avatar
oxasploits
one zero day at a time
  • HOME
  • SERVICES
  • CATEGORIES
  • ARCHIVES
  • WORDLISTS
  • EXPLOITS
  • UPTIME
  • GITHUB
  • PRIVACY
  • ABOUT
  • PREVIOUS ENEAVORS
Home Lock binaries in memory using vmtouch cache
Post
Large Logo

Lock binaries in memory using vmtouch cache

By Marshall Whittaker
Posted Nov 5, 2022 Updated Dec 8, 2022 3 min read
script tools vmtouch cache memory locking executable
If you enjoy my work, please donate! I work hard keeping oxasploits running!
Bitcoin Donation Address:
bc1qclqhff9dlvmmuqgu4907gh6gxy8wy8yqk596yp
You can also sponsor me on GitHub!
Thank you so much and happy hacking!

Speed

What does this really accomplish?

Our goal here is to first look at reads on everything you commonly use when you use a linux computer, where be it common command line utilities, or GUI apps such as Google Chrome, or Dolphin – while they run. Then we take the list, and take strip out the extreneous information, then feed it into a locked memory cache. To store files cached in memory we can use vmtouch. We can deamonize it to “lock”, or keep everything we feed into it in memory, so that when you go to run your program, instead of reading off the disk, you read from memory… which is roughly 25 times faster than most drive storage.

Here I demo how this looks with the memory cache off (first test), and then on for the second test. Since we purge dirty pages and sync before each test, we we get a realistic representation of what happens when using this, verses when not.

#!/bin/bash

# Dropping caches...
# Killing other vmtouch instances...
# Evicting vmtouch pages...
# Evicting /usr/lib/gcc/x86_64-linux-gnu/12/cc1
#
#            Files: 1
#      Directories: 0
#    Evicted Pages: 8142 (31M)
#          Elapsed: 9.3e-05 seconds
# Running test:
# Run time: .862693115
#
# Loading into memory with vmtouch...
# Sleeping 5 seconds to make sure it is loaded completely...
# /usr/lib/gcc/x86_64-linux-gnu/12/cc1
# [OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO] 8142/8142
# LOCKED 8142 pages (31M)
# Running test:
# Run time: .032221643
#

echo "Dropping caches..."
echo 1 > /proc/sys/vm/drop_caches
echo "Killing other vmtouch instances..."
pkill -f vmtouch
echo "Evicting vmtouch pages..."
vmtouch -ve /usr/lib/gcc/x86_64-linux-gnu/12/cc1
echo "Running test:"
start=`date +%s.%N`
/usr/lib/gcc/x86_64-linux-gnu/12/cc1 --help 2>&1 > /dev/null
end=`date +%s.%N`
runt=$( echo "$end - $start" | bc -l )
echo "Run time: $runt"
echo
echo "Loading into memory with vmtouch..."
vmtouch -vl /usr/lib/gcc/x86_64-linux-gnu/12/cc1 &
echo "Sleeping 5 seconds to make sure it is loaded completely..."
sleep 5
echo "Running test:"
start=`date +%s.%N`
/usr/lib/gcc/x86_64-linux-gnu/12/cc1 --help 2>&1 > /dev/null
end=`date +%s.%N`
runt=$( echo "$end - $start" | bc -l )
echo "Run time: $runt"

As you can see, we’re now pulling things from memory at a rate of abou 26.9 times as fast.

Pulling what we want into memory

Hint Ideally this should be run as a startup script!

So I wrote this script that automously detects which executable files are used commonly, then adds them to the cache that is then loaded on startup.

The script:

#!/bin/bash

stime=150
pkill vmtouch
hdir=$(echo ~)
lockf="$hdir/.chachachia.lock"

function firstrun {
echo "Checking for first run..."
if test -f "$lockf"; then
echo "Found $lockf..."
vmt;
else
echo "Looks like this is your first run, wait until watches are"
echo "eastablished, then use your computer normally for 10 min."
echo "Creating config dir..."
mkdir ~/.chachachia 2>/dev/null
findbin;
vmt;
fi
exit 0
}

function findbin {
echo "Finding system binaries and libraries..."
find /lib /usr/lib /bin /usr/bin -type f -executable -print 2>/dev/null | grep -v rootfs | grep -v live | grep -v boot > ~/.chachachia/bins.dat
echo "Finding commonly used binaries..."
inotifywatch -a open --fromfile - < ~/.chachachia/bins.dat > ~/.chachachia/most_opened.dat & sleep $stime && pkill inotifywatch
awk '{print $(NF)}' ~/.chachachia/most_opened.dat > ~/.chachachia/most_exec.dat
echo "Wrote commonly used bins to disk."
echo "cleaning up..."
rm ~/.chachachia/most_opened.dat ~/.chachachia/bins.dat
touch "$lockf"
return 0
}

function vmt {
echo "Starting virtual memory cache loader..."
vmtouch -vfld -b ~/.chachachia/most_exec.dat
echo "Done."
return 0
}

firstrun;

So you’ll need to train it so to speak, by using your computer normally for a couple mintes, while it has the inotify watches in place on the /bin /usr/bin /lib and /usr/lib directories. It should then load everything up, and you can tell it to autostart when your desktop environment starts, or on system boot to make use seamless. The results should be reflected once it states it is done, and vmtouch is deamonized. You should be able to feel the difference.

Hope this has helped you give a system a boost!
The slower your drive is in comparison to your RAM, the more difference this will make!

tools
This post is licensed under CC BY 4.0 by the author.
Share
Recently Updated
  • Enumerating SUID files targeted for priv esc
  • Writing the shortest valid C quine
  • I Hacked a Bank and Got Arrested in 2012
  • Advanced Fuzzing Techniques in ansvif
  • Fuzzotron and Radamsa pcap testcases
Trending Tags
exploit vulnerabilities PoC code-injection config perl walkthrough 0day bitcoin blueteam


  

Further Reading

Aug 16, 2022

Chipmonk with NUT to event script power outages

Ah, shit. The power went out. So you just found the key, almost have the exploit at a PoC state where it fin… Wait what? The power went out! You just lost your last 10 minutes in between commit...

Aug 30, 2022

Jekyll minification optimization

Jekyll minify intro So as you can see, I build websites with Jekyll static site generator a lot. The problem with this is the jekyll implementation is usually used on GitHub for internal sites,...

Oct 20, 2022

The importance of autonomous backups

Why do I need backups? The simple answer: You never know when you will need them, but when you need them, you really need them. With the internet rampet with viruses and worms infecting machines...

The importance of autonomous backups

Enumerating SUID files targeted for priv esc

© 2023 Marshall Whittaker. Some rights reserved.

   | Home | Services | About | Wordlists | GitHub |
| Exploits | Services | Privacy| Endeavors | Status |