Exploration of x86-64 ISA using speculative execution.

Overview

Haruspex

/həˈrʌspeks/

A religious official in ancient Rome who predicted the future or interpreted the meaning of events by examining the insides of birds or animals that had been sacrificed.

Exploration of x86-64 ISA using speculative execution.

Haruspex is a project attempting to explore and audit the x86-64 instruction set by (ab)using speculative execution and certain low-level performance counters Intel CPUs provide mainly for the identification of undocumented opcodes and deducing the pipeline properties of each instruction. You can find the article explaining the methodology here.

  • /analysis contains the Node.js server responsible for reducing the dataset and serving it as an interactive table, which you can find live at haruspex.can.ac .
  • /kernel contains the code responsible for producing this data, note that it is essentially "pseudo-code" due to some of the dependencies and parts of the toolchain I used to build it I cannot share, but should be pretty easy to translate it to work in your OS.
  • /raw-data contains the raw data from certain processors.

Thanks to

  • @JustasMasiulis for helping with the web components.
  • @H4vC for the name.

License

Haruspex is licensed under the GNU General Public License v3.

You might also like...
Parallel implementation of Dijkstra's shortest path algorithm using MPI

Parallel implementation of Dijkstra's shortest path algorithm using MPI

gem5 simulator to evaluate the design idea proposed in ASAP: A Speculative Approach to Persistence

About this repository This repository contains the gem5 simulator code for evaluating the design idea proposed in ASAP: A Speculative Approach to Pers

RISC-V has a 128-bit ISA that is fairly developed, but not standardized fully yet.

128-bit RISC-V assembler RISC-V has a 128-bit ISA that is fairly developed, but not standardized fully yet. I am maintaining a RISC-V userspace emulat

Command line tool for offline shader ISA inspection.

Intel Shader Analyzer Intel Shader Analyzer is a tool for offline static analysis of shaders for Intel GPU Architectures. It allows a user to compile

C++17 exploration of a classic MUD like game

MUD++ - C++17 Simple MUD Engine MUD++ is a small attempt at building a C++17, modern version of a MUD server engine. Consider it half-serious (I wish

Space exploration, trading, and combat game.

Endless Sky Explore other star systems. Earn money by trading, carrying passengers, or completing missions. Use your earnings to buy a better ship or

A port of the Linux x86 IOLI crackme challenges to x86-64

This is a port of the original Linux x86 IOLI crackme binaries to x86-64. The original set of IOLI crackmes can be found here: https://github.com/Maij

A simple D3D11 Hook for x64 and x86 games. This project is ready to compile (x64 or x86).
A simple D3D11 Hook for x64 and x86 games. This project is ready to compile (x64 or x86).

D3D11Hook Features: Good Performance Simple, clean, GUI. Rendering using ImGui Clean code Easy to use with another project C++ 17 Xor String Ready to

A refactored Proof-of-concept originally developed in 2017 to print all function calls with their arguments data types and values using Ptrace during program execution.

print-function-args-debugger A refactored Proof-of-concept originally developed in 2017 to print all function calls with their arguments data types an

🎻 Automatic Exploit Generation using symbolic execution

S2E Library This repository contains all the necessary components to build libs2e.so. This shared library is preloaded in QEMU to enable symbolic exec

CPU Performance Evaluation and Execution Time Prediction Using Narrow Spectrum Benchmarking

This is a simple implementation of Saavedra-Barrera's paper SAAVEDRA-BARRERA R H. CPU Performance Evaluation and Execution Time Prediction Using Narrow Spectrum Benchmarking[D/OL]. UCB/CSD92-684. EECS Department, University of California, Berkeley, 1992.

A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.

manual-syscall-detect A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks. Description A full write-up of this to

A library for enabling task-based multi-threading. It allows execution of task graphs with arbitrary dependencies.

Fiber Tasking Lib This is a library for enabling task-based multi-threading. It allows execution of task graphs with arbitrary dependencies. Dependenc

Kokkos C++ Performance Portability Programming EcoSystem: The Programming Model - Parallel Execution and Memory Abstraction

Kokkos: Core Libraries Kokkos Core implements a programming model in C++ for writing performance portable applications targeting all major HPC platfor

Powerful multi-threaded coroutine dispatcher and parallel execution engine

Quantum Library : A scalable C++ coroutine framework Quantum is a full-featured and powerful C++ framework build on top of the Boost coroutine library

Directed Acyclic Graph Execution Engine (DAGEE) is a C++ library that enables programmers to express computation and data movement, as task graphs that are scheduled concurrently and asynchronously on both CPUs and GPUs.

Directed Acyclic Graph Execution Engine (DAGEE) is a C++ library that enables programmers to express computation and data movement, as tasks in a graph structure, where edges represent task dependencies

Mystikos is a set of tools for running applications in a hardware trusted execution environment (TEE)
Mystikos is a set of tools for running applications in a hardware trusted execution environment (TEE)

Mystikos is a set of tools for running applications in a hardware trusted execution environment (TEE). The current release supports Intel ® SGX while other TEEs may be supported in future releases. Linux is also a supported target, though only suitable for testing purposes as it provides no additional protection.

SymQEMU: Compilation-based symbolic execution for binaries

SymQEMU This is SymQEMU, a binary-only symbolic executor based on QEMU and SymCC. It currently extends QEMU 4.1.1 and works with the most recent versi

Alternative Shellcode Execution Via Callbacks

Alternative Code Execution This is gaining more popularity than expected, so I just wanted to give a shoutout to alfarom256 for informing me about cal

Comments
  • Add Fractal mapping view

    Add Fractal mapping view

    Add alternative Fractal mapping layout of the grid to better show close associations between groups of opcodes; similar to XKCD 195:

    • https://xkcd.com/195/ ("Map of the Internet")
    opened by sladen 0
  • URL scheme should be future proof

    URL scheme should be future proof

    Current URL scheme is:

    • /browse/xxyyzz

    Better scheme would be:

    • /chips/ ("directory listing" of chips)
    • /chips/i12345/ (meta data/notes/photo/Wikipedia link etc on that particular chip)
    • /chips/i12345/instructions/xx/yy/zz (progressively deeper instruction exploration)

    This keeps a tidy REST URL scheme, that allows additional going up and down the directory structure clearly. An initial redirect could still be one to /chips/i1234/. Replacing instructions/ with x86-64/ would be technically less RESTy, but might be more intuitive/have better Google-fu:

    • /chips/i12345/x86-64/xx/yy/zz

    But might help with keeping open the option for exploring different instruction sets on the same chip.

    enhancement 
    opened by sladen 0
Owner
Can Bölük
Security researcher and reverse engineer; mostly interested in Windows kernel development and low-level programming.
Can Bölük
Kokkos C++ Performance Portability Programming EcoSystem: The Programming Model - Parallel Execution and Memory Abstraction

Kokkos: Core Libraries Kokkos Core implements a programming model in C++ for writing performance portable applications targeting all major HPC platfor

Kokkos 1.2k Nov 27, 2022
Powerful multi-threaded coroutine dispatcher and parallel execution engine

Quantum Library : A scalable C++ coroutine framework Quantum is a full-featured and powerful C++ framework build on top of the Boost coroutine library

Bloomberg 480 Nov 28, 2022
SymQEMU: Compilation-based symbolic execution for binaries

SymQEMU This is SymQEMU, a binary-only symbolic executor based on QEMU and SymCC. It currently extends QEMU 4.1.1 and works with the most recent versi

null 223 Nov 28, 2022
C++-based high-performance parallel environment execution engine for general RL environments.

EnvPool is a highly parallel reinforcement learning environment execution engine which significantly outperforms existing environment executors. With

Sea AI Lab 685 Dec 2, 2022
Sqrt OS is a simulation of an OS scheduler and memory manager using different scheduling algorithms including Highest Priority First (non-preemptive), Shortest Remaining Time Next, and Round Robin

A CPU scheduler determines an order for the execution of its scheduled processes; it decides which process will run according to a certain data structure that keeps track of the processes in the system and their status.

null 10 Sep 7, 2022
A novel technique to communicate between threads using the standard ETHREAD structure

??️ dearg-thread-ipc-stealth Usage There are two main exported methods, one to read from another thread, and another to serve the content to another t

Lloyd 94 Nov 10, 2022
🧵 Fast and easy multithreading for React Native using JSI

react-native-multithreading ?? Fast and easy multithreading for React Native using JSI. Installation npm install react-native-multithreading npx pod-i

Marc Rousavy 978 Nov 30, 2022
Discrete-event simulation in C++20 using coroutines

SimCpp20 SimCpp20 is a discrete-event simulation framework for C++20. It is similar to SimPy and aims to be easy to set up and use. Processes are defi

Felix Schütz 34 Nov 15, 2022
Thread pool - Thread pool using std::* primitives from C++17, with optional priority queue/greenthreading for POSIX.

thread_pool Thread pool using std::* primitives from C++11. Also includes a class for a priority thread pool. Requires concepts and C++17, including c

Tyler Hardin 75 Sep 23, 2022
Thread-pool - Thread pool implementation using c++11 threads

Table of Contents Introduction Build instructions Thread pool Queue Submit function Thread worker Usage example Use case#1 Use case#2 Use case#3 Futur

Mariano Trebino 647 Nov 25, 2022