Skip to content

Commit

Permalink
Version 3.1
Browse files Browse the repository at this point in the history
  • Loading branch information
ufrisk committed Mar 20, 2018
1 parent 71f7962 commit 2c71aef
Show file tree
Hide file tree
Showing 14 changed files with 378 additions and 295 deletions.
39 changes: 0 additions & 39 deletions Android.md

This file was deleted.

2 changes: 1 addition & 1 deletion pcileech/device.c
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ DWORD DeviceReadDMAEx_DoWork(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _
cbRd = ((i == cChunkTotal - 1) && (cb % cbChunk)) ? (cb % cbChunk) : cbChunk; // (last chunk may be smaller)
if(ctx->cfg->dev.fScatterReadSupported) {
// scatter read, if available
cbSuccess = DeviceReadDMAEx_DoWork_Scatter(ctx, qwAddr + cbRdOff, pb + cbRdOff, cbRd, pPageStat);
cbSuccess += DeviceReadDMAEx_DoWork_Scatter(ctx, qwAddr + cbRdOff, pb + cbRdOff, cbRd, pPageStat);
} else {
// traditional read
result = DeviceReadDMA(ctx, qwAddr + cbRdOff, pb + cbRdOff, cbRd, 0);
Expand Down
37 changes: 15 additions & 22 deletions pcileech/devicefpga.c
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
// (c) Ulf Frisk, 2017-2018
// Author: Ulf Frisk, [email protected]
//
#ifdef WIN32

#include "devicefpga.h"
#include "device.h"
Expand Down Expand Up @@ -567,7 +566,7 @@ VOID DeviceFPGA_ReadScatterDMA_Impl(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _Inou
rxbuf.cbReadTotal = 0;
rxbuf.cph = cpDMAs - i;
rxbuf.pph = ppDMAs + i;
ctx->hRxTlpCallbackFn = TLP_CallbackMRd_Scatter;
ctx->hRxTlpCallbackFn = (VOID(*)(PVOID, PBYTE, DWORD))TLP_CallbackMRd_Scatter;
// Transmit TLPs
cbFlush = 0;
cbTotalInCycle = 0;
Expand Down Expand Up @@ -632,12 +631,14 @@ VOID DeviceFPGA_ReadScatterDMA(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _Inout_ PP
{
PDEVICE_CONTEXT_FPGA ctx = (PDEVICE_CONTEXT_FPGA)ctxPcileech->hDevice;
DWORD i = 0, c = 0;
BOOL fRetry = FALSE;
DeviceFPGA_ReadScatterDMA_Impl(ctxPcileech, ppDMAs, cpDMAs);
if(pchDMAsRead || ctx->perf.RETRY_ON_ERROR) {
while(i < cpDMAs) {
if((ppDMAs[i]->cb < ppDMAs[i]->cbMax) && ctx->perf.RETRY_ON_ERROR) {
if((ppDMAs[i]->cb < ppDMAs[i]->cbMax) && ctx->perf.RETRY_ON_ERROR && !fRetry) {
Sleep(100);
DeviceFPGA_ReadScatterDMA_Impl(ctxPcileech, ppDMAs, cpDMAs);
fRetry = TRUE;
}
c += (ppDMAs[i]->cb >= ppDMAs[i]->cbMax) ? 1 : 0;
i++;
Expand Down Expand Up @@ -669,7 +670,7 @@ VOID DeviceFPGA_ProbeDMA_Impl(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD
bufMRd.pb = pbResultMap;
bufMRd.cbMax = cPages;
ctx->pMRdBufferX = &bufMRd;
ctx->hRxTlpCallbackFn = TLP_CallbackMRdProbe;
ctx->hRxTlpCallbackFn = (VOID(*)(PVOID, PBYTE, DWORD))TLP_CallbackMRdProbe;
// transmit TLPs
for(i = 0; i < cPages; i++) {
if(pbResultMap[i]) { continue; } // skip over if page already marked as ok
Expand Down Expand Up @@ -853,36 +854,28 @@ BOOL DeviceFPGA_Open(_Inout_ PPCILEECH_CONTEXT ctxPcileech)
// return
if(ctxPcileech->cfg->fVerbose) {
printf(
"FPGA: Device Info: %s PCIe gen%i x%i [%i,%i,%i] [v%i.%i]\n",
"FPGA: Device Info: %s PCIe gen%i x%i [%i,%i,%i] [v%i.%i,%04x]\n",
ctx->perf.SZ_DEVICE_NAME,
DeviceFPGA_PHY_GetPCIeGen(ctx),
DeviceFPGA_PHY_GetLinkWidth(ctx),
ctx->perf.DELAY_READ,
ctx->perf.DELAY_WRITE,
ctx->perf.DELAY_PROBE_READ,
ctx->wFpgaVersionMajor,
ctx->wFpgaVersionMinor);
ctx->wFpgaVersionMinor,
ctx->wDeviceId);
}
return TRUE;
fail:
if(szDeviceError && (ctxPcileech->cfg->fVerbose || (ctxPcileech->cfg->dev.tp == PCILEECH_DEVICE_FPGA))) {
printf("FPGA: ERROR: %s.\n", szDeviceError);
printf(
"FPGA: ERROR: %s [%i,v%i.%i,%04x]\n",
szDeviceError,
ctx->wFpgaID,
ctx->wFpgaVersionMajor,
ctx->wFpgaVersionMinor,
ctx->wDeviceId);
}
DeviceFPGA_Close(ctxPcileech);
return FALSE;
}

#endif /* WIN32 */
#if defined(LINUX) || defined(ANDROID)

#include "devicefpga.h"

BOOL DeviceFPGA_Open(_Inout_ PPCILEECH_CONTEXT ctx)
{
if(ctx->cfg->dev.tp == PCILEECH_DEVICE_FPGA) {
printf("FPGA: Failed. FPGA device currently only supported in PCILeech for Windows.");
}
return FALSE;
}

#endif /* LINUX || ANDROID */
2 changes: 1 addition & 1 deletion pcileech/extra.c
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ VOID Action_TlpTx(_Inout_ PPCILEECH_CONTEXT ctx)
printf("Action_TlpTx: Invalid TLP (length not multiple of 4).\n");
return;
}
printf("TLP: Transmitting PCIe TLP.%s\n", ctx->cfg->fVerboseExtra ? "" : " (use -vv option for detailed info).");
printf("TLP: Transmitting PCIe TLP.%s\n", ctx->cfg->fVerboseExtra ? "" : " (use -vvv option for detailed info).");
DeviceWriteTlp(ctx, ctx->cfg->pbIn, (DWORD)ctx->cfg->cbIn);
DeviceListenTlp(ctx, 100);
}
36 changes: 20 additions & 16 deletions pcileech/help.c
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,9 @@ VOID Help_ShowGeneral()
" contains a kernel mode signature the kernel module will be loaded and then un-\n" \
" loaded on program exit ( except for the kmdload command ). \n" \
" KMD mode may access all memory (available to the kernel of the target system).\n" \
" DMA mode may only access lower 4GB of memory if USB3380 hardware is used. \n" \
" DMA mode may access 4GB memory if USB3380 hardware is used. \n" \
" DMA mode may access all memory if FPGA based hardware is used such as the: \n" \
" SP605, AC701 and PCIeScreamer. \n" \
" SP605/FT601, AC701/FT601 and PCIeScreamer. \n" \
" For detailed help about a specific command type: pcileech <command> -help \n" \
" General syntax: pcileech <command> [-<optionname1> <optionvalue1>] ... \n" \
" Valid commands and valid MODEs [ and options ] \n" \
Expand All @@ -47,7 +47,7 @@ VOID Help_ShowGeneral()
" [implant] KMD [ in, out, s, 0..9 ] \n" \
" kmdload DMA [ pt, cr3 ] \n" \
" kmdexit KMD \n" \
" mount KMD [ s, cr3 ] (Windows only feature) \n" \
" mount DMA,KMD [ s, cr3 ] (Windows only feature) \n" \
" display DMA,KMD [ min, max ] \n" \
" pagedisplay DMA,KMD [ min ] \n" \
" pt_phys2virt DMA,KMD [ cr3, 0 ] \n" \
Expand All @@ -62,9 +62,9 @@ VOID Help_ShowGeneral()
" tlp DMA [ in ] (FPGA) \n" \
" probe DMA [ in ] (FPGA) \n" \
" System specific commands and valid MODEs [ and options ]: \n" \
" mac_fvrecover DMA \n" \
" mac_fvrecover2 DMA \n" \
" mac_disablevtd DMA \n" \
" mac_fvrecover DMA (USB3380) \n" \
" mac_fvrecover2 DMA (USB3380) \n" \
" mac_disablevtd DMA (USB3380) \n" \
" Valid options: \n" \
" -min : memory min address, valid range: 0x0 .. 0xffffffffffffffff \n" \
" default: 0x0 \n" \
Expand Down Expand Up @@ -110,12 +110,10 @@ VOID Help_ShowGeneral()
" -0..9: QWORD input value. Example: -0 0xff , -3 0x7fffffff00001000 or -2 13 \n" \
" default: 0 \n" \
" -pt : trigger KMD insertion by automatic page table hijack. \n" \
" Option has no value. Example: -pt \n" \
" Used in conjunction with -kmd option to trigger KMD insertion by page\n" \
" table hijack. Only recommended to use with care on computers with \n" \
" 4GB+ RAM when kernel is located in high-memory (Windows 10). \n" \
" -cr3 : base address of system page table / CR3 CPU register. \n" \
" -efibase : base address of EFI_SYSTEM_TABLE (IBI SYST) used when inserting \n" \
" Option has no value. Example: -pt. Used in conjunction with \n" \
" -kmd option to trigger KMD insertion by page table hijack. \n" \
" -cr3 : base address of page table (PML4) / CR3 CPU register. \n" \
" -efibase : base address of EFI_SYSTEM_TABLE (IBI SYST). Used when inserting \n" \
" UEFI 'kernel' modules. \n" \
" -kmd : address of already loaded kernel module helper (KMD). \n" \
" ALTERNATIVELY \n" \
Expand Down Expand Up @@ -144,7 +142,7 @@ VOID Help_ShowInfo()
printf(
" PCILEECH INFORMATION \n" \
" PCILeech (c) 2016-2018 Ulf Frisk \n" \
" Version: 3.0 \n" \
" Version: 3.1 \n" \
" License: GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 \n" \
" Contact information: [email protected] \n" \
" System requirements: 64-bit Windows 7, 10 or Linux. \n" \
Expand All @@ -153,12 +151,12 @@ VOID Help_ShowInfo()
" PCILeech-FPGA - https://github.com/ufrisk/pcileech-fpga \n" \
" Google USB Driver - https://developer.android.com/sdk/win-usb.html \n" \
" FTDI FT601 Driver - http://www.ftdichip.com/Drivers/D3XX.htm \n" \
" PCIe Injector - https://github.com/enjoy-digital/pcie_injector \n" \
" Dokany - https://github.com/dokan-dev/dokany/releases/latest \n" \
" ---------------- \n" \
" Use with memory dump files in read-only mode. \n" \
" Use with USB3380 hardware programmed as a PCILeech device. \n" \
" Use with FPGA harware programmed as a PCILeech FPGA device. \n" \
" Use with SP605 hardware / 'PCI Express DIY hacking toolkit' by cr4sh/@d_olex. \n\n" \
" Use with FPGA harware programmed as a PCILeech FPGA device. \n\n" \
" ---------------- \n" \
" Driver information (USB3380/Windows): \n" \
" The USB3380 HW requires a dummy driver to function properly. The PCILeech \n" \
Expand All @@ -175,9 +173,15 @@ VOID Help_ShowInfo()
" memory file access PCILeech requires Dokany to be installed for virtual file\n" \
" system support. Please download and install Dokany on your computer before \n" \
" using the mount functionality. \n" \
" Driver information (Libusb/Linux): \n" \
" Driver information (USB3380/Linux): \n" \
" PCILeech on Linux requires that libusb is installed. Libusb is most probably\n" \
" installed by default, if not install by running:apt-get install libusb-1.0-0\n" \
" Driver information (FPGA/FT601/Linux): \n" \
" The PCILeech programmed FPGA board with FT601 USB3 requires drivers for USB.\n" \
" The driver is a small kernel driver found in the drivers/ft60x folder in the\n" \
" PCIe Injector Github repository. Once loaded the driver will expose a device\n" \
" named /dev/ft60x[0-3] Please note that this device file must be read/write \n" \
" for the current user for PCILeech to find and use it automatically. \n" \
" ---------------- \n" \
" Notes about the PCILeech USB3380 device: \n" \
" Usage: connect USB3380 device to target computer and USB cable to the computer\n" \
Expand Down
Loading

0 comments on commit 2c71aef

Please sign in to comment.