lywsvip/LeechCore
1
0
Fork 0
mirror of https://github.com/ufrisk/LeechCore.git synced 2026-05-06 21:52:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

Version 2.17.2

Browse Source
This commit is contained in:
Ulf Frisk
2024-03-03 12:00:16 +01:00
parent f92849fdc0
commit be93408470
9 changed files with 36 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@@ -13,6 +13,7 @@ The LeechCore library is supported on 32/64-bit **Windows** (`.dll`) and 64-bit
For detailed information about individual memory acquisition methods, the API and related examples please check out the [LeechCore wiki](https://github.com/ufrisk/LeechCore/wiki).
Memory Acquisition Methods:
===========================
### Software based memory aqusition methods:
@@ -57,6 +58,7 @@ Please find a summary of the supported hardware based memory acquisition methods
| DMA patched HP iLO | [BMC](https://github.com/ufrisk/LeechCore/wiki/Device_RawTCP) | TCP | 1MB/s | Yes | No | |
The LeechAgent Memory Acquisition and Analysis Agent:
=====================================================
The LeechAgent Memory Acquisition and Analysis Agent exists for Windows only. It allows users of the LeechCore library (PCILeech and MemProcFS) to connect to remotely installed LeechAgents over the network. The connection is secured, by default, with mutually authenticated encrypted kerberos.
@@ -101,16 +103,26 @@ Start the LeechAgent in interactive mode with DumpIt LIVEKD to allow connecting
* `DumpIt.exe /LIVEKD /A LeechAgent.exe /C "-interactive -insecure"`
PCILeech and MemProcFS community:
=========
Find all this a bit overwhelming? Or just want to ask a quick question? Join the PCILeech and MemProcFS DMA community server at Discord!
<a href="https://discord.gg/BCmfBhDPXX"><img src="https://discord.com/api/guilds/1155439643395883128/widget.png?style=banner3"/></a>
Building:
=========
<b>Pre-built [binaries, modules and configuration files](https://github.com/ufrisk/LeechCore/releases/latest) are found in the latest release.</b> Build instructions are found in the [Wiki](https://github.com/ufrisk/LeechCore/wiki) in the [Building](https://github.com/ufrisk/LeechCore/wiki/Dev_Building) section.
Contributing:
=============
PCILeech, MemProcFS and LeechCore are open source but not open contribution. PCILeech, MemProcFS and LeechCore offers a highly flexible plugin architecture that will allow for contributions in the form of plugins. If you wish to make a contribution, other than a plugin, to the core projects please contact me before starting to develop.
Links:
======
* Twitter: [![Twitter](https://img.shields.io/twitter/follow/UlfFrisk?label=UlfFrisk&style=social)](https://twitter.com/intent/follow?screen_name=UlfFrisk)
@@ -123,6 +135,7 @@ Links:
* Blog: http://blog.frizk.net
Support PCILeech/MemProcFS development:
=======================================
PCILeech and MemProcFS is free and open source!
@@ -136,6 +149,7 @@ To all my sponsors, Thank You 💖
All sponsorships are welcome, no matter how large or small. I especially wish to thank my **bronze sponsors**: [grandprixgp](https://github.com/grandprixgp).
Changelog:
===================
<details><summary>Previous releases (click to expand):</summary>
@@ -201,7 +215,6 @@ v1.0-1.8
* Bug fixes.
* Visual Studio 2022 Support.
* New write fpga algorithm.
</details>
[v2.12](https://github.com/ufrisk/LeechCore/releases/tag/v2.12)
* Support for MemProcFS v5.
@@ -220,6 +233,7 @@ v1.0-1.8
* Improved FPGA performance for smaller reads.
* QEMU support on Linux (VM live memory introspection).
* Improved [MemProcFS remoting](https://github.com/ufrisk/MemProcFS/wiki/_Remoting) via a remote [LeechAgent](https://github.com/ufrisk/LeechCore/wiki/LeechAgent). Full MemProcFS remote support over SMB - tcp/445. Perfect for memory forensics Incident Response (IR)!
</details>
[v2.16](https://github.com/ufrisk/LeechCore/releases/tag/v2.16)
* PCIe BAR information and user callback (easier implementation of custom devices).

6
includes/leechcore.h
View File

@@ -46,8 +46,10 @@ typedef uint64_t FILETIME, *PFILETIME;
typedef uint32_t DWORD, *PDWORD, *LPDWORD, BOOL, *PBOOL, NTSTATUS;
typedef uint16_t WORD, *PWORD;
typedef uint8_t BYTE, *PBYTE, *LPBYTE, UCHAR;
typedef char CHAR, *PCHAR, *LPSTR, *LPCSTR;
typedef uint16_t WCHAR, *PWCHAR, *LPWSTR, *LPCWSTR;
typedef char CHAR, *PCHAR, *LPSTR;
typedef const char *LPCSTR;
typedef uint16_t WCHAR, *PWCHAR, *LPWSTR;
typedef const uint16_t *LPCWSTR;
#define MAX_PATH 260
#define _In_
#define _In_z_

4
leechagent/version.h
View File

@@ -3,8 +3,8 @@
#define VERSION_MAJOR 2
#define VERSION_MINOR 17
#define VERSION_REVISION 1
#define VERSION_BUILD 65
#define VERSION_REVISION 2
#define VERSION_BUILD 66
#define VER_FILE_DESCRIPTION_STR "LeechAgent Memory Acquisition Service"
#define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD

6
leechcore/leechcore.h
View File

@@ -46,8 +46,10 @@ typedef uint64_t FILETIME, *PFILETIME;
typedef uint32_t DWORD, *PDWORD, *LPDWORD, BOOL, *PBOOL, NTSTATUS;
typedef uint16_t WORD, *PWORD;
typedef uint8_t BYTE, *PBYTE, *LPBYTE, UCHAR;
typedef char CHAR, *PCHAR, *LPSTR, *LPCSTR;
typedef uint16_t WCHAR, *PWCHAR, *LPWSTR, *LPCWSTR;
typedef char CHAR, *PCHAR, *LPSTR;
typedef const char *LPCSTR;
typedef uint16_t WCHAR, *PWCHAR, *LPWSTR;
typedef const uint16_t *LPCWSTR;
#define MAX_PATH 260
#define _In_
#define _In_z_

4
leechcore/oscompatibility.h
View File

@@ -53,9 +53,11 @@ typedef uint32_t BOOL, *PBOOL;
typedef uint8_t BYTE, *PBYTE;
typedef uint8_t UCHAR, *PUCHAR;
typedef char CHAR, *PCHAR, *PSTR, *LPSTR;
typedef const char *LPCSTR;
typedef int32_t LONG;
typedef uint16_t WORD, *PWORD, USHORT, *PUSHORT;
typedef uint16_t WCHAR, *PWCHAR, *LPWSTR, *LPCWSTR;
typedef uint16_t WCHAR, *PWCHAR, *LPWSTR;
typedef const uint16_t *LPCWSTR;
typedef uint32_t UINT, DWORD, *PDWORD, ULONG, *PULONG;
typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
typedef uint64_t LARGE_INTEGER, *PLARGE_INTEGER, FILETIME;

4
leechcore/version.h
View File

@@ -3,8 +3,8 @@
#define VERSION_MAJOR 2
#define VERSION_MINOR 17
#define VERSION_REVISION 1
#define VERSION_BUILD 65
#define VERSION_REVISION 2
#define VERSION_BUILD 66
#define VER_FILE_DESCRIPTION_STR "LeechCore Memory Acquisition Library"
#define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD

4
leechcorepyc/oscompatibility.h
View File

@@ -51,8 +51,10 @@ typedef uint32_t BOOL, *PBOOL;
typedef uint8_t BYTE, *PBYTE;
typedef uint8_t UCHAR, *PUCHAR;
typedef char CHAR, *PCHAR, *PSTR, *LPSTR;
typedef const char *LPCSTR;
typedef uint16_t WORD, *PWORD, USHORT, *PUSHORT;
typedef uint16_t WCHAR, *PWCHAR, *LPWSTR, *LPCWSTR;
typedef uint16_t WCHAR, *PWCHAR, *LPWSTR;
typedef const uint16_t *LPCWSTR;
typedef uint32_t DWORD, *PDWORD, ULONG, *PULONG;
typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
typedef uint64_t LARGE_INTEGER, *PLARGE_INTEGER, FILETIME;

2
leechcorepyc/pkggen_linux.sh
View File

@@ -39,7 +39,7 @@ leechcorepyc = Extension(
setup(
name='leechcorepyc',
version='2.17.1', # VERSION_END
version='2.17.2', # VERSION_END
description='LeechCore for Python',
long_description='LeechCore for Python : native extension for physical memory access',
url='https://github.com/ufrisk/LeechCore',

4
leechcorepyc/version.h
View File

@@ -3,8 +3,8 @@
#define VERSION_MAJOR 2
#define VERSION_MINOR 17
#define VERSION_REVISION 1
#define VERSION_BUILD 65
#define VERSION_REVISION 2
#define VERSION_BUILD 66
#define VER_FILE_DESCRIPTION_STR "LeechCore Memory Acquisition Library : Python API"
#define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD