rigred / sandsifter-tests Goto Github PK
View Code? Open in Web Editor NEWA repository of results for runs of sandsifter on various x86 CPU's
sandsifter-tests's Issues
Sandsifter hangs on non-pae kernel
Issue:
Sandsifter hangs on certain instructions when using a (32-bit) non-pae kernel. When not running with the -N flag on non-pae kernels, sandsifter will finish almost immediately. Turning on or off the Execute Disable Bit in the BIOS does not change this behaviour.
Workaround:
Don't run on 32-bit kernels without pae.
Footnote:
The NX bit is only available with the long mode (64 bit) and PAE page-table formats, but not x86's original 32-bit page table format.
I'll test this issue later with a CPU without actual NX bit support (Pentium 4 530) in combination with non-pae and pae-enabled kernels.
i7 4700mq tests needed
Needs tests for i7 4700mq
Pull request disabled?
Can't create a branch, can't create a pull request:
Log for Pentium MMX
There is no point compressing it as it's just 175 lines. For historic purposes I powered up my old Pentium MMX 233 and used the last Debian 8, latest capstone/sandsifter git. For Debian 8 with gcc-4.8 compiling sandsifter makefile needed -fno-pie instead of -no-pie.
Here is the output:
root@debian:~/.local/share/sandsifter# cat log
#
# ./sifter.py --unk --dis --len --sync --tick -- -P1 -t
# /usr/sbin/sifter-injector -P1 -t -t -R -0 -s 622563160
#
# insn tested: 1786
# artf found: 155
# runtime: 00:00:05.15
# seed: 622563160
# arch: 32
# date: 2019-12-06 17:06:34
#
# cpu:
# processor : 0
# vendor_id : GenuineIntel
# cpu family : 5
# model : 4
# model name : Pentium MMX
# stepping : 3
# cpu MHz : 233.862
# v l s c
00 1 1 5 2 (00000000000000000000000000000000)
01 1 1 5 2 (01000000000000000000000000000000)
02 1 1 5 2 (02000000000000000000000000000000)
03 1 1 5 2 (03000000000000000000000000000000)
04 1 1 5 2 (04000000000000000000000000000000)
05 1 1 5 2 (05000000000000000000000000000000)
08 1 1 5 2 (08000000000000000000000000000000)
09 1 1 5 2 (09000000000000000000000000000000)
0a 1 1 5 2 (0a000000000000000000000000000000)
0b 1 1 5 2 (0b000000000000000000000000000000)
0c 1 1 5 2 (0c000000000000000000000000000000)
0d 1 1 5 2 (0d000000000000000000000000000000)
0f 1 1 5 2 (0f000000000000000000000000000000)
10 1 1 5 2 (10000000000000000000000000000000)
11 1 1 5 2 (11000000000000000000000000000000)
12 1 1 5 2 (12000000000000000000000000000000)
13 1 1 5 2 (13000000000000000000000000000000)
14 1 1 5 2 (14000000000000000000000000000000)
15 1 1 5 2 (15000000000000000000000000000000)
18 1 1 5 2 (18000000000000000000000000000000)
19 1 1 5 2 (19000000000000000000000000000000)
1a 1 1 5 2 (1a000000000000000000000000000000)
1b 1 1 5 2 (1b000000000000000000000000000000)
1c 1 1 5 2 (1c000000000000000000000000000000)
1d 1 1 5 2 (1d000000000000000000000000000000)
20 1 1 5 2 (20000000000000000000000000000000)
21 1 1 5 2 (21000000000000000000000000000000)
22 1 1 5 2 (22000000000000000000000000000000)
23 1 1 5 2 (23000000000000000000000000000000)
24 1 1 5 2 (24000000000000000000000000000000)
25 1 1 5 2 (25000000000000000000000000000000)
26 1 1 5 2 (26000000000000000000000000000000)
28 1 1 5 2 (28000000000000000000000000000000)
29 1 1 5 2 (29000000000000000000000000000000)
2a 1 1 5 2 (2a000000000000000000000000000000)
2b 1 1 5 2 (2b000000000000000000000000000000)
2c 1 1 5 2 (2c000000000000000000000000000000)
2d 1 1 5 2 (2d000000000000000000000000000000)
2e 1 1 11 128 (2e000000000000000000000000000000)
30 1 1 5 2 (30000000000000000000000000000000)
31 1 1 5 2 (31000000000000000000000000000000)
32 1 1 5 2 (32000000000000000000000000000000)
33 1 1 5 2 (33000000000000000000000000000000)
34 1 1 5 2 (34000000000000000000000000000000)
35 1 1 5 2 (35000000000000000000000000000000)
36 1 1 5 2 (36000000000000000000000000000000)
38 1 1 5 2 (38000000000000000000000000000000)
39 1 1 5 2 (39000000000000000000000000000000)
3a 1 1 5 2 (3a000000000000000000000000000000)
3b 1 1 5 2 (3b000000000000000000000000000000)
3c 1 1 5 2 (3c000000000000000000000000000000)
3d 1 1 5 2 (3d000000000000000000000000000000)
3e 1 1 5 2 (3e000000000000000000000000000000)
62 1 1 5 2 (62000000000000000000000000000000)
63 1 1 5 2 (63000000000000000000000000000000)
64 1 1 11 128 (64000000000000000000000000000000)
66 1 1 5 2 (66000000000000000000000000000000)
67 1 1 5 2 (67000000000000000000000000000000)
68 1 1 5 2 (68000000000000000000000000000000)
69 1 1 5 2 (69000000000000000000000000000000)
6a 1 1 5 2 (6a000000000000000000000000000000)
6b 1 1 5 2 (6b000000000000000000000000000000)
70 1 1 5 2 (70000000000000000000000000000000)
71 1 1 5 2 (71000000000000000000000000000000)
72 1 1 5 2 (72000000000000000000000000000000)
73 1 1 5 2 (73000000000000000000000000000000)
74 1 1 5 2 (74000000000000000000000000000000)
75 1 1 5 2 (75000000000000000000000000000000)
76 1 1 5 2 (76000000000000000000000000000000)
77 1 1 5 2 (77000000000000000000000000000000)
78 1 1 5 2 (78000000000000000000000000000000)
79 1 1 5 2 (79000000000000000000000000000000)
7a 1 1 5 2 (7a000000000000000000000000000000)
7b 1 1 5 2 (7b000000000000000000000000000000)
7c 1 1 5 2 (7c000000000000000000000000000000)
7d 1 1 5 2 (7d000000000000000000000000000000)
7e 1 1 5 2 (7e000000000000000000000000000000)
7f 1 1 5 2 (7f000000000000000000000000000000)
80 1 1 5 2 (80000000000000000000000000000000)
81 1 1 5 2 (81000000000000000000000000000000)
82 1 1 5 2 (82000000000000000000000000000000)
83 1 1 5 2 (83000000000000000000000000000000)
84 1 1 5 2 (84000000000000000000000000000000)
85 1 1 5 2 (85000000000000000000000000000000)
86 1 1 5 2 (86000000000000000000000000000000)
87 1 1 5 2 (87000000000000000000000000000000)
88 1 1 5 2 (88000000000000000000000000000000)
89 1 1 5 2 (89000000000000000000000000000000)
8a 1 1 5 2 (8a000000000000000000000000000000)
8b 1 1 5 2 (8b000000000000000000000000000000)
8c 1 1 5 2 (8c000000000000000000000000000000)
8d 1 1 5 2 (8d000000000000000000000000000000)
8f 1 1 5 2 (8f000000000000000000000000000000)
9a 1 1 11 128 (9a000000000000000000000000000000)
a0 1 1 5 2 (a0000000000000000000000000000000)
a1 1 1 5 2 (a1000000000000000000000000000000)
a2 1 1 5 2 (a2000000000000000000000000000000)
a3 1 1 5 2 (a3000000000000000000000000000000)
a8 1 1 5 2 (a8000000000000000000000000000000)
a9 1 1 5 2 (a9000000000000000000000000000000)
b0 1 1 5 2 (b0000000000000000000000000000000)
b1 1 1 5 2 (b1000000000000000000000000000000)
b2 1 1 5 2 (b2000000000000000000000000000000)
b3 1 1 5 2 (b3000000000000000000000000000000)
b4 1 1 5 2 (b4000000000000000000000000000000)
b5 1 1 5 2 (b5000000000000000000000000000000)
b6 1 1 5 2 (b6000000000000000000000000000000)
b7 1 1 5 2 (b7000000000000000000000000000000)
b8 1 1 5 2 (b8000000000000000000000000000000)
b9 1 1 5 2 (b9000000000000000000000000000000)
ba 1 1 5 2 (ba000000000000000000000000000000)
bb 1 1 5 2 (bb000000000000000000000000000000)
bd 1 1 5 2 (bd000000000000000000000000000000)
be 1 1 5 2 (be000000000000000000000000000000)
bf 1 1 5 2 (bf000000000000000000000000000000)
c0 1 1 5 2 (c0000000000000000000000000000000)
c1 1 1 5 2 (c1000000000000000000000000000000)
c2 1 1 5 2 (c2000000000000000000000000000000)
c6 1 1 5 2 (c6000000000000000000000000000000)
c7 1 1 5 2 (c7000000000000000000000000000000)
ca 1 1 11 128 (ca000000000000000000000000000000)
cd 1 1 11 128 (cd000000000000000000000000000000)
d0 1 1 5 2 (d0000000000000000000000000000000)
d1 1 1 5 2 (d1000000000000000000000000000000)
d2 1 1 5 2 (d2000000000000000000000000000000)
d3 1 1 5 2 (d3000000000000000000000000000000)
d4 1 1 8 1 (d4000000000000000000000000000000)
d5 1 1 5 2 (d5000000000000000000000000000000)
d8 1 1 5 2 (d8000000000000000000000000000000)
d9 1 1 5 2 (d9000000000000000000000000000000)
da 1 1 5 2 (da000000000000000000000000000000)
db 1 1 5 2 (db000000000000000000000000000000)
dc 1 1 5 2 (dc000000000000000000000000000000)
dd 1 1 5 2 (dd000000000000000000000000000000)
de 1 1 5 2 (de000000000000000000000000000000)
df 1 1 5 2 (df000000000000000000000000000000)
e0 1 1 5 2 (e0000000000000000000000000000000)
e1 1 1 5 2 (e1000000000000000000000000000000)
e2 1 1 5 2 (e2000000000000000000000000000000)
e3 1 1 5 2 (e3000000000000000000000000000000)
e4 1 1 11 128 (e4000000000000000000000000000000)
e5 1 1 11 128 (e5000000000000000000000000000000)
e6 1 1 11 128 (e6000000000000000000000000000000)
e7 1 1 11 128 (e7000000000000000000000000000000)
e8 1 1 5 2 (e8000000000000000000000000000000)
e9 1 1 5 2 (e9000000000000000000000000000000)
ea 1 1 11 128 (ea000000000000000000000000000000)
eb 1 1 5 2 (eb000000000000000000000000000000)
f0 1 1 5 2 (f0000000000000000000000000000000)
f2 1 1 5 2 (f2000000000000000000000000000000)
f3 1 1 5 2 (f3000000000000000000000000000000)
f6 1 1 5 2 (f6000000000000000000000000000000)
f7 1 1 5 2 (f7000000000000000000000000000000)
fe 1 1 5 2 (fe000000000000000000000000000000)
ff 1 1 5 2 (ff000000000000000000000000000000)
Incomplete logs due to a issue in injector with certain CPU's
So it turns out that on certain intel CPU's sandsifter will terminate prematurely (segfault in injector) when the injector is not compiled as static.
This has been resolved and tested. It turns out that a majority of the test results where thus broken as they miss a set of data after either of these instructions:
660f8fff000000000000000000000000660f1fff000000000000000000000000
The instruction where it should end on is:
f3dfc7 or dfc7 for short.
CPU's that were unaffected by this include:
* All AMD Ryzen CPU's
* Intel Pentium B970 (Sandy Bridge)
* Intel i3-3120m (Ivy Bridge) - Probably a Sandy Bridge part actually
All other tests terminated prematurely result in a square 200Mb Log file size.
This includes:
@jotebe
- core2duo P8400
- Intel i3-4130T
- Intel Xeon E3-1225 v3
- Intel i5-2540M
- Intel 4790k
- Intel 4770?
I sincerely apologize for not catching this earlier.
I would like to ask you to rerun the test and contribute the full result.
You are of course free to do so at your own will & time.
Sincerely
Rigo
Open database and scanner?
Hello,
The intention is great, but I find compressed logs not that handy.
What about an open database with per chip the three categories : undocumented instructions, software bug, hardware bug?
With a script to check binaries in your system (linux/windows/...) against your corresponding database entry?
BR
Most logs seem incomplete
Hello, I faced various crashes during 'standard' sandsifter scanning.
I ran some commands to see where the other scans ended :
#extracting archives and "organizing content".
maxzor@maxdeb970:~/sandsifter/tests/intel$for i in *; do a=`echo $i|sed 's/.tar.xz//g'`; tar xvf $i; mv log log_$a || mv data/log log_$a; done
#looking at the last instruction in each log.
maxzor@maxdeb970:~/sandsifter/tests/intel$for i in log*; do echo $i `tail -1 $i | sed 's/(|)//g'` | awk '{ printf "%-30s %-15s\n", $1, $7}'; done
Here is the output :
log_i7-4700mq --------------------- 660f1fff000000000000000000000000
log_i7-4790k ----------------------- 660f1fff000000000000000000000000
log_intel_core2duo-P8400 ------- 660f1fff000000000000000000000000
log_intel_i3-3120M ---------------- f3dfc700000000000000000000000000
log_intel_i3-4130T ---------------- 660f8fff000000000000000000000000
log_intel_i5-2500 ------------------ 660f8fff000000000000000000000000
log_intel_i5-2540M ---------------- 660f1fff000000000000000000000000
log_intel_i5-3210m ---------------- 660f1fff000000000000000000000000
log_intel_pentium_4-630 -------- 660f8fff000000000000000000000000
log_intel_pentium-B970 --------- f3dfc700000000000000000000000000
log_intel_xeon-E3-1225-v3 ----- 660f1fff000000000000000000000000
It seems most Intel scans encounter a problem at (edit: soon after) instructions 660f1fff or 660f8fff000000.
Maybe it has to do with a log file limit, logs ending with 660f1fff are 200MB square.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.