Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a static Boolean on the SocketOptions class to avoid using the … #1072

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added a static Boolean on the SocketOptions class to avoid using the … #1072

wants to merge 1 commit into from
+12 −0

Conversation

rickshaw5724
Copy link
Contributor

@rickshaw5724 rickshaw5724 commented Aug 31, 2023
edited by drewnoakes
Loading

…opcode injection technique for reading the time stamp counter.

Fixes #1071

@rickshaw5724
Added a static Boolean on the SocketOptions class to avoid using the …
1a2314a 
…opcode injection technique for reading the time stamp counter.
@codecov
Copy link

codecov bot commented Sep 5, 2023

Codecov Report

Merging #1072 (26b0253) into master (f416a78) will increase coverage by 65.82%.
The diff coverage is 0.00%.

❗ Current head 26b0253 differs from pull request most recent head 1a2314a. Consider uploading reports for the commit 1a2314a to get more accurate results

@@             Coverage Diff             @@
##           master    #1072       +/-   ##
===========================================
+ Coverage        0   65.82%   +65.82%     
===========================================
  Files           0      146      +146     
  Lines           0     9074     +9074     
  Branches        0     1450     +1450     
===========================================
+ Hits            0     5973     +5973     
- Misses          0     2500     +2500     
- Partials        0      601      +601
Files Changed Coverage
src/NetMQ/Core/Utils/OpCode.cs 0.00%
src/NetMQ/SocketOptions.cs ø

drewnoakes
drewnoakes reviewed Sep 6, 2023
View reviewed changes
src/NetMQ/SocketOptions.cs
Comment on lines +15 to +24
/// <summary>
/// If set, the time stamp counter is not read directly through opcode injection,
/// rather <see cref="System.Diagnostics.Stopwatch.GetTimestamp"/> is used.
/// When false, the time stamp counter is read by allocating a few bytes on the heap with
/// read/write/execute privilege. OpCode is copied to this allocated memory and invoked to read
/// the time stamp counter, (which is a register available on most modern CPUs). While this is
/// an accurate way to read the time stamp counter, because it injects code onto the heap, this
/// can be detected as a malware technique by some anti-virus defenders.
/// </summary>
public static bool DoNotUseRDTSC;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't really seem like a socket option, and we don't have any other static options here as far as I can tell.

Also the timing of setting this value is important, as the result of Open is cached in Clock.s_rdtscSupported.

Because of the timing issue, what about using something like an environment variable to control this. For example, if NETQM_SUPPRESS_RDTSC was present, it would disable any attempt to call Opcode.Open() and store a false in s_rdtscSupported. All that could happen in the static constructor of Clock.

@drewnoakes drewnoakes mentioned this pull request Sep 6, 2023
Closed
@rickshaw5724
Copy link
Contributor Author

rickshaw5724 commented Sep 6, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drewnoakes drewnoakes drewnoakes left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Antivirus dynamic shell code execution
2 participants
@rickshaw5724 @drewnoakes