30H Clocks: Pentium : 30-45 --------------------------------------------------- ____________________________________________________________________pharook_ "Mesic je dulezitejsi nez Slunce", reklo dite. "Protoze sviti, kdyz je tma."