From 1ae47863e6f2de771e378c35a7de3fd2c11c3dbe Mon Sep 17 00:00:00 2001
From: Ulf Frisk <github_ufrisk@frizk.net>
Date: Thu, 6 Jun 2024 17:13:35 +0200
Subject: [PATCH] Version 4.18

---
 pcileech/help.c     |  2 ++
 pcileech/memdump.c  | 17 +++++++++++++++--
 pcileech/mempatch.c | 15 ++++++++++++---
 pcileech/pcileech.c |  8 ++++++--
 pcileech/pcileech.h |  2 ++
 pcileech/version.h  |  6 +++---
 readme.md           |  3 ++-
 7 files changed, 42 insertions(+), 11 deletions(-)

diff --git a/pcileech/help.c b/pcileech/help.c
index 34d4a47..c7f79ad 100644
--- a/pcileech/help.c
+++ b/pcileech/help.c
@@ -101,6 +101,8 @@ VOID Help_ShowGeneral()
         "          Option has no value. Example: -all                                   \n" \
         "   -pid : windows process id for virtual address mode for select commands.     \n" \
         "          Option has no default value. Example: -pid 4                         \n" \
+        "   -psname : windows process name for virtual address mode for select commands.\n" \
+        "          Option has no default value. Example: -psname lsass.exe              \n" \
         "   -vamin: virtual memory min address for select commands. Require -pid option.\n" \
         "          default: 0. Example: -vamin 0x10000                                  \n" \
         "   -vamax: virtual memory max address for select commands. Require -pid option.\n" \
diff --git a/pcileech/memdump.c b/pcileech/memdump.c
index ab16b7c..18a78fb 100644
--- a/pcileech/memdump.c
+++ b/pcileech/memdump.c
@@ -323,6 +323,13 @@ VOID ActionMemoryDisplayVirtual()
         LocalFree(pb);
         return;
     }
+    if(!ctxMain->cfg.dwPID) {
+        if(!VMMDLL_PidGetFromName(ctxMain->hVMM, ctxMain->cfg.szProcessName, &ctxMain->cfg.dwPID)) {
+            printf("Memory Display: Failed to retrieve PID for process: %s.\n", ctxMain->cfg.szProcessName);
+            LocalFree(pb);
+            return;
+        }
+    }
     // read memory and display output
     if(!VMMDLL_MemRead(ctxMain->hVMM, ctxMain->cfg.dwPID, qwAddrBase, pb, (DWORD)qwSize_4kAlign)) {
         printf("Memory Display: Failed reading memory at address: 0x%016llX.\n", qwAddrBase);
@@ -336,7 +343,7 @@ VOID ActionMemoryDisplayVirtual()
 
 VOID ActionMemoryPageDisplay()
 {
-    if(ctxMain->cfg.dwPID) {
+    if(ctxMain->cfg.fModeVirtual) {
         // virtual memory (Windows only):
         ctxMain->cfg.vaAddrMin = ctxMain->cfg.vaAddrMin & 0x0fffffffffffff000;
         ctxMain->cfg.vaAddrMax = ctxMain->cfg.vaAddrMin + 0x1000;
@@ -404,12 +411,18 @@ VOID ActionMemoryWrite()
     if(ctxMain->cfg.fLoop) {
         printf("Memory Write: Starting loop write. Press CTRL+C to abort.\n");
     }
-    if(ctxMain->cfg.dwPID) {
+    if(ctxMain->cfg.fModeVirtual) {
         // virtual memory (Windows only):
         if(!Vmmx_Initialize(FALSE, FALSE)) {
             printf("Memory Write: Failed. Unable to initialize virtual memory.\n");
             return;
         }
+        if(!ctxMain->cfg.dwPID) {
+            if(!VMMDLL_PidGetFromName(ctxMain->hVMM, ctxMain->cfg.szProcessName, &ctxMain->cfg.dwPID)) {
+                printf("Memory Write: Failed to retrieve PID for process: %s.\n", ctxMain->cfg.szProcessName);
+                return;
+            }
+        }
         do {
             result = VMMDLL_MemWrite(ctxMain->hVMM, ctxMain->cfg.dwPID, ctxMain->cfg.vaAddrMin, ctxMain->cfg.pbIn, (DWORD)ctxMain->cfg.cbIn);
             if(!result) {
diff --git a/pcileech/mempatch.c b/pcileech/mempatch.c
index 37e31a1..de4495a 100644
--- a/pcileech/mempatch.c
+++ b/pcileech/mempatch.c
@@ -217,6 +217,18 @@ VOID ActionPatchAndSearchVirtual()
     SEARCH_INTERNAL_CONTEXT ctxi = { 0 };
     VMMDLL_MEM_SEARCH_CONTEXT ctxs = { 0 };
 
+    // initialize VMM/MemProcFS
+    if(!Vmmx_Initialize(TRUE, FALSE)) {
+        printf("%s: Failed. Failed to initialize vmm.\n", ctxi.szAction);
+        goto cleanup;
+    }
+    if(!ctxMain->cfg.dwPID) {
+        if(!VMMDLL_PidGetFromName(ctxMain->hVMM, ctxMain->cfg.szProcessName, &ctxMain->cfg.dwPID)) {
+            printf("%s: Failed. Failed to retrieve PID for process: %s.\n", ctxi.szAction, ctxMain->cfg.szProcessName);
+            goto cleanup;
+        }
+    }
+
     // initialize ctxi (internal context) & allocate memory
     ctxi.dwPID = ctxMain->cfg.dwPID;
     ctxi.isModePatch = (ctxMain->cfg.tpAction == PATCH);
@@ -243,9 +255,6 @@ VOID ActionPatchAndSearchVirtual()
         }
     }
 
-    // initialize VMM/MemProcFS
-    if(!Vmmx_Initialize(TRUE, FALSE)) { goto cleanup; }
-
     // initialize ctxs (search context)
     ctxs.dwVersion = VMMDLL_MEM_SEARCH_VERSION;
     ctxs.cSearch = ctxi.cSignatures;
diff --git a/pcileech/pcileech.c b/pcileech/pcileech.c
index 5e24f74..87bfc63 100644
--- a/pcileech/pcileech.c
+++ b/pcileech/pcileech.c
@@ -157,10 +157,14 @@ BOOL PCILeechConfigIntialize(_In_ DWORD argc, _In_ char* argv[])
             ctxMain->cfg.paAddrMax = Util_GetNumeric(argv[i + 1]);
         } else if(0 == strcmp(argv[i], "-pid")) {
             ctxMain->cfg.dwPID = (DWORD)Util_GetNumeric(argv[i + 1]);
+            ctxMain->cfg.fModeVirtual = ctxMain->cfg.dwPID ? TRUE : FALSE;
         } else if(0 == strcmp(argv[i], "-vamin")) {
             ctxMain->cfg.vaAddrMin = Util_GetNumeric(argv[i + 1]);
         } else if(0 == strcmp(argv[i], "-vamax")) {
             ctxMain->cfg.vaAddrMax = Util_GetNumeric(argv[i + 1]);
+        } else if(0 == strcmp(argv[i], "-psname")) {
+            strcpy_s(ctxMain->cfg.szProcessName, MAX_PATH, argv[i + 1]);
+            ctxMain->cfg.fModeVirtual = ctxMain->cfg.szProcessName[0] ? TRUE : FALSE;
         } else if(0 == strcmp(argv[i], "-cr3")) {
             ctxMain->cfg.paCR3 = Util_GetNumeric(argv[i + 1]);
         } else if(0 == strcmp(argv[i], "-efibase")) {
@@ -385,7 +389,7 @@ int main(_In_ int argc, _In_ char* argv[])
             ActionMemoryWrite();
             break;
         case DISPLAY:
-            if(ctxMain->cfg.dwPID) {
+            if(ctxMain->cfg.fModeVirtual) {
                 ActionMemoryDisplayVirtual();
             } else {
                 ActionMemoryDisplayPhysical();
@@ -396,7 +400,7 @@ int main(_In_ int argc, _In_ char* argv[])
             break;
         case PATCH:
         case SEARCH:
-            if(ctxMain->cfg.dwPID) {
+            if(ctxMain->cfg.fModeVirtual) {
                 ActionPatchAndSearchVirtual();
             } else {
                 ActionPatchAndSearchPhysical();
diff --git a/pcileech/pcileech.h b/pcileech/pcileech.h
index 3d1bd85..98f45d5 100644
--- a/pcileech/pcileech.h
+++ b/pcileech/pcileech.h
@@ -94,9 +94,11 @@ typedef struct tdConfig {
     DWORD dwListenTlpTimeMs;
     CHAR szExternalCommandModule[MAX_PATH];
     // virtual address options
+    BOOL fModeVirtual;
     DWORD dwPID;
     QWORD vaAddrMin;
     QWORD vaAddrMax;
+    CHAR szProcessName[MAX_PATH];
     // flags below
     BOOL fPageTableScan;
     BOOL fPatchAll;
diff --git a/pcileech/version.h b/pcileech/version.h
index b21de75..ddf4b39 100644
--- a/pcileech/version.h
+++ b/pcileech/version.h
@@ -2,9 +2,9 @@
 #define STRINGIZE(s) STRINGIZE2(s)
 
 #define VERSION_MAJOR               4
-#define VERSION_MINOR               17
-#define VERSION_REVISION            8
-#define VERSION_BUILD               49
+#define VERSION_MINOR               18
+#define VERSION_REVISION            0
+#define VERSION_BUILD               50
 
 #define VER_FILE_DESCRIPTION_STR    "The PCILeech Direct Memory Access Attack Toolkit"
 #define VER_FILE_VERSION            VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD
diff --git a/readme.md b/readme.md
index de215bb..bb3d32e 100644
--- a/readme.md
+++ b/readme.md
@@ -299,6 +299,7 @@ v4.1
   - New kernel module: lx64_exec_root.
 * Linux PCIe FPGA performance improvements.
 
-Latest:
+[v4.18](https://github.com/ufrisk/pcileech/releases/tag/v4.18)
 * Benchmark command added.
 * Unlock signatures updated.
+* `-psname` option added.