Home Lock binaries in memory using vmtouch cache
Post

Lock binaries in memory using vmtouch cache

Posted Nov 5, 2022 3 min read
script tools vmtouch cache memory locking executable

Hey there, hope you're enjoying oxasploits!
Need a secure server setup, code review, vulnerability assessment, or a general technical consultation? You can hire me!

Speed

What does this really accomplish?

Our goal here is to first look at reads on everything you commonly use when you use a linux computer, where be it common command line utilities, or GUI apps such as Google Chrome, or Dolphin – while they run. Then we take the list, and take strip out the extreneous information, then feed it into a locked memory cache. To store files cached in memory we can use vmtouch. We can deamonize it to “lock”, or keep everything we feed into it in memory, so that when you go to run your program, instead of reading off the disk, you read from memory… which is roughly 25 times faster than most drive storage.

Here I demo how this looks with the memory cache off (first test), and then on for the second test. Since we purge dirty pages and sync before each test, we we get a realistic representation of what happens when using this, verses when not.

#!/bin/bash

# Dropping caches...
# Killing other vmtouch instances...
# Evicting vmtouch pages...
# Evicting /usr/lib/gcc/x86_64-linux-gnu/12/cc1
#
#            Files: 1
#      Directories: 0
#    Evicted Pages: 8142 (31M)
#          Elapsed: 9.3e-05 seconds
# Running test:
# Run time: .862693115
#
# Loading into memory with vmtouch...
# Sleeping 5 seconds to make sure it is loaded completely...
# /usr/lib/gcc/x86_64-linux-gnu/12/cc1
# [OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO] 8142/8142
# LOCKED 8142 pages (31M)
# Running test:
# Run time: .032221643
#

echo "Dropping caches..."
echo 1 > /proc/sys/vm/drop_caches
echo "Killing other vmtouch instances..."
pkill -f vmtouch
echo "Evicting vmtouch pages..."
vmtouch -ve /usr/lib/gcc/x86_64-linux-gnu/12/cc1
echo "Running test:"
start=`date +%s.%N`
/usr/lib/gcc/x86_64-linux-gnu/12/cc1 --help 2>&1 > /dev/null
end=`date +%s.%N`
runt=$( echo "$end - $start" | bc -l )
echo "Run time: $runt"
echo
echo "Loading into memory with vmtouch..."
vmtouch -vl /usr/lib/gcc/x86_64-linux-gnu/12/cc1 &
echo "Sleeping 5 seconds to make sure it is loaded completely..."
sleep 5
echo "Running test:"
start=`date +%s.%N`
/usr/lib/gcc/x86_64-linux-gnu/12/cc1 --help 2>&1 > /dev/null
end=`date +%s.%N`
runt=$( echo "$end - $start" | bc -l )
echo "Run time: $runt"

As you can see, we’re now pulling things from memory at a rate of abou 26.9 times as fast.

Pulling what we want into memory

Hint Ideally this should be run as a startup script!

So I wrote this script that automously detects which executable files are used commonly, then adds them to the cache that is then loaded on startup.

The script:

#!/bin/bash

stime=150
pkill vmtouch
hdir=$(echo ~)
lockf="$hdir/.chachachia.lock"

function firstrun {
echo "Checking for first run..."
if test -f "$lockf"; then
echo "Found $lockf..."
vmt;
else
echo "Looks like this is your first run, wait until watches are"
echo "eastablished, then use your computer normally for 10 min."
echo "Creating config dir..."
mkdir ~/.chachachia 2>/dev/null
findbin;
vmt;
fi
exit 0
}

function findbin {
echo "Finding system binaries and libraries..."
find /lib /usr/lib /bin /usr/bin -type f -executable -print 2>/dev/null | grep -v rootfs | grep -v live | grep -v boot > ~/.chachachia/bins.dat
echo "Finding commonly used binaries..."
inotifywatch -a open --fromfile - < ~/.chachachia/bins.dat > ~/.chachachia/most_opened.dat & sleep $stime && pkill inotifywatch
awk '{print $(NF)}' ~/.chachachia/most_opened.dat > ~/.chachachia/most_exec.dat
echo "Wrote commonly used bins to disk."
echo "cleaning up..."
rm ~/.chachachia/most_opened.dat ~/.chachachia/bins.dat
touch "$lockf"
return 0
}

function vmt {
echo "Starting virtual memory cache loader..."
vmtouch -vfld -b ~/.chachachia/most_exec.dat
echo "Done."
return 0
}

firstrun;

So you’ll need to train it so to speak, by using your computer normally for a couple mintes, while it has the inotify watches in place on the /bin /usr/bin /lib and /usr/lib directories. It should then load everything up, and you can tell it to autostart when your desktop environment starts, or on system boot to make use seamless. The results should be reflected once it states it is done, and vmtouch is deamonized. You should be able to feel the difference.

Hope this has helped you give a system a boost!
The slower your drive is in comparison to your RAM, the more difference this will make!

If you enjoy my work, sponsor or hire me! I work hard keeping oxasploits running!
Bitcoin Address:
bc1qclqhff9dlvmmuqgu4907gh6gxy8wy8yqk596yp

Thank you so much and happy hacking!
tools
This post is licensed under CC BY 4.0 by the author.