Skip to content

Commit

Permalink
Version 4.18
Browse files Browse the repository at this point in the history
  • Loading branch information
ufrisk committed Jun 6, 2024
1 parent 119c324 commit 1ae4786
Show file tree
Hide file tree
Showing 7 changed files with 42 additions and 11 deletions.
2 changes: 2 additions & 0 deletions pcileech/help.c
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ VOID Help_ShowGeneral()
" Option has no value. Example: -all \n" \
" -pid : windows process id for virtual address mode for select commands. \n" \
" Option has no default value. Example: -pid 4 \n" \
" -psname : windows process name for virtual address mode for select commands.\n" \
" Option has no default value. Example: -psname lsass.exe \n" \
" -vamin: virtual memory min address for select commands. Require -pid option.\n" \
" default: 0. Example: -vamin 0x10000 \n" \
" -vamax: virtual memory max address for select commands. Require -pid option.\n" \
Expand Down
17 changes: 15 additions & 2 deletions pcileech/memdump.c
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,13 @@ VOID ActionMemoryDisplayVirtual()
LocalFree(pb);
return;
}
if(!ctxMain->cfg.dwPID) {
if(!VMMDLL_PidGetFromName(ctxMain->hVMM, ctxMain->cfg.szProcessName, &ctxMain->cfg.dwPID)) {
printf("Memory Display: Failed to retrieve PID for process: %s.\n", ctxMain->cfg.szProcessName);
LocalFree(pb);
return;
}
}
// read memory and display output
if(!VMMDLL_MemRead(ctxMain->hVMM, ctxMain->cfg.dwPID, qwAddrBase, pb, (DWORD)qwSize_4kAlign)) {
printf("Memory Display: Failed reading memory at address: 0x%016llX.\n", qwAddrBase);
Expand All @@ -336,7 +343,7 @@ VOID ActionMemoryDisplayVirtual()

VOID ActionMemoryPageDisplay()
{
if(ctxMain->cfg.dwPID) {
if(ctxMain->cfg.fModeVirtual) {
// virtual memory (Windows only):
ctxMain->cfg.vaAddrMin = ctxMain->cfg.vaAddrMin & 0x0fffffffffffff000;
ctxMain->cfg.vaAddrMax = ctxMain->cfg.vaAddrMin + 0x1000;
Expand Down Expand Up @@ -404,12 +411,18 @@ VOID ActionMemoryWrite()
if(ctxMain->cfg.fLoop) {
printf("Memory Write: Starting loop write. Press CTRL+C to abort.\n");
}
if(ctxMain->cfg.dwPID) {
if(ctxMain->cfg.fModeVirtual) {
// virtual memory (Windows only):
if(!Vmmx_Initialize(FALSE, FALSE)) {
printf("Memory Write: Failed. Unable to initialize virtual memory.\n");
return;
}
if(!ctxMain->cfg.dwPID) {
if(!VMMDLL_PidGetFromName(ctxMain->hVMM, ctxMain->cfg.szProcessName, &ctxMain->cfg.dwPID)) {
printf("Memory Write: Failed to retrieve PID for process: %s.\n", ctxMain->cfg.szProcessName);
return;
}
}
do {
result = VMMDLL_MemWrite(ctxMain->hVMM, ctxMain->cfg.dwPID, ctxMain->cfg.vaAddrMin, ctxMain->cfg.pbIn, (DWORD)ctxMain->cfg.cbIn);
if(!result) {
Expand Down
15 changes: 12 additions & 3 deletions pcileech/mempatch.c
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,18 @@ VOID ActionPatchAndSearchVirtual()
SEARCH_INTERNAL_CONTEXT ctxi = { 0 };
VMMDLL_MEM_SEARCH_CONTEXT ctxs = { 0 };

// initialize VMM/MemProcFS
if(!Vmmx_Initialize(TRUE, FALSE)) {
printf("%s: Failed. Failed to initialize vmm.\n", ctxi.szAction);
goto cleanup;
}
if(!ctxMain->cfg.dwPID) {
if(!VMMDLL_PidGetFromName(ctxMain->hVMM, ctxMain->cfg.szProcessName, &ctxMain->cfg.dwPID)) {
printf("%s: Failed. Failed to retrieve PID for process: %s.\n", ctxi.szAction, ctxMain->cfg.szProcessName);
goto cleanup;
}
}

// initialize ctxi (internal context) & allocate memory
ctxi.dwPID = ctxMain->cfg.dwPID;
ctxi.isModePatch = (ctxMain->cfg.tpAction == PATCH);
Expand All @@ -243,9 +255,6 @@ VOID ActionPatchAndSearchVirtual()
}
}

// initialize VMM/MemProcFS
if(!Vmmx_Initialize(TRUE, FALSE)) { goto cleanup; }

// initialize ctxs (search context)
ctxs.dwVersion = VMMDLL_MEM_SEARCH_VERSION;
ctxs.cSearch = ctxi.cSignatures;
Expand Down
8 changes: 6 additions & 2 deletions pcileech/pcileech.c
Original file line number Diff line number Diff line change
Expand Up @@ -157,10 +157,14 @@ BOOL PCILeechConfigIntialize(_In_ DWORD argc, _In_ char* argv[])
ctxMain->cfg.paAddrMax = Util_GetNumeric(argv[i + 1]);
} else if(0 == strcmp(argv[i], "-pid")) {
ctxMain->cfg.dwPID = (DWORD)Util_GetNumeric(argv[i + 1]);
ctxMain->cfg.fModeVirtual = ctxMain->cfg.dwPID ? TRUE : FALSE;
} else if(0 == strcmp(argv[i], "-vamin")) {
ctxMain->cfg.vaAddrMin = Util_GetNumeric(argv[i + 1]);
} else if(0 == strcmp(argv[i], "-vamax")) {
ctxMain->cfg.vaAddrMax = Util_GetNumeric(argv[i + 1]);
} else if(0 == strcmp(argv[i], "-psname")) {
strcpy_s(ctxMain->cfg.szProcessName, MAX_PATH, argv[i + 1]);
ctxMain->cfg.fModeVirtual = ctxMain->cfg.szProcessName[0] ? TRUE : FALSE;
} else if(0 == strcmp(argv[i], "-cr3")) {
ctxMain->cfg.paCR3 = Util_GetNumeric(argv[i + 1]);
} else if(0 == strcmp(argv[i], "-efibase")) {
Expand Down Expand Up @@ -385,7 +389,7 @@ int main(_In_ int argc, _In_ char* argv[])
ActionMemoryWrite();
break;
case DISPLAY:
if(ctxMain->cfg.dwPID) {
if(ctxMain->cfg.fModeVirtual) {
ActionMemoryDisplayVirtual();
} else {
ActionMemoryDisplayPhysical();
Expand All @@ -396,7 +400,7 @@ int main(_In_ int argc, _In_ char* argv[])
break;
case PATCH:
case SEARCH:
if(ctxMain->cfg.dwPID) {
if(ctxMain->cfg.fModeVirtual) {
ActionPatchAndSearchVirtual();
} else {
ActionPatchAndSearchPhysical();
Expand Down
2 changes: 2 additions & 0 deletions pcileech/pcileech.h
Original file line number Diff line number Diff line change
Expand Up @@ -94,9 +94,11 @@ typedef struct tdConfig {
DWORD dwListenTlpTimeMs;
CHAR szExternalCommandModule[MAX_PATH];
// virtual address options
BOOL fModeVirtual;
DWORD dwPID;
QWORD vaAddrMin;
QWORD vaAddrMax;
CHAR szProcessName[MAX_PATH];
// flags below
BOOL fPageTableScan;
BOOL fPatchAll;
Expand Down
6 changes: 3 additions & 3 deletions pcileech/version.h
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
#define STRINGIZE(s) STRINGIZE2(s)

#define VERSION_MAJOR 4
#define VERSION_MINOR 17
#define VERSION_REVISION 8
#define VERSION_BUILD 49
#define VERSION_MINOR 18
#define VERSION_REVISION 0
#define VERSION_BUILD 50

#define VER_FILE_DESCRIPTION_STR "The PCILeech Direct Memory Access Attack Toolkit"
#define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD
Expand Down
3 changes: 2 additions & 1 deletion readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,7 @@ v4.1
- New kernel module: lx64_exec_root.
* Linux PCIe FPGA performance improvements.

Latest:
[v4.18](https://github.com/ufrisk/pcileech/releases/tag/v4.18)
* Benchmark command added.
* Unlock signatures updated.
* `-psname` option added.

0 comments on commit 1ae4786

Please sign in to comment.