diff --git a/files/leechcore.h b/files/leechcore.h
index d4be13a..8296492 100644
--- a/files/leechcore.h
+++ b/files/leechcore.h
@@ -126,7 +126,7 @@
// (c) Ulf Frisk, 2018-2019
// Author: Ulf Frisk, pcileech@frizk.net
//
-// Header Version: 1.3.0
+// Header Version: 1.4
//
#ifndef __LEECHCORE_H__
#define __LEECHCORE_H__
@@ -155,6 +155,7 @@ typedef void *HANDLE, **PHANDLE;
typedef uint32_t BOOL, *PBOOL;
typedef uint8_t BYTE, *PBYTE;
typedef char CHAR, *PCHAR, *PSTR, *LPSTR;
+typedef const CHAR *LPCSTR;
typedef uint16_t WORD, *PWORD, USHORT, *PUSHORT;
typedef uint32_t DWORD, *PDWORD;
typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
@@ -173,6 +174,7 @@ typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
#define _In_reads_(cbDataIn)
#define _Out_writes_opt_(x)
#define _Success_(return)
+#define _Frees_ptr_opt_
#endif /* LINUX */
//-----------------------------------------------------------------------------
@@ -308,9 +310,17 @@ DLLEXPORT VOID LeechCore_Close();
#define LEECHCORE_FLAG_WRITE_RETRY 0x01
#define LEECHCORE_FLAG_WRITE_VERIFY 0x02
+/*
+* Free memory allocated by the LeechCore.
+* -- pvMem
+* -- return
+*/
+DLLEXPORT VOID LeechCore_MemFree(_Frees_ptr_opt_ PVOID pvMem);
+
/*
* Allocate a scatter buffer containing empty 0x1000-sized ppMEMs with address
-* set to zero. Caller is responsible for calling LocalFree(ppMEMs).
+* set to zero. Caller is responsible for calling LeechCore_MemFree(ppMEMs).
+* CALLER FREE: LeechCore_MemFree(ppMEMs)
* -- cMEMs
* -- pppMEMs = pointer to receive ppMEMs on success.
* -- return
@@ -422,6 +432,7 @@ DLLEXPORT BOOL LeechCore_Probe(_In_ QWORD pa, _In_ DWORD cPages, _Inout_updates_
#define LEECHCORE_OPT_MEMORYINFO_OS_UPTIME 0x0200000e // R
#define LEECHCORE_OPT_MEMORYINFO_OS_KERNELBASE 0x0200000f // R
#define LEECHCORE_OPT_MEMORYINFO_OS_KERNELHINT 0x02000010 // R
+#define LEECHCORE_OPT_MEMORYINFO_OS_KdDebuggerDataBlock 0x02000011 // R
#define LEECHCORE_OPT_FPGA_PROBE_MAXPAGES 0x03000001 // RW
#define LEECHCORE_OPT_FPGA_RX_FLUSH_LIMIT 0x03000002 // RW
@@ -464,6 +475,7 @@ DLLEXPORT BOOL LeechCore_SetOption(_In_ ULONG64 fOption, _In_ ULONG64 qwValue);
#define LEECHCORE_COMMANDDATA_FPGA_WRITE_TLP 0x00000101 // R
#define LEECHCORE_COMMANDDATA_FPGA_LISTEN_TLP 0x00000102 // R
+#define LEECHCORE_COMMANDDATA_FILE_DUMPHEADER_GET 0x00000201 // R
#define LEECHCORE_COMMANDDATA_STATISTICS_GET 0x80000100 // R
#define LEECHCORE_STATISTICS_MAGIC 0xffff6550
@@ -478,7 +490,7 @@ DLLEXPORT BOOL LeechCore_SetOption(_In_ ULONG64 fOption, _In_ ULONG64 qwValue);
#define LEECHCORE_STATISTICS_ID_COMMANDSVC 0x07
#define LEECHCORE_STATISTICS_ID_MAX 0x07
-static const LPSTR LEECHCORE_STATISTICS_NAME[] = {
+static LPCSTR LEECHCORE_STATISTICS_NAME[] = {
"LeechCore_Open",
"LeechCore_ReadScatter",
"LeechCore_Write",
diff --git a/files/leechcore.lib b/files/leechcore.lib
index 4121609..8b001a4 100644
Binary files a/files/leechcore.lib and b/files/leechcore.lib differ
diff --git a/pcileech/Makefile b/pcileech/Makefile
index 79d8041..df90b40 100644
--- a/pcileech/Makefile
+++ b/pcileech/Makefile
@@ -2,18 +2,17 @@ CC=gcc
CFLAGS=-I. -D LINUX -L. -l:leechcore.so -pthread `pkg-config libusb-1.0 --libs --cflags`
LDFLAGS=-Wl,-rpath,'$$ORIGIN'
DEPS = pcileech.h
-OBJ = pcileech oscompatibility.o pcileech.o device.o executor.o extra.o help.o kmd.o memdump.o mempatch.o statistics.o umd.o util.o vfs.o vmmprx.o
+OBJ = oscompatibility.o device.o pcileech.o executor.o extra.o help.o kmd.o memdump.o mempatch.o statistics.o umd.o util.o vfs.o vmmprx.o
%.o: %.c $(DEPS)
$(CC) -c -o $@ $< $(CFLAGS)
pcileech: $(OBJ)
cp ../files/leechcore.so . |true
- cp ../../LeechCore-dev/files/leechcore.so . |true
$(CC) -o $@ $^ $(CFLAGS) $(LDFLAGS)
rm *.o
mv pcileech ../files/ |true
mv leechcore.so ../files/ |true
clean:
- rm *.o
+ rm -f *.o
diff --git a/pcileech/leechcore.h b/pcileech/leechcore.h
index e5baf92..8296492 100644
--- a/pcileech/leechcore.h
+++ b/pcileech/leechcore.h
@@ -126,7 +126,7 @@
// (c) Ulf Frisk, 2018-2019
// Author: Ulf Frisk, pcileech@frizk.net
//
-// Header Version: 1.2.0
+// Header Version: 1.4
//
#ifndef __LEECHCORE_H__
#define __LEECHCORE_H__
@@ -155,6 +155,7 @@ typedef void *HANDLE, **PHANDLE;
typedef uint32_t BOOL, *PBOOL;
typedef uint8_t BYTE, *PBYTE;
typedef char CHAR, *PCHAR, *PSTR, *LPSTR;
+typedef const CHAR *LPCSTR;
typedef uint16_t WORD, *PWORD, USHORT, *PUSHORT;
typedef uint32_t DWORD, *PDWORD;
typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
@@ -173,6 +174,7 @@ typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
#define _In_reads_(cbDataIn)
#define _Out_writes_opt_(x)
#define _Success_(return)
+#define _Frees_ptr_opt_
#endif /* LINUX */
//-----------------------------------------------------------------------------
@@ -308,9 +310,17 @@ DLLEXPORT VOID LeechCore_Close();
#define LEECHCORE_FLAG_WRITE_RETRY 0x01
#define LEECHCORE_FLAG_WRITE_VERIFY 0x02
+/*
+* Free memory allocated by the LeechCore.
+* -- pvMem
+* -- return
+*/
+DLLEXPORT VOID LeechCore_MemFree(_Frees_ptr_opt_ PVOID pvMem);
+
/*
* Allocate a scatter buffer containing empty 0x1000-sized ppMEMs with address
-* set to zero. Caller is responsible for calling LocalFree(ppMEMs).
+* set to zero. Caller is responsible for calling LeechCore_MemFree(ppMEMs).
+* CALLER FREE: LeechCore_MemFree(ppMEMs)
* -- cMEMs
* -- pppMEMs = pointer to receive ppMEMs on success.
* -- return
@@ -422,6 +432,7 @@ DLLEXPORT BOOL LeechCore_Probe(_In_ QWORD pa, _In_ DWORD cPages, _Inout_updates_
#define LEECHCORE_OPT_MEMORYINFO_OS_UPTIME 0x0200000e // R
#define LEECHCORE_OPT_MEMORYINFO_OS_KERNELBASE 0x0200000f // R
#define LEECHCORE_OPT_MEMORYINFO_OS_KERNELHINT 0x02000010 // R
+#define LEECHCORE_OPT_MEMORYINFO_OS_KdDebuggerDataBlock 0x02000011 // R
#define LEECHCORE_OPT_FPGA_PROBE_MAXPAGES 0x03000001 // RW
#define LEECHCORE_OPT_FPGA_RX_FLUSH_LIMIT 0x03000002 // RW
@@ -464,6 +475,7 @@ DLLEXPORT BOOL LeechCore_SetOption(_In_ ULONG64 fOption, _In_ ULONG64 qwValue);
#define LEECHCORE_COMMANDDATA_FPGA_WRITE_TLP 0x00000101 // R
#define LEECHCORE_COMMANDDATA_FPGA_LISTEN_TLP 0x00000102 // R
+#define LEECHCORE_COMMANDDATA_FILE_DUMPHEADER_GET 0x00000201 // R
#define LEECHCORE_COMMANDDATA_STATISTICS_GET 0x80000100 // R
#define LEECHCORE_STATISTICS_MAGIC 0xffff6550
@@ -478,7 +490,7 @@ DLLEXPORT BOOL LeechCore_SetOption(_In_ ULONG64 fOption, _In_ ULONG64 qwValue);
#define LEECHCORE_STATISTICS_ID_COMMANDSVC 0x07
#define LEECHCORE_STATISTICS_ID_MAX 0x07
-static const LPSTR LEECHCORE_STATISTICS_NAME[] = {
+static LPCSTR LEECHCORE_STATISTICS_NAME[] = {
"LeechCore_Open",
"LeechCore_ReadScatter",
"LeechCore_Write",
diff --git a/pcileech/pcileech.vcxproj b/pcileech/pcileech.vcxproj
index 320cb99..79a9deb 100644
--- a/pcileech/pcileech.vcxproj
+++ b/pcileech/pcileech.vcxproj
@@ -135,9 +135,8 @@
copy "$(OutDir)leechcore.h" "$(ProjectDir)" /y
- del "$(OutDir)pcileech_files.zip"
-
-powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -DestinationPath '$(OutDir)pcileech_files.zip' -Force -CompressionLevel Optimal
+
+
@@ -167,9 +166,8 @@ powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -Destinatio
copy "$(OutDir)leechcore.h" "$(ProjectDir)" /y
- del "$(OutDir)pcileech_files.zip"
-
-powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -DestinationPath '$(OutDir)pcileech_files.zip' -Force -CompressionLevel Optimal
+
+
@@ -201,9 +199,8 @@ powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -Destinatio
copy "$(OutDir)leechcore.h" "$(ProjectDir)" /y
- del "$(OutDir)pcileech_files.zip"
-
-powershell Compress-Archive -Path '$(OutDir)*.*','$(OutDir)pcileech' -DestinationPath '$(OutDir)pcileech_files.zip' -Force -CompressionLevel Optimal
+
+
diff --git a/pcileech/version.h b/pcileech/version.h
index 7d4be1d..581e18c 100644
--- a/pcileech/version.h
+++ b/pcileech/version.h
@@ -3,8 +3,8 @@
#define VERSION_MAJOR 4
#define VERSION_MINOR 2
-#define VERSION_REVISION 0
-#define VERSION_BUILD 0
+#define VERSION_REVISION 1
+#define VERSION_BUILD 1
#define VER_FILE_DESCRIPTION_STR "The PCILeech Direct Memory Access Attack Toolkit"
#define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD
diff --git a/pcileech/vmmdll.h b/pcileech/vmmdll.h
index 1e5e61d..ccbfeea 100644
--- a/pcileech/vmmdll.h
+++ b/pcileech/vmmdll.h
@@ -4,7 +4,7 @@
// (c) Ulf Frisk, 2018-2019
// Author: Ulf Frisk, pcileech@frizk.net
//
-// Header Version: 2.9
+// Header Version: 2.10
//
#include
@@ -35,6 +35,8 @@ extern "C" {
* documentation for additional information.
* -norefresh = disable background refreshes (even if backing memory is
* volatile memory).
+* -symbolserverdisable = disable symbol server until user change. This
+* parameter will take precedence over registry settings.
* -- argc
* -- argv
* -- return = success/fail
@@ -62,6 +64,12 @@ BOOL VMMDLL_Close();
_Success_(return)
BOOL VMMDLL_Refresh(_In_ DWORD dwReserved);
+/*
+* Free memory allocated by the VMMDLL.
+* -- pvMem
+*/
+VOID VMMDLL_MemFree(_Frees_ptr_opt_ PVOID pvMem);
+
//-----------------------------------------------------------------------------
// CONFIGURATION SETTINGS BELOW:
@@ -580,11 +588,11 @@ BOOL VMMDLL_ProcessGetInformation(_In_ DWORD dwPID, _Inout_opt_ PVMMDLL_PROCESS_
* Retrieve a string value belonging to a process. The function allocates a new
* string buffer and returns the requested string in it. The string is always
* NULL terminated. On failure NULL is returned.
-* NB! CALLER IS RESPONSIBLE FOR LocalFree return value!
-* CALLER LocalFree: return
+* NB! CALLER IS RESPONSIBLE FOR VMMDLL_MemFree return value!
+* CALLER FREE: VMMDLL_MemFree(return)
* -- dwPID
* -- fOptionString = string value to retrieve as given by VMMDLL_PROCESS_INFORMATION_OPT_STRING_*
-* -- return - fail: NULL, success: the string - NB! must be LocalFree'd by caller!
+* -- return - fail: NULL, success: the string - NB! must be VMMDLL_MemFree'd by caller!
*/
LPSTR VMMDLL_ProcessGetInformationString(_In_ DWORD dwPID, _In_ DWORD fOptionString);
@@ -640,6 +648,49 @@ ULONG64 VMMDLL_ProcessGetModuleBase(_In_ DWORD dwPID, _In_ LPSTR szModuleName);
+//-----------------------------------------------------------------------------
+// WINDOWS SPECIFIC DEBUGGING / SYMBOL FUNCTIONALITY BELOW:
+//-----------------------------------------------------------------------------
+
+/*
+* Retrieve a symbol virtual address given a module name and a symbol name.
+* NB! not all modules may exist - initially only module "nt" is available.
+* NB! if multiple modules have the same name the 1st to be added will be used.
+* -- szModule
+* -- szSymbolName
+* -- pvaSymbolAddress
+* -- return
+*/
+_Success_(return)
+BOOL VMMDLL_PdbSymbolAddress(_In_ LPSTR szModule, _In_ LPSTR szSymbolName, _Out_ PULONG64 pvaSymbolAddress);
+
+/*
+* Retrieve a type size given a module name and a type name.
+* NB! not all modules may exist - initially only module "nt" is available.
+* NB! if multiple modules have the same name the 1st to be added will be used.
+* -- szModule
+* -- szTypeName
+* -- pcbTypeSize
+* -- return
+*/
+_Success_(return)
+BOOL VMMDLL_PdbTypeSize(_In_ LPSTR szModule, _In_ LPSTR szTypeName, _Out_ PDWORD pcbTypeSize);
+
+/*
+* Locate the offset of a type child - typically a sub-item inside a struct.
+* NB! not all modules may exist - initially only module "nt" is available.
+* NB! if multiple modules have the same name the 1st to be added will be used.
+* -- szModule
+* -- szTypeName
+* -- wszTypeChildName
+* -- pcbTypeChildOffset
+* -- return
+*/
+_Success_(return)
+BOOL VMMDLL_PdbTypeChildOffset(_In_ LPSTR szModule, _In_ LPSTR szTypeName, _In_ LPWSTR wszTypeChildName, _Out_ PDWORD pcbTypeChildOffset);
+
+
+
//-----------------------------------------------------------------------------
// WINDOWS SPECIFIC REGISTRY FUNCTIONALITY BELOW:
//-----------------------------------------------------------------------------
@@ -817,9 +868,9 @@ typedef struct tdVMMDLL_WIN_TCPIP {
/*
* Retrieve networking information about network connections related to Windows TCP/IP stack.
-* NB! CALLER IS RESPONSIBLE FOR LocalFree return value!
-* CALLER LocalFree: return
-* -- return - fail: NULL, success: a PVMMDLL_WIN_TCPIP struct scontaining the result - NB! Caller responsible for LocalFree!
+* NB! CALLER IS RESPONSIBLE FOR VMMDLL_MemFree return value!
+* CALLER FREE: VMMDLL_MemFree(return)
+* -- return - fail: NULL, success: a PVMMDLL_WIN_TCPIP struct scontaining the result - NB! Caller responsible for VMMDLL_MemFree!
*/
PVMMDLL_WIN_TCPIP VMMDLL_WinNet_Get();