Version 4.19

.gitignore

@@ -14,3 +14,4 @@
 *.obj
 *.so
 *.zip
+*.dylib

includes/leechcore.h

@@ -11,10 +11,10 @@
 // - README: https://github.com/ufrisk/LeechCore
 // - GUIDE:  https://github.com/ufrisk/LeechCore/wiki
 //
-// (c) Ulf Frisk, 2020-2024
+// (c) Ulf Frisk, 2020-2025
 // Author: Ulf Frisk, [email protected]
 //
-// Header Version: 2.19.0
+// Header Version: 2.20.0
 //
 
 #ifndef __LEECHCORE_H__
@@ -34,7 +34,7 @@ extern "C" {
 typedef unsigned __int64                    QWORD, *PQWORD;
 
 #endif /* _WIN32 */
-#ifdef LINUX
+#if defined(LINUX) || defined(MACOS)
 
 #include <inttypes.h>
 #include <stdlib.h>
@@ -75,7 +75,7 @@ typedef const uint16_t                      *LPCWSTR;
 #define _Printf_format_string_
 #define _Success_(x)
 
-#endif /* LINUX */
+#endif /* LINUX || MACOS */
 
 
 

includes/vmmdll.h

@@ -8,10 +8,10 @@
 // while Linux may only access UTF-8 versions. Some functionality may also
 // be degraded or unavailable on Linux.
 //
-// (c) Ulf Frisk, 2018-2024
+// (c) Ulf Frisk, 2018-2025
 // Author: Ulf Frisk, [email protected]
 //
-// Header Version: 5.13
+// Header Version: 5.14
 //
 
 #include "leechcore.h"
@@ -30,7 +30,7 @@ extern "C" {
 typedef unsigned __int64                    QWORD, *PQWORD;
 
 #endif /* _WIN32 */
-#ifdef LINUX
+#if defined(LINUX) || defined(MACOS)
 
 #include <inttypes.h>
 #include <stdarg.h>
@@ -72,7 +72,7 @@ typedef const uint16_t                      *LPCWSTR;
 #define _Printf_format_string_
 #define _Success_(x)
 
-#endif /* LINUX */
+#endif /* LINUX || MACOS */
 
 typedef struct tdVMM_HANDLE     *VMM_HANDLE;
 typedef struct tdVMMVM_HANDLE   *VMMVM_HANDLE;
@@ -296,7 +296,7 @@ typedef struct tdVMMDLL_MAP_PFN *PVMMDLL_MAP_PFN;
 //-----------------------------------------------------------------------------
 // LINUX SPECIFIC DEFINES:
 //-----------------------------------------------------------------------------
-#ifdef LINUX
+#if defined(LINUX) || defined(MACOS)
 
 #define IMAGE_SIZEOF_SHORT_NAME              8
 
@@ -330,7 +330,7 @@ typedef struct _SERVICE_STATUS {
     DWORD   dwCheckPoint;
     DWORD   dwWaitHint;
 } SERVICE_STATUS, *LPSERVICE_STATUS;
-#endif /* LINUX */
+#endif /* LINUX || MACOS */
 
 
 

pcileech/Makefile.macos

@@ -0,0 +1,35 @@
+CC=clang
+CFLAGS += -I. -I../includes -D MACOS -D _GNU_SOURCE -D _FILE_OFFSET_BITS=64 -pthread
+CFLAGS += -fPIE -fPIC -fstack-protector -D_FORTIFY_SOURCE=2 -O1
+CFLAGS += -Wall -Wno-enum-compare -Wno-pointer-sign -Wno-multichar -Wno-unused-variable -Wno-unused-value
+CFLAGS += -Wno-pointer-to-int-cast -Wno-int-to-pointer-cast
+CFLAGS += -mmacosx-version-min=11.0
+# DEBUG FLAGS BELOW
+#CFLAGS += -O0
+#CFLAGS += -fsanitize=address
+# DEBUG FLAGS ABOVE
+LDFLAGS += -ldl -L. ./leechcore.dylib ./vmm.dylib
+LDFLAGS += -Wl,-rpath,@loader_path
+LDFLAGS += -mmacosx-version-min=11.0
+DEPS = pcileech.h
+OBJ  = oscompatibility.o charutil.o device.o pcileech.o executor.o extra.o help.o kmd.o memdump.o mempatch.o statistics.o umd.o util.o vfslist.o vfs.o vmmx.o ob/ob_cachemap.o ob/ob_core.o ob/ob_map.o ob/ob_set.o
+
+%.o: %.c $(DEPS)
+	$(CC) -c -o $@ $< $(CFLAGS)
+
+pcileech: $(OBJ)
+	cp ../files/vmm.dylib . || cp ../../MemProcFS*/files/vmm.dylib . || true
+	cp ../files/leechcore.dylib . || cp ../../LeechCore*/files/leechcore.dylib . || true
+	$(CC) -o $@ $^ $(CFLAGS) $(LDFLAGS)
+	mv pcileech ../files/ |true
+	mv vmm.dylib ../files/ |true
+	mv leechcore.dylib ../files/ |true
+	rm -f *.o || true
+	rm -f */*.o || true
+	rm -f *.dylib || true
+	true
+
+clean:
+	rm -f *.o || true
+	rm -f */*.o || true
+	rm -f *.dylib || true

pcileech/charutil.c

@@ -1,6 +1,6 @@
 // charutil.c : implementation of various character/string utility functions.
 //
-// (c) Ulf Frisk, 2021-2024
+// (c) Ulf Frisk, 2021-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "charutil.h"

pcileech/charutil.h

@@ -1,6 +1,6 @@
 // charutil.h : definitions of various character/string utility functions.
 //
-// (c) Ulf Frisk, 2021-2024
+// (c) Ulf Frisk, 2021-2025
 // Author: Ulf Frisk, [email protected]
 //
 #ifndef __CHARUTIL_H__

pcileech/device.c

@@ -1,6 +1,6 @@
 // device.c : implementation related to hardware devices.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include <leechcore.h>

pcileech/device.h

@@ -1,6 +1,6 @@
 // device.h : definitions related to the hardware devices.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #ifndef __DEVICE_H__

pcileech/executor.c

@@ -1,6 +1,6 @@
 // executor.c : implementation related 'code execution' and 'console redirect' functionality.
 //
-// (c) Ulf Frisk, 2016-2024
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "executor.h"
@@ -618,11 +618,11 @@ VOID ActionAgentForensic()
 }
 
 #endif /* _WIN32 */
-#ifdef LINUX
+#if defined(LINUX) || defined(MACOS)
 
 VOID ActionAgentForensic()
 {
     printf("Command 'agent-elastic' is only supported on Windows.\n");
 }
 
-#endif /* LINUX */
+#endif /* LINUX || MACOS */

pcileech/executor.h

@@ -1,6 +1,6 @@
 // executor.h : definitions related to 'code execution' and 'console redirect' functionality.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #ifndef __EXECUTOR_H__

pcileech/extra.c

@@ -1,6 +1,6 @@
 // extra.c : implementation related various extra functionality such as exploits.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "extra.h"
@@ -62,9 +62,9 @@ BOOL Extra_MacFVRecover_Analyze(_In_ PBYTE pb512M)
 #ifdef _WIN32
                     printf("MAC_FVRECOVER: PASSWORD CANDIDATE: %S\n", (LPWSTR)(pb + dwCandidate));
 #endif /* _WIN32 */
-#ifdef LINUX
+#if defined(LINUX) || defined(MACOS)
                     printf("MAC_FVRECOVER: PASSWORD CANDIDATE (hex8): %llx\n", *(PQWORD)(pb + dwCandidate));
-#endif /* LINUX */
+#endif /* LINUX || MACOS */
                 }
                 break;
             }

pcileech/extra.h

@@ -1,6 +1,6 @@
 // extra.h : definitions related to various extra functionality such as exploits.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #ifndef __EXTRA_H__

pcileech/help.c

@@ -1,6 +1,6 @@
 // help.c : implementation related to displaying help texts.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "help.h"

pcileech/help.h

@@ -1,6 +1,6 @@
 // help.h : definitions related to displaying help texts.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #ifndef __HELP_H__

pcileech/kmd.c

@@ -1,6 +1,6 @@
 // kmd.c : implementation related to operating systems kernel modules functionality.
 //
-// (c) Ulf Frisk, 2016-2024
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "kmd.h"

pcileech/kmd.h

@@ -1,6 +1,6 @@
 // kmd.h : definitions related to operating systems kernel modules functionality.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #ifndef __KMD_H__

pcileech/memdump.c

@@ -1,6 +1,6 @@
 // memdump.c : implementation related to memory dumping functionality.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include <leechcore.h>

pcileech/memdump.h

@@ -1,6 +1,6 @@
 // memdump.h : definitions related to memory dumping functionality.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #ifndef __MEMDUMP_H__

pcileech/mempatch.c

@@ -1,6 +1,6 @@
 // mempatch.c : implementation related to operating systems unlock/patch functionality.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "mempatch.h"

pcileech/mempatch.h

@@ -1,6 +1,6 @@
 // mempatch.h : definitions related to memory patch / operating system unlock functionality.
 //
-// (c) Ulf Frisk, 2016-2022
+// (c) Ulf Frisk, 2016-2025
 // Author: Ulf Frisk, [email protected]
 //
 #ifndef __MEMPATCH_H__

pcileech/ob/ob.h

@@ -1,6 +1,6 @@
 // ob.h : definitions related to the object manager and object manager collections.
 //
-// (c) Ulf Frisk, 2018-2023
+// (c) Ulf Frisk, 2018-2025
 // Author: Ulf Frisk, [email protected]
 //
 #ifndef __OB_H__

pcileech/ob/ob_cachemap.c

@@ -10,7 +10,7 @@
 // The map (ObCacheMap) is thread safe.
 // The ObCacheMap is an object manager object and must be DECREF'ed when required.
 //
-// (c) Ulf Frisk, 2020-2023
+// (c) Ulf Frisk, 2020-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "ob.h"

pcileech/ob/ob_core.c

@@ -14,7 +14,7 @@
 // - such as decreasing reference count of sub-objects contained in the object
 // that is to be deallocated.
 //
-// (c) Ulf Frisk, 2018-2023
+// (c) Ulf Frisk, 2018-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "ob.h"

pcileech/ob/ob_map.c

@@ -12,7 +12,7 @@
 // of the set with ObMap_Get/ObMap_GetNext may fail.
 // The ObMap is an object manager object and must be DECREF'ed when required.
 //
-// (c) Ulf Frisk, 2019-2023
+// (c) Ulf Frisk, 2019-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "ob.h"

pcileech/ob/ob_set.c

@@ -9,7 +9,7 @@
 // iterations of the set with ObSet_Get/ObSet_GetNext may fail.
 // The ObSet is an object manager object and must be DECREF'ed when required.
 //
-// (c) Ulf Frisk, 2019-2023
+// (c) Ulf Frisk, 2019-2025
 // Author: Ulf Frisk, [email protected]
 //
 #include "ob.h"