Seems that there are two others found after more thorough analysis. Using xgetbv/xsetbv in a loop similar to the one in the article. XSETBV is an unconditionally exiting instruction so naturally it fits for the time based attack. 1/2
-
-
Show this thread
-
The other is using CPUID where EAX=0 to query CPU vendor information. For whatever reason, they loop these an exorbitant amount of times - 26,000 times. The rest of the code is virtualized with VMP - yikes. The perf overhead is extreme.
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.