A computer components & hardware forum. HardwareBanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » HardwareBanter forum » General Hardware & Peripherals » Homebuilt PC's
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Time Slice Visualizer to Detect Firmware Spyware using CPU.



 
 
Thread Tools Display Modes
  #1  
Old June 8th 18, 02:51 PM posted to alt.comp.hardware.pc-homebuilt
[email protected]
external usenet poster
 
Posts: 533
Default Time Slice Visualizer to Detect Firmware Spyware using CPU.

Now google groups isn't working lol.

Anyway here is the tool, I made it available via github cause mijndomein.nl is also not working correctly.

https://github.com/SkybuckFlying/Hel...pplication.exe

This tool spawns 1 gui thread and 1 main processing thread.

The 1 main processing thread will visualize it's time slices by drawing black, red or green pixels.

The black gaps represent interrupted activity. If it's black the thread could not run and something else was run. Red is little time was left to process that particular pixel could also be slightly suspicious but could also indicate the end of a time slice.

Green indicates the thread had cpu time available to fill the pixel at least twice.

Which is probably insufficient to be super reliable or good indicator but at least it's something, so red = pixel was filled exactly once, green greater than once.

However since time slices are usually 10 milliseconds, this simple tool should be enough for now to get an idea if something suspicious is running on the system.

This tool was not created to detect firmware spyware in particular, it was written to simply to examine the effect of time slicing on audio i/o buffers. Paul realized such a tool might be able to detect spyware inside firmware which interrupts the processor to run it's spyware.

This tool may therefore detect it.

Perhaps more advanced tools can be written in the future.

For now enjoy it for what it's worth !

Bye,
Skybuck.
  #2  
Old June 8th 18, 03:00 PM posted to alt.comp.hardware.pc-homebuilt
[email protected]
external usenet poster
 
Posts: 533
Default Time Slice Visualizer to Detect Firmware Spyware using CPU.

Some further information:

1. Multiple instances can be started and via task manager affinity can be set to a specific core.

2. Screen of application can be resized and should then fill the new screen, this allows the thread to do more pixel processing and consume more cpu time to try and detect more fine grained time slices/interrupts, though spyware might detect higher cpu usage and stay dormant.

The affinity experiment is quite interesting to see what operations/events like mouse events get executed on what core !

Bye,
Skybuck.

  #3  
Old June 8th 18, 03:03 PM posted to alt.comp.hardware.pc-homebuilt
[email protected]
external usenet poster
 
Posts: 533
Default Time Slice Visualizer to Detect Firmware Spyware using CPU.

So far my conclusion concerning mouse events and such would be:

1. Mouse events are handled by both cores on my Dual Core AMD X2 3800+.

2. Resizing of windows explorer is handled by one core only.

Bye,
Skybuck.
  #4  
Old June 8th 18, 03:27 PM posted to alt.comp.hardware.pc-homebuilt
[email protected]
external usenet poster
 
Posts: 533
Default Time Slice Visualizer to Detect Firmware Spyware using CPU.

Some further observations, the program was written in 2012 so had to think/figure out how it worked exactly !

The program will always try to consume maximum processing power for it's single thread/core.

It's processing power is "smeared" over the pixels available. If there are many pixels available and only little processing power than all pixels will turn red or black. Black = no processing power available, red = exactly 1 pixel processing power available.

So for example maximizing the screen may show all red pixels depending on how fast your computer is.

Reducing the screen size has no effect on cpu consumption. Instead the same pixel will be filled multiple times, indicated by green color. (fill count 1 = green)

So this app can easily consume near 100% cpu power by running it twice for my purchased dual core AMD X2 3800+ processor.

Green/Red is a nice helper to give some idea of how much processing power your core has.. also the re-sizing is for convenience as well to keep it smaller if necessary.

The re-sizing may fail/might be bugged/locked, in that case try clicking stop... then re-size and click start again... this should make it work again.

So just liked to point out there is no way for now to make it consume less cpu processing power... for now it makes no sense to do so... cause all cpu processing power must be consumed to have any chance of detecting "stolen" cpu processing power

However perhaps there might be a way in the future to detect "stolen cpu processing power" easier without consuming so much processing power.

One idea which pops into my head is:

1. Relinquish control of the cpu. In other words, give up the time slice for the thread... but do "mark" where it was supposed to "run/start". And perhaps also mark where it was suppose to "stop". If all app instances do this then basically all cpu processing power would have been theirs. Now once the thread is run again it can figure out if there are gaps between where it should have been and where it actually is... this may be hard to do accurate or perhaps not... not sure about this... but could be worth a try to figure this out. For example a time slice run could be done to see how many pixels per time slice it can process. Then this can be used as some length indicator of where it should have been after it was given control again off the cpu.

The idea is that if no other threads are running, then the thread should regain control every 10 milliseconds.

For example sleep(0) or event signalling can be used to re-gain control this way..

So idea is basically:

1. Thread runs.
2. Thread measures time/start point.
3. Thread goes to sleep.
4. Thread is re-awakened by OS because nothing else is running.
5. Thread notes end point, computes where end point should have been, any gaps are suspicious. All is visualized including the gaps.
6. Thus gaps can be drawn as well and could be suspicious.

However if such an app is reliable remains to be seen.

For now the current max cpu processing power consuming app is quite nice ! =D

Bye,
Skybuck.
  #5  
Old June 10th 18, 06:35 PM posted to alt.comp.hardware.pc-homebuilt
[email protected]
external usenet poster
 
Posts: 533
Default Time Slice Visualizer to Detect Firmware Spyware using CPU.

Ok problem with webhosting solved.

Webhoster probably moved to a new sftp server while letting the old ftp server run

TimeSliceVisualizer application can now be downloaded from my humble website =D

http://www.skybuck.org/Applications/...iceVisualizer/

Bye,
Skybuck =D
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to slice a 2TB drive? Metspitzer Homebuilt PC's 18 March 14th 11 11:12 PM
How to rid your PC of spyware anyue[_8_] Dell Computers 2 March 26th 08 06:32 PM
Install OS on new hard drive without media slice wfromoz Dell Computers 4 January 9th 08 06:20 AM
Spyware Aspasia Dell Computers 18 February 15th 06 04:28 AM
How do I find what firmware my optical has? Might update firmware. Larc General 0 July 10th 04 05:07 PM


All times are GMT +1. The time now is 11:00 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 HardwareBanter.
The comments are property of their posters.