lywsvip/pcileech
1
0
Fork 0
mirror of https://github.com/ufrisk/pcileech.git synced 2026-07-01 03:04:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Version 4.18

Browse Source
This commit is contained in:
Ulf Frisk
2024-06-06 17:13:35 +02:00
parent 119c324e8b
commit 1ae47863e6
7 changed files with 42 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pcileech/help.c
View File

@@ -101,6 +101,8 @@ VOID Help_ShowGeneral()
" Option has no value. Example: -all \n" \
" -pid : windows process id for virtual address mode for select commands. \n" \
" Option has no default value. Example: -pid 4 \n" \
" -psname : windows process name for virtual address mode for select commands.\n" \
" Option has no default value. Example: -psname lsass.exe \n" \
" -vamin: virtual memory min address for select commands. Require -pid option.\n" \
" default: 0. Example: -vamin 0x10000 \n" \
" -vamax: virtual memory max address for select commands. Require -pid option.\n" \

17
pcileech/memdump.c
View File

@@ -323,6 +323,13 @@ VOID ActionMemoryDisplayVirtual()
LocalFree(pb);
return;
}
if(!ctxMain->cfg.dwPID) {
if(!VMMDLL_PidGetFromName(ctxMain->hVMM, ctxMain->cfg.szProcessName, &ctxMain->cfg.dwPID)) {
printf("Memory Display: Failed to retrieve PID for process: %s.\n", ctxMain->cfg.szProcessName);
LocalFree(pb);
return;
}
}
// read memory and display output
if(!VMMDLL_MemRead(ctxMain->hVMM, ctxMain->cfg.dwPID, qwAddrBase, pb, (DWORD)qwSize_4kAlign)) {
printf("Memory Display: Failed reading memory at address: 0x%016llX.\n", qwAddrBase);
@@ -336,7 +343,7 @@ VOID ActionMemoryDisplayVirtual()
VOID ActionMemoryPageDisplay()
{
if(ctxMain->cfg.dwPID) {
if(ctxMain->cfg.fModeVirtual) {
// virtual memory (Windows only):
ctxMain->cfg.vaAddrMin = ctxMain->cfg.vaAddrMin & 0x0fffffffffffff000;
ctxMain->cfg.vaAddrMax = ctxMain->cfg.vaAddrMin + 0x1000;
@@ -404,12 +411,18 @@ VOID ActionMemoryWrite()
if(ctxMain->cfg.fLoop) {
printf("Memory Write: Starting loop write. Press CTRL+C to abort.\n");
}
if(ctxMain->cfg.dwPID) {
if(ctxMain->cfg.fModeVirtual) {
// virtual memory (Windows only):
if(!Vmmx_Initialize(FALSE, FALSE)) {
printf("Memory Write: Failed. Unable to initialize virtual memory.\n");
return;
}
if(!ctxMain->cfg.dwPID) {
if(!VMMDLL_PidGetFromName(ctxMain->hVMM, ctxMain->cfg.szProcessName, &ctxMain->cfg.dwPID)) {
printf("Memory Write: Failed to retrieve PID for process: %s.\n", ctxMain->cfg.szProcessName);
return;
}
}
do {
result = VMMDLL_MemWrite(ctxMain->hVMM, ctxMain->cfg.dwPID, ctxMain->cfg.vaAddrMin, ctxMain->cfg.pbIn, (DWORD)ctxMain->cfg.cbIn);
if(!result) {

15
pcileech/mempatch.c
View File

@@ -217,6 +217,18 @@ VOID ActionPatchAndSearchVirtual()
SEARCH_INTERNAL_CONTEXT ctxi = { 0 };
VMMDLL_MEM_SEARCH_CONTEXT ctxs = { 0 };
// initialize VMM/MemProcFS
if(!Vmmx_Initialize(TRUE, FALSE)) {
printf("%s: Failed. Failed to initialize vmm.\n", ctxi.szAction);
goto cleanup;
}
if(!ctxMain->cfg.dwPID) {
if(!VMMDLL_PidGetFromName(ctxMain->hVMM, ctxMain->cfg.szProcessName, &ctxMain->cfg.dwPID)) {
printf("%s: Failed. Failed to retrieve PID for process: %s.\n", ctxi.szAction, ctxMain->cfg.szProcessName);
goto cleanup;
}
}
// initialize ctxi (internal context) & allocate memory
ctxi.dwPID = ctxMain->cfg.dwPID;
ctxi.isModePatch = (ctxMain->cfg.tpAction == PATCH);
@@ -243,9 +255,6 @@ VOID ActionPatchAndSearchVirtual()
}
}
// initialize VMM/MemProcFS
if(!Vmmx_Initialize(TRUE, FALSE)) { goto cleanup; }
// initialize ctxs (search context)
ctxs.dwVersion = VMMDLL_MEM_SEARCH_VERSION;
ctxs.cSearch = ctxi.cSignatures;

8
pcileech/pcileech.c
View File

@@ -157,10 +157,14 @@ BOOL PCILeechConfigIntialize(_In_ DWORD argc, _In_ char* argv[])
ctxMain->cfg.paAddrMax = Util_GetNumeric(argv[i + 1]);
} else if(0 == strcmp(argv[i], "-pid")) {
ctxMain->cfg.dwPID = (DWORD)Util_GetNumeric(argv[i + 1]);
ctxMain->cfg.fModeVirtual = ctxMain->cfg.dwPID ? TRUE : FALSE;
} else if(0 == strcmp(argv[i], "-vamin")) {
ctxMain->cfg.vaAddrMin = Util_GetNumeric(argv[i + 1]);
} else if(0 == strcmp(argv[i], "-vamax")) {
ctxMain->cfg.vaAddrMax = Util_GetNumeric(argv[i + 1]);
} else if(0 == strcmp(argv[i], "-psname")) {
strcpy_s(ctxMain->cfg.szProcessName, MAX_PATH, argv[i + 1]);
ctxMain->cfg.fModeVirtual = ctxMain->cfg.szProcessName[0] ? TRUE : FALSE;
} else if(0 == strcmp(argv[i], "-cr3")) {
ctxMain->cfg.paCR3 = Util_GetNumeric(argv[i + 1]);
} else if(0 == strcmp(argv[i], "-efibase")) {
@@ -385,7 +389,7 @@ int main(_In_ int argc, _In_ char* argv[])
ActionMemoryWrite();
break;
case DISPLAY:
if(ctxMain->cfg.dwPID) {
if(ctxMain->cfg.fModeVirtual) {
ActionMemoryDisplayVirtual();
} else {
ActionMemoryDisplayPhysical();
@@ -396,7 +400,7 @@ int main(_In_ int argc, _In_ char* argv[])
break;
case PATCH:
case SEARCH:
if(ctxMain->cfg.dwPID) {
if(ctxMain->cfg.fModeVirtual) {
ActionPatchAndSearchVirtual();
} else {
ActionPatchAndSearchPhysical();

2
pcileech/pcileech.h
View File

@@ -94,9 +94,11 @@ typedef struct tdConfig {
DWORD dwListenTlpTimeMs;
CHAR szExternalCommandModule[MAX_PATH];
// virtual address options
BOOL fModeVirtual;
DWORD dwPID;
QWORD vaAddrMin;
QWORD vaAddrMax;
CHAR szProcessName[MAX_PATH];
// flags below
BOOL fPageTableScan;
BOOL fPatchAll;

6
pcileech/version.h
View File

@@ -2,9 +2,9 @@
#define STRINGIZE(s) STRINGIZE2(s)
#define VERSION_MAJOR 4
#define VERSION_MINOR 17
#define VERSION_REVISION 8
#define VERSION_BUILD 49
#define VERSION_MINOR 18
#define VERSION_REVISION 0
#define VERSION_BUILD 50
#define VER_FILE_DESCRIPTION_STR "The PCILeech Direct Memory Access Attack Toolkit"
#define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD

3
readme.md
View File

@@ -299,6 +299,7 @@ v4.1
- New kernel module: lx64_exec_root.
* Linux PCIe FPGA performance improvements.
Latest:
[v4.18](https://github.com/ufrisk/pcileech/releases/tag/v4.18)
* Benchmark command added.
* Unlock signatures updated.
* `-psname` option added.