slight edit to README.md

.gitignore

@@ -0,0 +1,5 @@
+poc
+poc_poison
+poc_rand
+poc_vis
+

Makefile

@@ -1,25 +1,14 @@
 CC= cc
-CFLAGS += -O0 -std=gnu99
+CFLAGS += -O0 -std=gnu99 -g
 LDFLAGS += -lm
 CPPFLAGS +=
 
-EXES= poc poc_poison poc_vis poc_rand
+EXES= scan
 
 all: $(EXES)
 
 clean:
 	rm -f $(EXES)
 
-poc: poc.c
+scan: scan.c
 	$(CC) -o $@ $+ $(CFLAGS) $(LDFLAGS) $(CPPFLAGS)
-
-poc_poison: poc.c
-	$(CC) -o $@ $+ $(CFLAGS) $(LDFLAGS) -DPOISON $(CPPFLAGS)
-
-poc_vis: poc.c
-	$(CC) -o $@ $+ $(CFLAGS) $(LDFLAGS) -DVISUALIZE $(CPPFLAGS)
-
-poc_rand: poc.c
-	$(CC) -o $@ $+ $(CFLAGS) $(LDFLAGS) -DRANDOMIZE $(CPPFLAGS)
-
-.PHONY: all clean

README.md

@@ -1,32 +1,50 @@
-Spectre and Meltdown Proof-of-Concept
+Spectre and Meltdown Vuln Scanner
 =====================================
 
-Read kernel addresses by stalling the pipeline and speculatively hitting a cacheline:
+This scanner first enables the /proc/kallsyms file to find your syscall table address.
+Once the address is found, it attempts to exploit speculative execution (mis)training
+to find syscalls near the syscall table. If it is able to do so it will report you
+as vulnerable. If not, it will tell you that you are not vulnerable.
 
-```
-$ make
-...
-$ grep ' sys_call_table' /proc/kallsyms
-ffffffff8f800180 R sys_call_table
-$ ./poc ffffffff8f800180
-0xffffffff8f800180 | 10 40 23 8f ff ff ff ff d0 40 23 8f ff ff ff ff
-0xffffffff8f800190 | c0 14 23 8f ff ff ff ff 60 f6 22 8f ff ff ff ff
-0xffffffff8f8001a0 | 40 91 23 8f ff ff ff ff 70 91 23 8f ff ff ff ff
-0xffffffff8f8001b0 | 50 91 23 8f ff ff ff ff 10 af 24 8f ff ff ff ff
-...
-```
-
-![Motivational GIF](http://tcpst.net/unea.gif)
+Usage:
 
-Read kernel addresses by poisoning the branch predictor and speculatively hitting a cacheline:
-```
-$ ./poc_poison ffffffff8f800180
-cutoff: 192
-0xffffffff8f800180 | 10 40 23 8f ff ff ff ff d0 40 23 8f ff ff ff ff
-...
 ```
+punk@dtsp-server ~/dev/spectre-meltdown-poc $ ls
+btb.c  Makefile  README.md  scan.c  scanner.py
 
-Visualize memory read timings:
-```
-$ ./poc_vis ffffffff8f800180
+punk@dtsp-server ~/dev/spectre-meltdown-poc $ make
+cc -o scan scan.c -O0 -std=gnu99 -g -lm 
+scan.c: In function ‘read_byte’:
+scan.c:266:10: warning: format ‘%g’ expects argument of type ‘double’, but argument 2 has type ‘int’ [-Wformat=]
+   printf("%20.13g %02x", 0, 0);
+          ^
+scan.c: In function ‘main’:
+scan.c:360:18: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
+    first_addr[9] = NULL;
+                  ^
+scan.c:361:19: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
+    second_addr[9] = NULL;
+                   ^
+
+punk@dtsp-server ~/dev/spectre-meltdown-poc $ ls
+btb.c  Makefile  README.md  scan  scan.c  scanner.py
+punk@dtsp-server ~/dev/spectre-meltdown-poc $ sudo python3 scanner.py
+Found your syscall table at ffffffff88c00200! Attempting to abuse spec exec to find syscalls...
+ffffffff8842f820 T SyS_close
+ffffffff8842f820 T sys_close
+ffffffff884317e0 T SyS_open
+ffffffff884317e0 T sys_open
+ffffffff884341e0 T SyS_read
+ffffffff884341e0 T sys_read
+ffffffff884342a0 T SyS_write
+ffffffff884342a0 T sys_write
+ffffffff88438950 T SyS_newstat
+ffffffff88438950 T sys_newstat
+ffffffff88438960 T SyS_newlstat
+ffffffff88438960 T sys_newlstat
+ffffffff88438980 T SyS_newfstat
+ffffffff88438980 T sys_newfstat
+ffffffff8844a1b0 T SyS_poll
+ffffffff8844a1b0 T sys_poll
+We were able to find the above addresses of your syscall table using speculative execution (mis)training. You are likely vulnerable to SPECTRE and/or Meltdown.
 ```