All modern x86 Intel processors have probe mode.

Probe mode is another execution mode, in addition to Real, Virtual, Protected and Long. However, this mode allows unchecked access to several registers not accessible in any other mode.

Operation

There are three ways of entering probe mode: asserting a Run/Stop pin, configuring the Probe mode control register to enter via interrupt (using the Interrupt Redirect flag), or through the JTAG port using a special instruction. 

Probe mode encompasses three registers: the Probe Instruction Register (PIR), at least one Probe Data Register (PDR), and a Control Register (commonly known as PMCR). These registers (excluding PMCR) can only be read/written while in probe mode. The registers are implemented as model specific registers (MSRs). The PIR and PDRs are both AT LEAST 64 bits. While in probe mode, they are read/written to using the standard rdmsr/wrmsr opcodes. 

The PIR is essentially connected into the multiplexer(s) of the execution units. Instructions are fed into this register and executed on the execution unit. The PDR is used for transferring data to and from the execution unit. The format of the instruction in the PIR must be such that is executable within the execution unit. Instructions are a combination of x86 opcodes and a few bits extra used by the control unit. 

A undocumented JTAG command allows writing to the PIR (WRSUBPIR). An additional command is used to notify the central control unit to shift the instruction out of the PIR and execute it (only required in Pentium/P5 and Larrabee). If the instruction wrote anything to the PDR, it may be retreived via the JTAG. An example for P6+ processors of this is below (note: these opcodes must be send via the JTAG into the PIR):

Note: The PIR register is filled with repeated NOPs (0x90) after WRSUBPIR is executed. One may not retrieve data from the PIR. Data must be retrieved from the PDR. Processors since the Pentium Pro have two data registers to accomodate 64 bits for 32-bit processors, and 128 bits for 64-bit processors.

Note: PIR is 16 bytes or less for P6, and 16 bytes for Pentium III and later. The maximum instruction length for both x86-32 and x86-64 is 15 bytes (including all prefixes, opcode, ModRM, SIB, displacement, and immediate bytes).