-
-
Notifications
You must be signed in to change notification settings - Fork 752
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
14 changed files
with
378 additions
and
295 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,7 +6,6 @@ | |
// (c) Ulf Frisk, 2017-2018 | ||
// Author: Ulf Frisk, [email protected] | ||
// | ||
#ifdef WIN32 | ||
|
||
#include "devicefpga.h" | ||
#include "device.h" | ||
|
@@ -567,7 +566,7 @@ VOID DeviceFPGA_ReadScatterDMA_Impl(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _Inou | |
rxbuf.cbReadTotal = 0; | ||
rxbuf.cph = cpDMAs - i; | ||
rxbuf.pph = ppDMAs + i; | ||
ctx->hRxTlpCallbackFn = TLP_CallbackMRd_Scatter; | ||
ctx->hRxTlpCallbackFn = (VOID(*)(PVOID, PBYTE, DWORD))TLP_CallbackMRd_Scatter; | ||
// Transmit TLPs | ||
cbFlush = 0; | ||
cbTotalInCycle = 0; | ||
|
@@ -632,12 +631,14 @@ VOID DeviceFPGA_ReadScatterDMA(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _Inout_ PP | |
{ | ||
PDEVICE_CONTEXT_FPGA ctx = (PDEVICE_CONTEXT_FPGA)ctxPcileech->hDevice; | ||
DWORD i = 0, c = 0; | ||
BOOL fRetry = FALSE; | ||
DeviceFPGA_ReadScatterDMA_Impl(ctxPcileech, ppDMAs, cpDMAs); | ||
if(pchDMAsRead || ctx->perf.RETRY_ON_ERROR) { | ||
while(i < cpDMAs) { | ||
if((ppDMAs[i]->cb < ppDMAs[i]->cbMax) && ctx->perf.RETRY_ON_ERROR) { | ||
if((ppDMAs[i]->cb < ppDMAs[i]->cbMax) && ctx->perf.RETRY_ON_ERROR && !fRetry) { | ||
Sleep(100); | ||
DeviceFPGA_ReadScatterDMA_Impl(ctxPcileech, ppDMAs, cpDMAs); | ||
fRetry = TRUE; | ||
} | ||
c += (ppDMAs[i]->cb >= ppDMAs[i]->cbMax) ? 1 : 0; | ||
i++; | ||
|
@@ -669,7 +670,7 @@ VOID DeviceFPGA_ProbeDMA_Impl(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD | |
bufMRd.pb = pbResultMap; | ||
bufMRd.cbMax = cPages; | ||
ctx->pMRdBufferX = &bufMRd; | ||
ctx->hRxTlpCallbackFn = TLP_CallbackMRdProbe; | ||
ctx->hRxTlpCallbackFn = (VOID(*)(PVOID, PBYTE, DWORD))TLP_CallbackMRdProbe; | ||
// transmit TLPs | ||
for(i = 0; i < cPages; i++) { | ||
if(pbResultMap[i]) { continue; } // skip over if page already marked as ok | ||
|
@@ -853,36 +854,28 @@ BOOL DeviceFPGA_Open(_Inout_ PPCILEECH_CONTEXT ctxPcileech) | |
// return | ||
if(ctxPcileech->cfg->fVerbose) { | ||
printf( | ||
"FPGA: Device Info: %s PCIe gen%i x%i [%i,%i,%i] [v%i.%i]\n", | ||
"FPGA: Device Info: %s PCIe gen%i x%i [%i,%i,%i] [v%i.%i,%04x]\n", | ||
ctx->perf.SZ_DEVICE_NAME, | ||
DeviceFPGA_PHY_GetPCIeGen(ctx), | ||
DeviceFPGA_PHY_GetLinkWidth(ctx), | ||
ctx->perf.DELAY_READ, | ||
ctx->perf.DELAY_WRITE, | ||
ctx->perf.DELAY_PROBE_READ, | ||
ctx->wFpgaVersionMajor, | ||
ctx->wFpgaVersionMinor); | ||
ctx->wFpgaVersionMinor, | ||
ctx->wDeviceId); | ||
} | ||
return TRUE; | ||
fail: | ||
if(szDeviceError && (ctxPcileech->cfg->fVerbose || (ctxPcileech->cfg->dev.tp == PCILEECH_DEVICE_FPGA))) { | ||
printf("FPGA: ERROR: %s.\n", szDeviceError); | ||
printf( | ||
"FPGA: ERROR: %s [%i,v%i.%i,%04x]\n", | ||
szDeviceError, | ||
ctx->wFpgaID, | ||
ctx->wFpgaVersionMajor, | ||
ctx->wFpgaVersionMinor, | ||
ctx->wDeviceId); | ||
} | ||
DeviceFPGA_Close(ctxPcileech); | ||
return FALSE; | ||
} | ||
|
||
#endif /* WIN32 */ | ||
#if defined(LINUX) || defined(ANDROID) | ||
|
||
#include "devicefpga.h" | ||
|
||
BOOL DeviceFPGA_Open(_Inout_ PPCILEECH_CONTEXT ctx) | ||
{ | ||
if(ctx->cfg->dev.tp == PCILEECH_DEVICE_FPGA) { | ||
printf("FPGA: Failed. FPGA device currently only supported in PCILeech for Windows."); | ||
} | ||
return FALSE; | ||
} | ||
|
||
#endif /* LINUX || ANDROID */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -33,9 +33,9 @@ VOID Help_ShowGeneral() | |
" contains a kernel mode signature the kernel module will be loaded and then un-\n" \ | ||
" loaded on program exit ( except for the kmdload command ). \n" \ | ||
" KMD mode may access all memory (available to the kernel of the target system).\n" \ | ||
" DMA mode may only access lower 4GB of memory if USB3380 hardware is used. \n" \ | ||
" DMA mode may access 4GB memory if USB3380 hardware is used. \n" \ | ||
" DMA mode may access all memory if FPGA based hardware is used such as the: \n" \ | ||
" SP605, AC701 and PCIeScreamer. \n" \ | ||
" SP605/FT601, AC701/FT601 and PCIeScreamer. \n" \ | ||
" For detailed help about a specific command type: pcileech <command> -help \n" \ | ||
" General syntax: pcileech <command> [-<optionname1> <optionvalue1>] ... \n" \ | ||
" Valid commands and valid MODEs [ and options ] \n" \ | ||
|
@@ -47,7 +47,7 @@ VOID Help_ShowGeneral() | |
" [implant] KMD [ in, out, s, 0..9 ] \n" \ | ||
" kmdload DMA [ pt, cr3 ] \n" \ | ||
" kmdexit KMD \n" \ | ||
" mount KMD [ s, cr3 ] (Windows only feature) \n" \ | ||
" mount DMA,KMD [ s, cr3 ] (Windows only feature) \n" \ | ||
" display DMA,KMD [ min, max ] \n" \ | ||
" pagedisplay DMA,KMD [ min ] \n" \ | ||
" pt_phys2virt DMA,KMD [ cr3, 0 ] \n" \ | ||
|
@@ -62,9 +62,9 @@ VOID Help_ShowGeneral() | |
" tlp DMA [ in ] (FPGA) \n" \ | ||
" probe DMA [ in ] (FPGA) \n" \ | ||
" System specific commands and valid MODEs [ and options ]: \n" \ | ||
" mac_fvrecover DMA \n" \ | ||
" mac_fvrecover2 DMA \n" \ | ||
" mac_disablevtd DMA \n" \ | ||
" mac_fvrecover DMA (USB3380) \n" \ | ||
" mac_fvrecover2 DMA (USB3380) \n" \ | ||
" mac_disablevtd DMA (USB3380) \n" \ | ||
" Valid options: \n" \ | ||
" -min : memory min address, valid range: 0x0 .. 0xffffffffffffffff \n" \ | ||
" default: 0x0 \n" \ | ||
|
@@ -110,12 +110,10 @@ VOID Help_ShowGeneral() | |
" -0..9: QWORD input value. Example: -0 0xff , -3 0x7fffffff00001000 or -2 13 \n" \ | ||
" default: 0 \n" \ | ||
" -pt : trigger KMD insertion by automatic page table hijack. \n" \ | ||
" Option has no value. Example: -pt \n" \ | ||
" Used in conjunction with -kmd option to trigger KMD insertion by page\n" \ | ||
" table hijack. Only recommended to use with care on computers with \n" \ | ||
" 4GB+ RAM when kernel is located in high-memory (Windows 10). \n" \ | ||
" -cr3 : base address of system page table / CR3 CPU register. \n" \ | ||
" -efibase : base address of EFI_SYSTEM_TABLE (IBI SYST) used when inserting \n" \ | ||
" Option has no value. Example: -pt. Used in conjunction with \n" \ | ||
" -kmd option to trigger KMD insertion by page table hijack. \n" \ | ||
" -cr3 : base address of page table (PML4) / CR3 CPU register. \n" \ | ||
" -efibase : base address of EFI_SYSTEM_TABLE (IBI SYST). Used when inserting \n" \ | ||
" UEFI 'kernel' modules. \n" \ | ||
" -kmd : address of already loaded kernel module helper (KMD). \n" \ | ||
" ALTERNATIVELY \n" \ | ||
|
@@ -144,7 +142,7 @@ VOID Help_ShowInfo() | |
printf( | ||
" PCILEECH INFORMATION \n" \ | ||
" PCILeech (c) 2016-2018 Ulf Frisk \n" \ | ||
" Version: 3.0 \n" \ | ||
" Version: 3.1 \n" \ | ||
" License: GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 \n" \ | ||
" Contact information: [email protected] \n" \ | ||
" System requirements: 64-bit Windows 7, 10 or Linux. \n" \ | ||
|
@@ -153,12 +151,12 @@ VOID Help_ShowInfo() | |
" PCILeech-FPGA - https://github.com/ufrisk/pcileech-fpga \n" \ | ||
" Google USB Driver - https://developer.android.com/sdk/win-usb.html \n" \ | ||
" FTDI FT601 Driver - http://www.ftdichip.com/Drivers/D3XX.htm \n" \ | ||
" PCIe Injector - https://github.com/enjoy-digital/pcie_injector \n" \ | ||
" Dokany - https://github.com/dokan-dev/dokany/releases/latest \n" \ | ||
" ---------------- \n" \ | ||
" Use with memory dump files in read-only mode. \n" \ | ||
" Use with USB3380 hardware programmed as a PCILeech device. \n" \ | ||
" Use with FPGA harware programmed as a PCILeech FPGA device. \n" \ | ||
" Use with SP605 hardware / 'PCI Express DIY hacking toolkit' by cr4sh/@d_olex. \n\n" \ | ||
" Use with FPGA harware programmed as a PCILeech FPGA device. \n\n" \ | ||
" ---------------- \n" \ | ||
" Driver information (USB3380/Windows): \n" \ | ||
" The USB3380 HW requires a dummy driver to function properly. The PCILeech \n" \ | ||
|
@@ -175,9 +173,15 @@ VOID Help_ShowInfo() | |
" memory file access PCILeech requires Dokany to be installed for virtual file\n" \ | ||
" system support. Please download and install Dokany on your computer before \n" \ | ||
" using the mount functionality. \n" \ | ||
" Driver information (Libusb/Linux): \n" \ | ||
" Driver information (USB3380/Linux): \n" \ | ||
" PCILeech on Linux requires that libusb is installed. Libusb is most probably\n" \ | ||
" installed by default, if not install by running:apt-get install libusb-1.0-0\n" \ | ||
" Driver information (FPGA/FT601/Linux): \n" \ | ||
" The PCILeech programmed FPGA board with FT601 USB3 requires drivers for USB.\n" \ | ||
" The driver is a small kernel driver found in the drivers/ft60x folder in the\n" \ | ||
" PCIe Injector Github repository. Once loaded the driver will expose a device\n" \ | ||
" named /dev/ft60x[0-3] Please note that this device file must be read/write \n" \ | ||
" for the current user for PCILeech to find and use it automatically. \n" \ | ||
" ---------------- \n" \ | ||
" Notes about the PCILeech USB3380 device: \n" \ | ||
" Usage: connect USB3380 device to target computer and USB cable to the computer\n" \ | ||
|
Oops, something went wrong.