Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- detect valgrind on x86-64 systems
- How it works is let as an exercise for the reader ;)
- example :
- elvanderb@elvanderb:~$ valgrind --smc-check=all ./valgrind_detect
- ==18368== Memcheck, a memory error detector
- ==18368== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
- ==18368== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
- ==18368== Command: ./valgrind_detect
- ==18368==
- Nb bytes written : 00000804
- Probably monitored by valgrind
- ==18368==
- ==18368== HEAP SUMMARY:
- ==18368== in use at exit: 0 bytes in 0 blocks
- ==18368== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
- ==18368==
- ==18368== All heap blocks were freed -- no leaks are possible
- ==18368==
- ==18368== For counts of detected and suppressed errors, rerun with: -v
- ==18368== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)
- elvanderb@elvanderb:~$ ./valgrind_detect
- Nb bytes written : 00000811
- No valgrind detected
- **/
- #include <stdio.h>
- #include <stdlib.h>
- #include <stdint.h>
- #include <sys/mman.h>
- int main()
- {
- uint8_t* page;
- uint32_t nb_written = 0xFFFFFFFF;
- page = mmap(NULL, 0x1000, PROT_EXEC | PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
- if (! page)
- {
- fprintf(stderr, "mmap failed\n");
- return 1;
- }
- // 0x803 is in the middle of the cache to ensure that it'll be overwritten by the rep movsb
- page[0x803] = 0xF3; // rep prefix
- page[0x804] = 0xAA; // stosb
- __asm__("movq %1, %%rdx ;"
- "movq %%rdx, %%rdi ;"
- "addq $0x803, %%rdx ;"
- "xor %%ecx, %%ecx ;"
- "dec %%ecx ;"
- "movb $0xC3, %%al ;"
- "callq *%%rdx ;"
- "movl %%ecx, %0 ;"
- : "=r"(nb_written)
- : "r"(page)
- : "%eax", "%edi", "%ecx", "%edx");
- nb_written = 0xFFFFFFFF - nb_written;
- printf("Nb bytes written : %08X\n", nb_written);
- if (nb_written <= 0x804)
- {
- printf("Probably monitored by valgrind\n");
- return 1;
- }
- printf("No valgrind detected\n");
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement