-
-
Notifications
You must be signed in to change notification settings - Fork 752
Home
PCILeech works on both Windows and Linux with a wide range of memory acquisition methods. The Windows version is somewhat more feature-rich and better performant than the Linux version due to some Windows-only dependencies and more optimized drivers. For general information about running PCILeech on Windows or Linux please check out the sections PCILeech on Windows and PCILeech on Linux.
PCILeech is able to capture memory using a wide range of memory acquisition methods - both hardware based and software based methods. It's also possible to access remote memory made accessible via a remote LeechAgent.
Methods include (but are not limited to):
- Live memory via PCIe DMA with FPGA and USB3380 hardware.
- Dump Files - Raw, Full Microsoft CrashDump, VirtualBox CoreDump, VMWare and Hyper-V save files.
- Live Memory - Comae DumpIt and WinPmem.
- Remote Memory - via LeechAgent and any supported acquisition method.
All memory acquisition is made through the LeechCore library. Please check out the LeechCore and LeechService project for detailed information about each memory acquisition method.
As a general rule, PCILeech may always be able to dump memory of the target system supports it regardless whether the operating system is supported for kernel and user-mode module injection. For more information about kernel and user-mode injection please check out the Targets section in the menu to the right.
Please find build instructions in the sections PCILeech on Windows and PCILeech on Linux.
Sponsor PCILeech and MemProcFS:
PCILeech and MemProcFS is free and open source!
I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!
If you like what I've created with PCIleech and MemProcFS with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk
Thank You 💖