in src/CodeProtectionSize/CodeProtectionSize.cpp [107:162]
int main(int argc, char** argv)
{
if (argc != 3)
{
cerr << "Usage: " << argv[0] << "<attacker core index, victim is 0> <size of code in bytes>\n";
return -1;
}
maxPriority();
auto attackerCore = atoi(argv[1]);
pinToCore(attackerCore);
auto sizeMem = atoi(argv[2]);
// victim
//// create victim memory
auto bVictim = reinterpret_cast<char*>(VirtualAlloc(nullptr, sizeMem, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE));
if (!bVictim)
{
cerr << "Failed to allocate buffer\n";
return -1;
}
//// fill buffer with "inc eax" and write "ret" as last instruction.
uint16_t incEax = 0xc0ff;
fillBuffer<uint16_t>(bVictim, sizeMem, incEax);
/*fillBuffer<uint8_t>(bVictim, sizeMem, 0x90);*/
bVictim[sizeMem - 2] = 0xc3;
//// create victim
ErrorHistogram e;
auto victim = [&e, bVictim] () {
wrapperStatus(e, victimCode, bVictim);
};
// attacker
//// create attacker memory
auto bAttacker = reinterpret_cast<char*>(VirtualAlloc(nullptr, sizeMemAttacker, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE));
if (!bAttacker)
{
cerr << "Failed to allocate buffer\n";
return -1;
}
memset(bAttacker, 0xc3, sizeMemAttacker);
// Run experiments
e.clear();
runExp(victim, attackerFlush, bVictim);
cout << "Experiment 1: attacker flushes CL executed by victim after certain delay.\n" << e << "\n";
e.clear();
runExp(victim, attackerConflict, bAttacker);
cout << "Experiment 2: attacker executes CLs conflicting with victim code (in L1) after certain delay.\n" << e << "\n";
return 0;
}