Version 2.16.1

README.md

@@ -225,3 +225,6 @@ v1.0-1.8
 * PCIe BAR information and user callback (easier implementation of custom devices).
 * ARM64 memory dump (.dmp) and VMWare Fusion (.vmem/.vmsn) support.
 * Improved handling of PCIe TLP user callback.
+
+Latest:
+* I/O BAR support.

includes/leechcore.h

@@ -14,7 +14,7 @@
 // (c) Ulf Frisk, 2020-2023
 // Author: Ulf Frisk, pcileech@frizk.net
 //
-// Header Version: 2.16
+// Header Version: 2.16.1
 //
 
 #ifndef __LEECHCORE_H__
@@ -437,12 +437,11 @@ BOOL LcCommand(
 #define LC_CMD_FPGA_TLP_CONTEXT_RD                  0x2000011b00000000  // R - get TLP user-defined context to be passed to callback function. [not remote].
 #define LC_CMD_FPGA_TLP_FUNCTION_CALLBACK           0x2000011500000000  // W - set/unset TLP callback function (pbDataIn == PLC_TLP_CALLBACK). [not remote].
 #define LC_CMD_FPGA_TLP_FUNCTION_CALLBACK_RD        0x2000011c00000000  // R - get TLP callback function. [not remote].
-#define LC_CMD_FPGA_BAR_CONTEXT                     0x2000011800000000  // W - set/unset BAR user-defined context to be passed to callback function. (pbDataIn == LPVOID user context). [not remote].
-#define LC_CMD_FPGA_BAR_CONTEXT_RD                  0x2000011d00000000  // R - get BAR user-defined context to be passed to callback function. [not remote].
-#define LC_CMD_FPGA_BAR_FUNCTION_CALLBACK           0x2000011900000000  // W - set/unset BAR callback function (pbDataIn == PLC_BAR_CALLBACK). [not remote].
-#define LC_CMD_FPGA_BAR_FUNCTION_CALLBACK_RD        0x2000011e00000000  // R - get BAR callback function. [not remote].
-#define LC_CMD_FPGA_BAR_INFO                        0x0000011a00000000  // R - get BAR info (pbDataOut == LC_BAR_INFO[6]).
-
+#define LC_CMD_FPGA_BAR_CONTEXT                     0x2000012000000000  // W - set/unset BAR user-defined context to be passed to callback function. (pbDataIn == LPVOID user context). [not remote].
+#define LC_CMD_FPGA_BAR_CONTEXT_RD                  0x2000012100000000  // R - get BAR user-defined context to be passed to callback function. [not remote].
+#define LC_CMD_FPGA_BAR_FUNCTION_CALLBACK           0x2000012200000000  // W - set/unset BAR callback function (pbDataIn == PLC_BAR_CALLBACK). [not remote].
+#define LC_CMD_FPGA_BAR_FUNCTION_CALLBACK_RD        0x2000012300000000  // R - get BAR callback function. [not remote].
+#define LC_CMD_FPGA_BAR_INFO                        0x0000012400000000  // R - get BAR info (pbDataOut == LC_BAR_INFO[6]).
 
 #define LC_CMD_FILE_DUMPHEADER_GET                  0x0000020100000000  // R
 
@@ -572,8 +571,10 @@ typedef VOID(*PLC_TLP_FUNCTION_CALLBACK)(
 
 typedef struct tdLC_BAR {
     BOOL fValid;
+    BOOL fIO;
     BOOL f64Bit;
     BOOL fPrefetchable;
+    DWORD _Filler[3];
     DWORD iBar;
     QWORD pa;
     QWORD cb;

leechagent/version.h

@@ -3,8 +3,8 @@
 
 #define VERSION_MAJOR               2
 #define VERSION_MINOR               16
-#define VERSION_REVISION            0
-#define VERSION_BUILD               51
+#define VERSION_REVISION            1
+#define VERSION_BUILD               52
 
 #define VER_FILE_DESCRIPTION_STR    "LeechAgent Memory Acquisition Service"
 #define VER_FILE_VERSION            VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD

leechcore/device_fpga.c

@@ -1855,6 +1855,19 @@ BOOL DeviceFPGA_Bar_Initialize(_In_ PLC_CONTEXT ctxLC, _In_ PDEVICE_CONTEXT_FPGA
         pBar = &ctx->tlp_callback.Bar[i];
         pBar->iBar = (DWORD)i;
         dwBarSize = *(PDWORD)(pbDRP + 14 + i * 4);
+        // IO BAR: IO BARs are not memory mapped and are treated differently here:
+        if(dwBarSize & 1) {
+            pBar->fIO = TRUE;
+            pBar->pa = *(PDWORD)(pbBAR + i * 4) - 1;
+            dwBarSize = ((dwBarSize & ~0x01) ^ 0xFFFFFFFF) + 1;
+            pBar->cb = dwBarSize;
+            if(!pBar->pa || !pBar->cb) { continue; }
+            if((pBar->pa >= 0x10000) || (pBar->cb >= 0x10000)) { return FALSE; }    // IO BARs must be < 64KB in size and address
+            pBar->fValid = TRUE;
+            fBAR = TRUE;
+            continue;
+        }
+        // Memory BAR:
         if(dwBarSize & 8) {
             if(i % 2) { return FALSE; }                     // 64-bit prefetchable BARs not allowed in odd BARs
             pBar->fPrefetchable = TRUE;
@@ -1867,7 +1880,7 @@ BOOL DeviceFPGA_Bar_Initialize(_In_ PLC_CONTEXT ctxLC, _In_ PDEVICE_CONTEXT_FPGA
             if(qwBarSize >= 0x8000000000000000) { return FALSE; }   // BAR too large.
             pBar->cb = qwBarSize;
         } else {
-            dwBarSize = *(PQWORD)(pbDRP + 14 + i * 4) & ~0xF;
+            dwBarSize = *(PDWORD)(pbDRP + 14 + i * 4) & ~0xF;
             dwBarSize = (dwBarSize ^ 0xFFFFFFFF) + 1;
             if(dwBarSize >= 0x80000000) { return FALSE; }           // BAR too large.
             pBar->cb = dwBarSize;
@@ -1959,7 +1972,7 @@ VOID DeviceFPGA_Bar_RxTlp(_In_ PLC_CONTEXT ctxLC, _In_ PDEVICE_CONTEXT_FPGA ctx,
     PTLP_HDR_MRdWr32 hdrM32 = (PTLP_HDR_MRdWr32)hdrDwBuf;
     PTLP_HDR_MRdWr64 hdrM64 = (PTLP_HDR_MRdWr64)hdrDwBuf;
     // 1: initial checks and header parse:
-    if((cbTlp < 12) || (pbTlp[0] & 0x9e) || (cbTlp & 3)) { return; }   // TLP fast fail if not MRd/MWr
+    if((cbTlp < 12) || (pbTlp[0] & 0x9c) || (cbTlp & 3)) { return; }   // TLP fast fail if not MRd/MWr/IORd/IOWr
     hdrDwBuf[0] = _byteswap_ulong(*(PDWORD)(pbTlp + 0));
     hdrDwBuf[1] = _byteswap_ulong(*(PDWORD)(pbTlp + 4));
     hdrDwBuf[2] = _byteswap_ulong(*(PDWORD)(pbTlp + 8));
@@ -1972,12 +1985,13 @@ VOID DeviceFPGA_Bar_RxTlp(_In_ PLC_CONTEXT ctxLC, _In_ PDEVICE_CONTEXT_FPGA ctx,
     rq.bTag = hdrM32->Tag;
     rq.bFirstBE = hdrM32->FirstBE;
     rq.bLastBE = hdrM32->LastBE;
-    rq.f64 = (hdr->TypeFmt == TLP_MRd64) || (hdr->TypeFmt == TLP_MWr64);
-    rq.fRead = (hdr->TypeFmt == TLP_MRd32) || (hdr->TypeFmt == TLP_MRd64);
+    rq.f64 = (hdr->TypeFmt == TLP_MRd64) || (hdr->TypeFmt == TLP_MWr64) || (hdr->TypeFmt == TLP_IOWr);
+    rq.fRead = (hdr->TypeFmt == TLP_MRd32) || (hdr->TypeFmt == TLP_MRd64) || (hdr->TypeFmt == TLP_IORd);
     rq.fReadReply = FALSE;
     rq.fWrite = !rq.fRead;
     // 3: specific TLP type handling:
     switch(hdr->TypeFmt) {
+        case TLP_IORd:
         case TLP_MRd32:
             qwTlpAddr = hdrM32->Address & ~3;
             qwTlpSize = hdr->Length ? (hdr->Length << 2) : 0x1000;
@@ -1987,6 +2001,7 @@ VOID DeviceFPGA_Bar_RxTlp(_In_ PLC_CONTEXT ctxLC, _In_ PDEVICE_CONTEXT_FPGA ctx,
             qwTlpAddr = ((QWORD)hdrM64->AddressHigh << 32) + (hdrM64->AddressLow & ~3);
             qwTlpSize = hdr->Length ? (hdr->Length << 2) : 0x1000;
             break;
+        case TLP_IOWr:
         case TLP_MWr32:
             qwTlpAddr = hdrM32->Address & ~3;
             qwTlpSize = hdr->Length ? (hdr->Length << 2) : 0x1000;
@@ -2024,7 +2039,7 @@ VOID DeviceFPGA_Bar_RxTlp(_In_ PLC_CONTEXT ctxLC, _In_ PDEVICE_CONTEXT_FPGA ctx,
         ctx->tlp_callback.pfnBarCB(&rq);
     }
     // 6: if read, send reply:
-    if((hdr->TypeFmt == TLP_MRd32) || (hdr->TypeFmt == TLP_MRd64)) {
+    if((hdr->TypeFmt == TLP_MRd32) || (hdr->TypeFmt == TLP_MRd64) || (hdr->TypeFmt == TLP_IORd)) {
         DeviceFPGA_Bar_TxTlp(ctxLC, ctx, hdrM32, &rq);
     }
 }

leechcore/leechcore.h

@@ -14,7 +14,7 @@
 // (c) Ulf Frisk, 2020-2023
 // Author: Ulf Frisk, pcileech@frizk.net
 //
-// Header Version: 2.16
+// Header Version: 2.16.1
 //
 
 #ifndef __LEECHCORE_H__
@@ -437,12 +437,11 @@ BOOL LcCommand(
 #define LC_CMD_FPGA_TLP_CONTEXT_RD                  0x2000011b00000000  // R - get TLP user-defined context to be passed to callback function. [not remote].
 #define LC_CMD_FPGA_TLP_FUNCTION_CALLBACK           0x2000011500000000  // W - set/unset TLP callback function (pbDataIn == PLC_TLP_CALLBACK). [not remote].
 #define LC_CMD_FPGA_TLP_FUNCTION_CALLBACK_RD        0x2000011c00000000  // R - get TLP callback function. [not remote].
-#define LC_CMD_FPGA_BAR_CONTEXT                     0x2000011800000000  // W - set/unset BAR user-defined context to be passed to callback function. (pbDataIn == LPVOID user context). [not remote].
-#define LC_CMD_FPGA_BAR_CONTEXT_RD                  0x2000011d00000000  // R - get BAR user-defined context to be passed to callback function. [not remote].
-#define LC_CMD_FPGA_BAR_FUNCTION_CALLBACK           0x2000011900000000  // W - set/unset BAR callback function (pbDataIn == PLC_BAR_CALLBACK). [not remote].
-#define LC_CMD_FPGA_BAR_FUNCTION_CALLBACK_RD        0x2000011e00000000  // R - get BAR callback function. [not remote].
-#define LC_CMD_FPGA_BAR_INFO                        0x0000011a00000000  // R - get BAR info (pbDataOut == LC_BAR_INFO[6]).
-
+#define LC_CMD_FPGA_BAR_CONTEXT                     0x2000012000000000  // W - set/unset BAR user-defined context to be passed to callback function. (pbDataIn == LPVOID user context). [not remote].
+#define LC_CMD_FPGA_BAR_CONTEXT_RD                  0x2000012100000000  // R - get BAR user-defined context to be passed to callback function. [not remote].
+#define LC_CMD_FPGA_BAR_FUNCTION_CALLBACK           0x2000012200000000  // W - set/unset BAR callback function (pbDataIn == PLC_BAR_CALLBACK). [not remote].
+#define LC_CMD_FPGA_BAR_FUNCTION_CALLBACK_RD        0x2000012300000000  // R - get BAR callback function. [not remote].
+#define LC_CMD_FPGA_BAR_INFO                        0x0000012400000000  // R - get BAR info (pbDataOut == LC_BAR_INFO[6]).
 
 #define LC_CMD_FILE_DUMPHEADER_GET                  0x0000020100000000  // R
 
@@ -572,8 +571,10 @@ typedef VOID(*PLC_TLP_FUNCTION_CALLBACK)(
 
 typedef struct tdLC_BAR {
     BOOL fValid;
+    BOOL fIO;
     BOOL f64Bit;
     BOOL fPrefetchable;
+    DWORD _Filler[3];
     DWORD iBar;
     QWORD pa;
     QWORD cb;

leechcore/version.h

@@ -3,8 +3,8 @@
 
 #define VERSION_MAJOR               2
 #define VERSION_MINOR               16
-#define VERSION_REVISION            0
-#define VERSION_BUILD               51
+#define VERSION_REVISION            1
+#define VERSION_BUILD               52
 
 #define VER_FILE_DESCRIPTION_STR    "LeechCore Memory Acquisition Library"
 #define VER_FILE_VERSION            VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD

leechcorepyc/leechcorepyc.c

@@ -251,6 +251,7 @@ BOOL LcPy_BarInfoFetch(PyObj_LeechCore* self)
             PyDict_SetItemString_DECREF(pyDictEntry, "i_bar", PyLong_FromUnsignedLongLong(pBarInfo[i].iBar));
             PyDict_SetItemString_DECREF(pyDictEntry, "base", PyLong_FromUnsignedLongLong(pBarInfo[i].pa));
             PyDict_SetItemString_DECREF(pyDictEntry, "size", PyLong_FromUnsignedLongLong(pBarInfo[i].cb));
+            PyDict_SetItemString_DECREF(pyDictEntry, "is_io", PyBool_FromLong((long)pBarInfo[i].fIO));
             PyDict_SetItemString_DECREF(pyDictEntry, "is_64_bit", PyBool_FromLong((long)pBarInfo[i].f64Bit));
             PyDict_SetItemString_DECREF(pyDictEntry, "is_prefetchable", PyBool_FromLong((long)pBarInfo[i].fPrefetchable));
             PyList_Append(pyList, pyDictEntry);

leechcorepyc/pkggen_linux.sh

@@ -39,7 +39,7 @@ leechcorepyc = Extension(
 
 setup(
     name='leechcorepyc',
-    version='2.16.0', # VERSION_END
+    version='2.16.1', # VERSION_END
     description='LeechCore for Python',
     long_description='LeechCore for Python : native extension for physical memory access',
     url='https://github.com/ufrisk/LeechCore',

leechcorepyc/version.h

@@ -3,8 +3,8 @@
 
 #define VERSION_MAJOR               2
 #define VERSION_MINOR               16
-#define VERSION_REVISION            0
-#define VERSION_BUILD               51
+#define VERSION_REVISION            1
+#define VERSION_BUILD               52
 
 #define VER_FILE_DESCRIPTION_STR    "LeechCore Memory Acquisition Library : Python API"
 #define VER_FILE_VERSION            VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD