Does not appear to read from another process

[douglasheld]

So perhaps I am being obtuse here, but this attack code directly receives the starting address and length of the secret string, does it not? It is reading bytes using the side-channel technique, but it is not reading memory belonging to another process.

Why not split the code into victim.c and attack.c ?

[douglasheld]

I tried to make this split, printing out the pointer address of the secret, and pasting that in as a parameter to attack; but it doesn't work. I don't really know the C language but it seems like maybe pointers are being handled as a really small type, the 16 bit size_t?

[Eugnis]

Original code came from Spectre paper.
Here's also implemented reading from address by passing params address and length
./spectre.out 00AB7B30 40

Putting 'The Magic Words are Squeamish Ossifrage.' in memory.
Trying malicious_x = FFFFDB28, len = 40
Reading 40 bytes:
Reading at malicious_x = FFFFDB28... Success: 0x54='T' score=2
Reading at malicious_x = FFFFDB29... Success: 0x68='h' score=2
Reading at malicious_x = FFFFDB2A... Success: 0x65='e' score=2
...

I've also tried to read from another process's address but no success. Although, Spectre should be able to do this. Current code seems works only if victim_function is a part of the same process.

[nhsloyola]

Is there any Spectre exploit available yet which lets us read data elements from a seperate process?

[tonysos507]

i tried to inject the code into target process, but no luck, crash the target program.

sorry, i change to inject dll, it works! never mind