Single stepping Guest OS instruction with AMD processor : Intel Monitor Trap Flag equivalent for AMD

[Nitr0-G]

Hello everyone!

I am develop a hypervisor that virtualizes an existing system, and after that I need to trace the guest VM (in particular the application) according to one instruction

I initially thought that amd has something like intel, where I vmwrite in CPU_BASED_VM_EXEC_CONTROL(0x00004002) value CPU_BASED_MONITOR_TRAP_FLAG(0x08000000), but amd-v does not have this, and the tf flag does not work. I also found information that the rf flag can also affect this somehow, but I didn't understand how, since when I switch the rf flag to 1, nothing is intercepted in SvmExitHandler either.

Thus the main question: Can someone tell me how can I trace instructions in the case of amd-v? i.e., for example, initially I virtualize the entire system, after that, for example, I compiled a large application through the clang compiler with my optimization phases, then I need to trace it like:

1. vmrun
2. instruction from a guest
3. vmexit
4. my SvmExitHandler function with Exitcode dispatcher
5. some actions in Exitcode dispatcher
6. back to the first stage

Where can I find any trace rudiments in the source code?