update: headers

files/leechcore.h

@@ -126,7 +126,7 @@
 // (c) Ulf Frisk, 2018-2019
 // Author: Ulf Frisk, pcileech@frizk.net
 //
-// Header Version: 1.3.0
+// Header Version: 1.4
 //
 #ifndef __LEECHCORE_H__
 #define __LEECHCORE_H__
@@ -155,6 +155,7 @@ typedef void                                *HANDLE, **PHANDLE;
 typedef uint32_t                            BOOL, *PBOOL;
 typedef uint8_t                             BYTE, *PBYTE;
 typedef char                                CHAR, *PCHAR, *PSTR, *LPSTR;
+typedef const CHAR                          *LPCSTR;
 typedef uint16_t                            WORD, *PWORD, USHORT, *PUSHORT;
 typedef uint32_t                            DWORD, *PDWORD;
 typedef long long unsigned int              QWORD, *PQWORD, ULONG64, *PULONG64;
@@ -173,6 +174,7 @@ typedef long long unsigned int              QWORD, *PQWORD, ULONG64, *PULONG64;
 #define _In_reads_(cbDataIn)
 #define _Out_writes_opt_(x)
 #define _Success_(return)
+#define _Frees_ptr_opt_
 #endif /* LINUX */
 
 //-----------------------------------------------------------------------------
@@ -308,9 +310,17 @@ DLLEXPORT VOID LeechCore_Close();
 #define LEECHCORE_FLAG_WRITE_RETRY          0x01
 #define LEECHCORE_FLAG_WRITE_VERIFY         0x02
 
+/*
+* Free memory allocated by the LeechCore.
+* -- pvMem
+* -- return
+*/
+DLLEXPORT VOID LeechCore_MemFree(_Frees_ptr_opt_ PVOID pvMem);
+
 /*
 * Allocate a scatter buffer containing empty 0x1000-sized ppMEMs with address
-* set to zero. Caller is responsible for calling LocalFree(ppMEMs).
+* set to zero. Caller is responsible for calling LeechCore_MemFree(ppMEMs).
+* CALLER FREE: LeechCore_MemFree(ppMEMs)
 * -- cMEMs
 * -- pppMEMs = pointer to receive ppMEMs on success.
 * -- return
@@ -422,6 +432,7 @@ DLLEXPORT BOOL LeechCore_Probe(_In_ QWORD pa, _In_ DWORD cPages, _Inout_updates_
 #define LEECHCORE_OPT_MEMORYINFO_OS_UPTIME              0x0200000e  // R
 #define LEECHCORE_OPT_MEMORYINFO_OS_KERNELBASE          0x0200000f  // R
 #define LEECHCORE_OPT_MEMORYINFO_OS_KERNELHINT          0x02000010  // R
+#define LEECHCORE_OPT_MEMORYINFO_OS_KdDebuggerDataBlock 0x02000011  // R
 
 #define LEECHCORE_OPT_FPGA_PROBE_MAXPAGES               0x03000001  // RW
 #define LEECHCORE_OPT_FPGA_RX_FLUSH_LIMIT               0x03000002  // RW
@@ -464,6 +475,7 @@ DLLEXPORT BOOL LeechCore_SetOption(_In_ ULONG64 fOption, _In_ ULONG64 qwValue);
 
 #define LEECHCORE_COMMANDDATA_FPGA_WRITE_TLP            0x00000101  // R
 #define LEECHCORE_COMMANDDATA_FPGA_LISTEN_TLP           0x00000102  // R
+#define LEECHCORE_COMMANDDATA_FILE_DUMPHEADER_GET       0x00000201  // R
 #define LEECHCORE_COMMANDDATA_STATISTICS_GET            0x80000100  // R
 
 #define LEECHCORE_STATISTICS_MAGIC                      0xffff6550
@@ -478,7 +490,7 @@ DLLEXPORT BOOL LeechCore_SetOption(_In_ ULONG64 fOption, _In_ ULONG64 qwValue);
 #define LEECHCORE_STATISTICS_ID_COMMANDSVC                    0x07
 #define LEECHCORE_STATISTICS_ID_MAX                           0x07
 
-static const LPSTR LEECHCORE_STATISTICS_NAME[] = {
+static LPCSTR LEECHCORE_STATISTICS_NAME[] = {
     "LeechCore_Open",
     "LeechCore_ReadScatter",
     "LeechCore_Write",

pcileech/Makefile

@@ -2,18 +2,17 @@ CC=gcc
 CFLAGS=-I. -D LINUX -L. -l:leechcore.so -pthread `pkg-config libusb-1.0 --libs --cflags`
 LDFLAGS=-Wl,-rpath,'$$ORIGIN'
 DEPS = pcileech.h
-OBJ = pcileech oscompatibility.o pcileech.o device.o executor.o extra.o help.o kmd.o memdump.o mempatch.o statistics.o umd.o util.o vfs.o vmmprx.o
+OBJ = oscompatibility.o device.o pcileech.o executor.o extra.o help.o kmd.o memdump.o mempatch.o statistics.o umd.o util.o vfs.o vmmprx.o
 
 %.o: %.c $(DEPS)
 	$(CC) -c -o $@ $< $(CFLAGS)
 
 pcileech: $(OBJ)
 	cp ../files/leechcore.so . |true
-	cp ../../LeechCore-dev/files/leechcore.so . |true
 	$(CC) -o $@ $^ $(CFLAGS) $(LDFLAGS)
 	rm *.o
 	mv pcileech ../files/ |true
 	mv leechcore.so ../files/ |true
 
 clean:
-	rm *.o
+	rm -f *.o

pcileech/leechcore.h

@@ -126,7 +126,7 @@
 // (c) Ulf Frisk, 2018-2019
 // Author: Ulf Frisk, pcileech@frizk.net
 //
-// Header Version: 1.2.0
+// Header Version: 1.4
 //
 #ifndef __LEECHCORE_H__
 #define __LEECHCORE_H__
@@ -155,6 +155,7 @@ typedef void                                *HANDLE, **PHANDLE;
 typedef uint32_t                            BOOL, *PBOOL;
 typedef uint8_t                             BYTE, *PBYTE;
 typedef char                                CHAR, *PCHAR, *PSTR, *LPSTR;
+typedef const CHAR                          *LPCSTR;
 typedef uint16_t                            WORD, *PWORD, USHORT, *PUSHORT;
 typedef uint32_t                            DWORD, *PDWORD;
 typedef long long unsigned int              QWORD, *PQWORD, ULONG64, *PULONG64;
@@ -173,6 +174,7 @@ typedef long long unsigned int              QWORD, *PQWORD, ULONG64, *PULONG64;
 #define _In_reads_(cbDataIn)
 #define _Out_writes_opt_(x)
 #define _Success_(return)
+#define _Frees_ptr_opt_
 #endif /* LINUX */
 
 //-----------------------------------------------------------------------------
@@ -308,9 +310,17 @@ DLLEXPORT VOID LeechCore_Close();
 #define LEECHCORE_FLAG_WRITE_RETRY          0x01
 #define LEECHCORE_FLAG_WRITE_VERIFY         0x02
 
+/*
+* Free memory allocated by the LeechCore.
+* -- pvMem
+* -- return
+*/
+DLLEXPORT VOID LeechCore_MemFree(_Frees_ptr_opt_ PVOID pvMem);
+
 /*
 * Allocate a scatter buffer containing empty 0x1000-sized ppMEMs with address
-* set to zero. Caller is responsible for calling LocalFree(ppMEMs).
+* set to zero. Caller is responsible for calling LeechCore_MemFree(ppMEMs).
+* CALLER FREE: LeechCore_MemFree(ppMEMs)
 * -- cMEMs
 * -- pppMEMs = pointer to receive ppMEMs on success.
 * -- return
@@ -422,6 +432,7 @@ DLLEXPORT BOOL LeechCore_Probe(_In_ QWORD pa, _In_ DWORD cPages, _Inout_updates_
 #define LEECHCORE_OPT_MEMORYINFO_OS_UPTIME              0x0200000e  // R
 #define LEECHCORE_OPT_MEMORYINFO_OS_KERNELBASE          0x0200000f  // R
 #define LEECHCORE_OPT_MEMORYINFO_OS_KERNELHINT          0x02000010  // R
+#define LEECHCORE_OPT_MEMORYINFO_OS_KdDebuggerDataBlock 0x02000011  // R
 
 #define LEECHCORE_OPT_FPGA_PROBE_MAXPAGES               0x03000001  // RW
 #define LEECHCORE_OPT_FPGA_RX_FLUSH_LIMIT               0x03000002  // RW
@@ -464,6 +475,7 @@ DLLEXPORT BOOL LeechCore_SetOption(_In_ ULONG64 fOption, _In_ ULONG64 qwValue);
 
 #define LEECHCORE_COMMANDDATA_FPGA_WRITE_TLP            0x00000101  // R
 #define LEECHCORE_COMMANDDATA_FPGA_LISTEN_TLP           0x00000102  // R
+#define LEECHCORE_COMMANDDATA_FILE_DUMPHEADER_GET       0x00000201  // R
 #define LEECHCORE_COMMANDDATA_STATISTICS_GET            0x80000100  // R
 
 #define LEECHCORE_STATISTICS_MAGIC                      0xffff6550
@@ -478,7 +490,7 @@ DLLEXPORT BOOL LeechCore_SetOption(_In_ ULONG64 fOption, _In_ ULONG64 qwValue);
 #define LEECHCORE_STATISTICS_ID_COMMANDSVC                    0x07
 #define LEECHCORE_STATISTICS_ID_MAX                           0x07
 
-static const LPSTR LEECHCORE_STATISTICS_NAME[] = {
+static LPCSTR LEECHCORE_STATISTICS_NAME[] = {
     "LeechCore_Open",
     "LeechCore_ReadScatter",
     "LeechCore_Write",

pcileech/pcileech.vcxproj

@@ -135,9 +135,8 @@
       <Command>copy "$(OutDir)leechcore.h" "$(ProjectDir)" /y</Command>
     </PreBuildEvent>
     <PostBuildEvent>
-      <Command>del "$(OutDir)pcileech_files.zip"
-
-powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -DestinationPath '$(OutDir)pcileech_files.zip' -Force -CompressionLevel Optimal</Command>
+      <Command>
+      </Command>
     </PostBuildEvent>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -167,9 +166,8 @@ powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -Destinatio
       <Command>copy "$(OutDir)leechcore.h" "$(ProjectDir)" /y</Command>
     </PreBuildEvent>
     <PostBuildEvent>
-      <Command>del "$(OutDir)pcileech_files.zip"
-
-powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -DestinationPath '$(OutDir)pcileech_files.zip' -Force -CompressionLevel Optimal</Command>
+      <Command>
+      </Command>
     </PostBuildEvent>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseMT|x64'">
@@ -201,9 +199,8 @@ powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -Destinatio
       <Command>copy "$(OutDir)leechcore.h" "$(ProjectDir)" /y</Command>
     </PreBuildEvent>
     <PostBuildEvent>
-      <Command>del "$(OutDir)pcileech_files.zip"
-
-powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -DestinationPath '$(OutDir)pcileech_files.zip' -Force -CompressionLevel Optimal</Command>
+      <Command>
+      </Command>
     </PostBuildEvent>
   </ItemDefinitionGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

pcileech/version.h

@@ -3,8 +3,8 @@
 
 #define VERSION_MAJOR               4
 #define VERSION_MINOR               2
-#define VERSION_REVISION            0
-#define VERSION_BUILD               0
+#define VERSION_REVISION            1
+#define VERSION_BUILD               1
 
 #define VER_FILE_DESCRIPTION_STR    "The PCILeech Direct Memory Access Attack Toolkit"
 #define VER_FILE_VERSION            VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD

pcileech/vmmdll.h

@@ -4,7 +4,7 @@
 // (c) Ulf Frisk, 2018-2019
 // Author: Ulf Frisk, pcileech@frizk.net
 //
-// Header Version: 2.9
+// Header Version: 2.10
 //
 
 #include <windows.h>
@@ -35,6 +35,8 @@ extern "C" {
 *              documentation for additional information.
 *    -norefresh = disable background refreshes (even if backing memory is
 *              volatile memory).
+*    -symbolserverdisable = disable symbol server until user change. This
+*              parameter will take precedence over registry settings.
 * -- argc
 * -- argv
 * -- return = success/fail
@@ -62,6 +64,12 @@ BOOL VMMDLL_Close();
 _Success_(return)
 BOOL VMMDLL_Refresh(_In_ DWORD dwReserved);
 
+/*
+* Free memory allocated by the VMMDLL.
+* -- pvMem
+*/
+VOID VMMDLL_MemFree(_Frees_ptr_opt_ PVOID pvMem);
+
 
 //-----------------------------------------------------------------------------
 // CONFIGURATION SETTINGS BELOW:
@@ -580,11 +588,11 @@ BOOL VMMDLL_ProcessGetInformation(_In_ DWORD dwPID, _Inout_opt_ PVMMDLL_PROCESS_
 * Retrieve a string value belonging to a process. The function allocates a new
 * string buffer and returns the requested string in it. The string is always
 * NULL terminated. On failure NULL is returned.
-* NB! CALLER IS RESPONSIBLE FOR LocalFree return value!
-* CALLER LocalFree: return
+* NB! CALLER IS RESPONSIBLE FOR VMMDLL_MemFree return value!
+* CALLER FREE: VMMDLL_MemFree(return)
 * -- dwPID
 * -- fOptionString = string value to retrieve as given by VMMDLL_PROCESS_INFORMATION_OPT_STRING_*
-* -- return - fail: NULL, success: the string - NB! must be LocalFree'd by caller!
+* -- return - fail: NULL, success: the string - NB! must be VMMDLL_MemFree'd by caller!
 */
 LPSTR VMMDLL_ProcessGetInformationString(_In_ DWORD dwPID, _In_ DWORD fOptionString);
 
@@ -640,6 +648,49 @@ ULONG64 VMMDLL_ProcessGetModuleBase(_In_ DWORD dwPID, _In_ LPSTR szModuleName);
 
 
 
+//-----------------------------------------------------------------------------
+// WINDOWS SPECIFIC DEBUGGING / SYMBOL FUNCTIONALITY BELOW:
+//-----------------------------------------------------------------------------
+
+/*
+* Retrieve a symbol virtual address given a module name and a symbol name.
+* NB! not all modules may exist - initially only module "nt" is available.
+* NB! if multiple modules have the same name the 1st to be added will be used.
+* -- szModule
+* -- szSymbolName
+* -- pvaSymbolAddress
+* -- return
+*/
+_Success_(return)
+BOOL VMMDLL_PdbSymbolAddress(_In_ LPSTR szModule, _In_ LPSTR szSymbolName, _Out_ PULONG64 pvaSymbolAddress);
+
+/*
+* Retrieve a type size given a module name and a type name.
+* NB! not all modules may exist - initially only module "nt" is available.
+* NB! if multiple modules have the same name the 1st to be added will be used.
+* -- szModule
+* -- szTypeName
+* -- pcbTypeSize
+* -- return
+*/
+_Success_(return)
+BOOL VMMDLL_PdbTypeSize(_In_ LPSTR szModule, _In_ LPSTR szTypeName, _Out_ PDWORD pcbTypeSize);
+
+/*
+* Locate the offset of a type child - typically a sub-item inside a struct.
+* NB! not all modules may exist - initially only module "nt" is available.
+* NB! if multiple modules have the same name the 1st to be added will be used.
+* -- szModule
+* -- szTypeName
+* -- wszTypeChildName
+* -- pcbTypeChildOffset
+* -- return
+*/
+_Success_(return)
+BOOL VMMDLL_PdbTypeChildOffset(_In_ LPSTR szModule, _In_ LPSTR szTypeName, _In_ LPWSTR wszTypeChildName, _Out_ PDWORD pcbTypeChildOffset);
+
+
+
 //-----------------------------------------------------------------------------
 // WINDOWS SPECIFIC REGISTRY FUNCTIONALITY BELOW:
 //-----------------------------------------------------------------------------
@@ -817,9 +868,9 @@ typedef struct tdVMMDLL_WIN_TCPIP {
 
 /*
 * Retrieve networking information about network connections related to Windows TCP/IP stack.
-* NB! CALLER IS RESPONSIBLE FOR LocalFree return value!
-* CALLER LocalFree: return
-* -- return - fail: NULL, success: a PVMMDLL_WIN_TCPIP struct scontaining the result - NB! Caller responsible for LocalFree!
+* NB! CALLER IS RESPONSIBLE FOR VMMDLL_MemFree return value!
+* CALLER FREE: VMMDLL_MemFree(return)
+* -- return - fail: NULL, success: a PVMMDLL_WIN_TCPIP struct scontaining the result - NB! Caller responsible for VMMDLL_MemFree!
 */
 PVMMDLL_WIN_TCPIP VMMDLL_WinNet_Get();