Skip to content

Commit

Permalink
Version 4.12
Browse files Browse the repository at this point in the history
  • Loading branch information
@ufrisk
ufrisk committed Sep 25, 2021
1 parent e942bbc commit dc91939
Show file tree
Hide file tree
Showing 21 changed files with 152 additions and 69 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
/files/pcileech
/files/lib
/files/temp
/files/x86/lib
/files/USB3380Flash
/files/USB3380Flash_installer
*.bin
Expand Down
10 changes: 7 additions & 3 deletions includes/leechcore.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
// (c) Ulf Frisk, 2020-2021
// Author: Ulf Frisk, [email protected]
//
// Header Version: 2.7
// Header Version: 2.8
//

#ifndef __LEECHCORE_H__
Expand All @@ -41,7 +41,8 @@ typedef unsigned __int64 QWORD, *PQWORD;
#define EXPORTED_FUNCTION __attribute__((visibility("default")))
typedef void VOID, *PVOID, *HANDLE, **PHANDLE, *HMODULE;
typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
typedef uint64_t SIZE_T, *PSIZE_T, FILETIME, *PFILETIME;
typedef size_t SIZE_T, *PSIZE_T;
typedef uint64_t FILETIME, *PFILETIME;
typedef uint32_t DWORD, *PDWORD, *LPDWORD, BOOL, *PBOOL, NTSTATUS;
typedef uint16_t WORD, *PWORD;
typedef uint8_t BYTE, *PBYTE, *LPBYTE, UCHAR;
Expand Down Expand Up @@ -169,7 +170,10 @@ typedef struct tdMEM_SCATTER {
DWORD version; // MEM_SCATTER_VERSION
BOOL f; // TRUE = success data in pb, FALSE = fail or not yet read.
QWORD qwA; // address of memory to read
PBYTE pb; // buffer to hold memory contents
union {
PBYTE pb; // buffer to hold memory contents
QWORD _Filler;
};
DWORD cb; // size of buffer to hold memory contents.
DWORD iStack; // internal stack pointer
QWORD vStack[MEM_SCATTER_STACK_SIZE]; // internal stack
Expand Down
Binary file added includes/lib32/leechcore.lib
View file
Binary file not shown.
Binary file added includes/lib32/vmm.lib
View file
Binary file not shown.
Binary file modified includes/lib64/leechcore.lib
View file
Binary file not shown.
Binary file modified includes/lib64/vmm.lib
View file
Binary file not shown.
24 changes: 14 additions & 10 deletions includes/vmmdll.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
// (c) Ulf Frisk, 2018-2021
// Author: Ulf Frisk, [email protected]
//
// Header Version: 4.2
// Header Version: 4.3
//

#include "leechcore.h"
Expand All @@ -34,7 +34,8 @@ typedef unsigned __int64 QWORD, *PQWORD;
#define EXPORTED_FUNCTION __attribute__((visibility("default")))
typedef void VOID, *PVOID, *HANDLE, **PHANDLE, *HMODULE;
typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
typedef uint64_t SIZE_T, *PSIZE_T, FILETIME, *PFILETIME;
typedef size_t SIZE_T, *PSIZE_T;
typedef uint64_t FILETIME, *PFILETIME;
typedef uint32_t DWORD, *PDWORD, *LPDWORD, BOOL, *PBOOL, NTSTATUS;
typedef uint16_t WORD, *PWORD;
typedef uint8_t BYTE, *PBYTE, *LPBYTE, UCHAR;
Expand Down Expand Up @@ -343,7 +344,10 @@ typedef struct tdVMMDLL_VFS_FILELISTBLOB {
DWORD cbStruct;
DWORD cFileEntry;
DWORD cbMultiText;
LPSTR uszMultiText;
union {
LPSTR uszMultiText;
QWORD _Reserved;
};
DWORD _FutureUse[8];
VMMDLL_VFS_FILELISTBLOB_ENTRY FileEntry[0];
} VMMDLL_VFS_FILELISTBLOB, *PVMMDLL_VFS_FILELISTBLOB;
Expand Down Expand Up @@ -892,7 +896,7 @@ typedef struct tdVMMDLL_MAP_HANDLEENTRY {
DWORD dwPID;
DWORD dwPoolTag;
DWORD _FutureUse[5];
union { LPSTR uszType; LPWSTR wszType; }; // U/W dependant
union { LPSTR uszType; LPWSTR wszType; QWORD _Pad1; }; // U/W dependant
} VMMDLL_MAP_HANDLEENTRY, *PVMMDLL_MAP_HANDLEENTRY;

typedef struct tdVMMDLL_MAP_NETENTRY {
Expand Down Expand Up @@ -940,12 +944,12 @@ typedef struct tdVMMDLL_MAP_SERVICEENTRY {
DWORD dwOrdinal;
DWORD dwStartType;
SERVICE_STATUS ServiceStatus;
union { LPSTR uszServiceName; LPWSTR wszServiceName; };// U/W dependant
union { LPSTR uszDisplayName; LPWSTR wszDisplayName; };// U/W dependant
union { LPSTR uszPath; LPWSTR wszPath; }; // U/W dependant
union { LPSTR uszUserTp; LPWSTR wszUserTp; }; // U/W dependant
union { LPSTR uszUserAcct; LPWSTR wszUserAcct; }; // U/W dependant
union { LPSTR uszImagePath; LPWSTR wszImagePath; }; // U/W dependant
union { LPSTR uszServiceName; LPWSTR wszServiceName; QWORD _Reserved1; }; // U/W dependant
union { LPSTR uszDisplayName; LPWSTR wszDisplayName; QWORD _Reserved2; }; // U/W dependant
union { LPSTR uszPath; LPWSTR wszPath; QWORD _Reserved3; }; // U/W dependant
union { LPSTR uszUserTp; LPWSTR wszUserTp; QWORD _Reserved4; }; // U/W dependant
union { LPSTR uszUserAcct; LPWSTR wszUserAcct; QWORD _Reserved5; }; // U/W dependant
union { LPSTR uszImagePath; LPWSTR wszImagePath; QWORD _Reserved6; }; // U/W dependant
DWORD dwPID;
DWORD _FutureUse1;
QWORD _FutureUse2;
Expand Down
25 changes: 12 additions & 13 deletions pcileech.sln
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,32 +45,33 @@ Global
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x64.ActiveCfg = Debug|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x64.Build.0 = Debug|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x86.ActiveCfg = Debug|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x86.ActiveCfg = Debug|Win32
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x86.Build.0 = Debug|Win32
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x64.ActiveCfg = Release|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x64.Build.0 = Release|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x86.ActiveCfg = Release|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x64.ActiveCfg = ReleaseMT|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x64.Build.0 = ReleaseMT|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x86.ActiveCfg = ReleaseMT|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x86.ActiveCfg = Release|Win32
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x86.Build.0 = Release|Win32
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x64.ActiveCfg = Release|x64
{DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x86.ActiveCfg = Debug|x64
{5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Debug|x64.ActiveCfg = Release|x64
{5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Debug|x86.ActiveCfg = Release|x64
{5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Debug|x86.Build.0 = Release|x64
{5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Release|x64.ActiveCfg = Release|x64
{5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Release|x86.ActiveCfg = Release|x64
{5C698F13-6E9F-46F3-95FC-55376A65D8BF}.ReleaseMT|x64.ActiveCfg = Release|x64
{5C698F13-6E9F-46F3-95FC-55376A65D8BF}.ReleaseMT|x86.ActiveCfg = Release|x64
{5C698F13-6E9F-46F3-95FC-55376A65D8BF}.ReleaseMT|x86.Build.0 = Release|x64
{E11BECC1-685F-41B9-A352-A6127FAB3758}.Debug|x64.ActiveCfg = Debug|x64
{E11BECC1-685F-41B9-A352-A6127FAB3758}.Debug|x86.ActiveCfg = Debug|x64
{E11BECC1-685F-41B9-A352-A6127FAB3758}.Release|x64.ActiveCfg = Release|x64
{E11BECC1-685F-41B9-A352-A6127FAB3758}.Release|x86.ActiveCfg = Release|x64
{E11BECC1-685F-41B9-A352-A6127FAB3758}.ReleaseMT|x64.ActiveCfg = ReleaseMT|x64
{E11BECC1-685F-41B9-A352-A6127FAB3758}.ReleaseMT|x64.Build.0 = ReleaseMT|x64
{E11BECC1-685F-41B9-A352-A6127FAB3758}.ReleaseMT|x86.ActiveCfg = ReleaseMT|x64
{F2F4AA4A-BEFE-4738-9412-820007919334}.Debug|x64.ActiveCfg = Debug|x64
{F2F4AA4A-BEFE-4738-9412-820007919334}.Debug|x86.ActiveCfg = Debug|x64
{F2F4AA4A-BEFE-4738-9412-820007919334}.Release|x64.ActiveCfg = Release|x64
{F2F4AA4A-BEFE-4738-9412-820007919334}.Release|x86.ActiveCfg = Release|x64
{F2F4AA4A-BEFE-4738-9412-820007919334}.ReleaseMT|x64.ActiveCfg = ReleaseMT|x64
{F2F4AA4A-BEFE-4738-9412-820007919334}.ReleaseMT|x64.Build.0 = ReleaseMT|x64
{F2F4AA4A-BEFE-4738-9412-820007919334}.ReleaseMT|x86.ActiveCfg = ReleaseMT|x64
{3476ABD2-5DEA-43E6-A676-8BE25F74535A}.Debug|x64.ActiveCfg = Debug|x64
{3476ABD2-5DEA-43E6-A676-8BE25F74535A}.Debug|x64.Build.0 = Debug|x64
Expand All @@ -81,19 +82,17 @@ Global
{3476ABD2-5DEA-43E6-A676-8BE25F74535A}.Release|x86.ActiveCfg = Release|Win32
{3476ABD2-5DEA-43E6-A676-8BE25F74535A}.Release|x86.Build.0 = Release|Win32
{3476ABD2-5DEA-43E6-A676-8BE25F74535A}.ReleaseMT|x64.ActiveCfg = Release|x64
{3476ABD2-5DEA-43E6-A676-8BE25F74535A}.ReleaseMT|x64.Build.0 = Release|x64
{3476ABD2-5DEA-43E6-A676-8BE25F74535A}.ReleaseMT|x86.ActiveCfg = Release|Win32
{3476ABD2-5DEA-43E6-A676-8BE25F74535A}.ReleaseMT|x86.Build.0 = Release|Win32
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x64.ActiveCfg = Debug|x64
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x64.Build.0 = Debug|x64
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x86.ActiveCfg = Debug|x64
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x86.ActiveCfg = Debug|Win32
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x86.Build.0 = Debug|Win32
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x64.ActiveCfg = Release|x64
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x64.Build.0 = Release|x64
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x86.ActiveCfg = Release|x64
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x86.ActiveCfg = Release|Win32
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x86.Build.0 = Release|Win32
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.ReleaseMT|x64.ActiveCfg = Release|x64
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.ReleaseMT|x64.Build.0 = Release|x64
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.ReleaseMT|x86.ActiveCfg = Release|x64
{6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.ReleaseMT|x86.Build.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
Expand Down
4 changes: 4 additions & 0 deletions pcileech/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
CC=gcc
CFLAGS +=-I. -I../includes -D LINUX -L. -l:leechcore.so -l:vmm.so -pthread
#CFLAGS += -g -O0
CFLAGS += -fPIE -pie -fstack-protector -D_FORTIFY_SOURCE=2 -O1 -Wl,-z,noexecstack
CFLAGS += -Wall -Wno-format-truncation -Wno-enum-compare -Wno-pointer-sign -Wno-multichar -Wno-unused-variable -Wno-unused-value
CFLAGS += -Wno-pointer-to-int-cast -Wno-int-to-pointer-cast
LDFLAGS +=-Wl,-rpath,'$$ORIGIN' -ldl
DEPS = pcileech.h
OBJ = oscompatibility.o device.o pcileech.o executor.o extra.o help.o kmd.o memdump.o mempatch.o statistics.o umd.o util.o vfs.o vmmx.o
Expand Down
12 changes: 6 additions & 6 deletions pcileech/executor.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ typedef struct tdEXEC_HANDLE {

// input buffer to targeted console (outgoing info)
// read from this console and send to targeted console
DWORD ConsoleRedirect_ThreadConsoleInput(PCONSOLEREDIR_THREADDATA pd)
DWORD WINAPI ConsoleRedirect_ThreadConsoleInput(PCONSOLEREDIR_THREADDATA pd)
{
DWORD cbWrite, cbModulo, cbModuloAck;
while(!pd->fTerminateThread) {
Expand All @@ -73,7 +73,7 @@ DWORD ConsoleRedirect_ThreadConsoleInput(PCONSOLEREDIR_THREADDATA pd)
return 0;
}

DWORD ConsoleRedirect_ThreadConsoleOutput(PCONSOLEREDIR_THREADDATA pd)
DWORD WINAPI ConsoleRedirect_ThreadConsoleOutput(PCONSOLEREDIR_THREADDATA pd)
{
while(!pd->fTerminateThread) {
*(pd->pInfoIS->con.pb + (pd->pInfoIS->con.cbRead % EXEC_IO_CONSOLE_BUFFER_SIZE)) = (BYTE)getchar();
Expand Down Expand Up @@ -149,7 +149,7 @@ VOID Exec_Callback(_Inout_ PHANDLE phCallback)
// core initialize
ph = *phCallback = LocalAlloc(LMEM_ZEROINIT, sizeof(EXEC_HANDLE));
if(!ph) { return; }
ph->pbDMA = LocalAlloc(LMEM_ZEROINIT, ctxMain->pk->dataOutExtraLengthMax);
ph->pbDMA = LocalAlloc(LMEM_ZEROINIT, (SIZE_T)ctxMain->pk->dataOutExtraLengthMax);
if(!ph->pbDMA) { LocalFree(ph); *phCallback = NULL; return; }
ph->is.magic = EXEC_IO_MAGIC;
// open output file
Expand Down Expand Up @@ -177,7 +177,7 @@ VOID Exec_Callback(_Inout_ PHANDLE phCallback)
cbLength = 0;
result =
DeviceReadDMA(ctxMain->pk->DMAAddrPhysical + ctxMain->pk->dataOutExtraOffset, (DWORD)SIZE_PAGE_ALIGN_4K(ctxMain->pk->dataOutExtraLength), ph->pbDMA, NULL) &&
(cbLength = fwrite(ph->pbDMA, 1, ctxMain->pk->dataOutExtraLength, ph->pFileOutput)) &&
(cbLength = fwrite(ph->pbDMA, 1, (SIZE_T)ctxMain->pk->dataOutExtraLength, ph->pFileOutput)) &&
(ctxMain->pk->dataOutExtraLength == cbLength);
ph->qwFileWritten += cbLength;
ph->fError = !result;
Expand Down Expand Up @@ -227,8 +227,8 @@ BOOL Exec_ExecSilent(_In_ LPSTR szShellcodeName, _In_ PBYTE pbIn, _In_ QWORD cbI
// [Y , X [ = data in (to target computer)
// [X , buf_max [ = data out (from target computer)
//------------------------------------------------
memcpy(pbBuffer, pKmdExec->pbShellcode, pKmdExec->cbShellcode);
memcpy(pbBuffer + SIZE_PAGE_ALIGN_4K(pKmdExec->cbShellcode), pbIn, cbIn);
memcpy(pbBuffer, pKmdExec->pbShellcode, (SIZE_T)pKmdExec->cbShellcode);
memcpy(pbBuffer + SIZE_PAGE_ALIGN_4K(pKmdExec->cbShellcode), pbIn, (SIZE_T)cbIn);
result = DeviceWriteDMA_Retry(ctxMain->hLC, pk->DMAAddrPhysical, cbBuffer, pbBuffer);
if(!result) { goto fail; }
pk->dataInExtraOffset = SIZE_PAGE_ALIGN_4K(pKmdExec->cbShellcode);
Expand Down
2 changes: 1 addition & 1 deletion pcileech/memdump.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ VOID MemoryDump_SetOutFileName()
}
}

DWORD MemoryDump_File_ThreadProc(_In_ PMEMDUMP_FILEWRITE ctx)
DWORD WINAPI MemoryDump_File_ThreadProc(_In_ PMEMDUMP_FILEWRITE ctx)
{
PMEMDUMP_FILEWRITE_DATA pd;
while(ctx->fValid) {
Expand Down
9 changes: 5 additions & 4 deletions pcileech/oscompatibility.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ typedef uint16_t WCHAR, *PWCHAR, *LPWSTR, *LPCWSTR;
typedef uint32_t DWORD, *PDWORD, ULONG, *PULONG;
typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
typedef uint64_t LARGE_INTEGER, *PLARGE_INTEGER, FILETIME;
typedef uint64_t SIZE_T, *PSIZE_T;
typedef size_t SIZE_T, *PSIZE_T;
typedef void *OVERLAPPED, *LPOVERLAPPED;
typedef struct tdEXCEPTION_RECORD32 { CHAR sz[80]; } EXCEPTION_RECORD32;
typedef struct tdEXCEPTION_RECORD64 { CHAR sz[152]; } EXCEPTION_RECORD64;
Expand Down Expand Up @@ -99,6 +99,7 @@ typedef struct tdEXCEPTION_RECORD64 { CHAR sz[152]; } EXCEPTION_RECORD64
#define _Out_writes_bytes_(x)
#define _Out_writes_opt_(x)
//#define _Success_(return)
#define WINAPI

#define max(a, b) (((a) > (b)) ? (a) : (b))
#define min(a, b) (((a) < (b)) ? (a) : (b))
Expand All @@ -121,13 +122,13 @@ typedef struct tdEXCEPTION_RECORD64 { CHAR sz[152]; } EXCEPTION_RECORD64
#define ExitThread(dwExitCode) (pthread_exit(dwExitCode))
#define ExitProcess(c) (exit(c ? EXIT_SUCCESS : EXIT_FAILURE))
#define Sleep(dwMilliseconds) (usleep(1000*dwMilliseconds))
#define fopen_s(ppFile, szFile, szAttr) ((*ppFile = fopen(szFile, szAttr)) ? 0 : 1)
#define fopen_s(ppFile, szFile, szAttr) ((*ppFile = fopen64(szFile, szAttr)) ? 0 : 1)
#define GetModuleFileNameA(m, f, l) (readlink("/proc/self/exe", f, l))
#define ZeroMemory(pb, cb) (memset(pb, 0, cb))
#define WinUsb_SetPipePolicy(h, p, t, cb, pb) // TODO: implement this for better USB2 performance.
#define CloseHandle(h) // TODO: remove this dummy implementation & replace with WARN.
#define _ftelli64(f) (ftello(f))
#define _fseeki64(f, o, w) (fseeko(f, o, w))
#define _ftelli64(f) (ftello64(f))
#define _fseeki64(f, o, w) (fseeko64(f, o, w))
#define _chsize_s(fd, cb) (ftruncate64(fd, cb))
#define _fileno(f) (fileno(f))
#define InterlockedAdd64(p, v) (__sync_fetch_and_add(p, v))
Expand Down
4 changes: 2 additions & 2 deletions pcileech/pcileech.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ BOOL PCILeechConfigIntialize(_In_ DWORD argc, _In_ char* argv[])
}
} else if(0 == strcmp(argv[i], "-in")) {
ctxMain->cfg.cbIn = max(0x40000, 0x1000 + Util_GetFileSize(argv[i + 1]));
ctxMain->cfg.pbIn = LocalAlloc(LMEM_ZEROINIT, ctxMain->cfg.cbIn);
ctxMain->cfg.pbIn = LocalAlloc(LMEM_ZEROINIT, (SIZE_T)ctxMain->cfg.cbIn);
if(!ctxMain->cfg.pbIn) { return FALSE; }
if(!Util_ParseHexFileBuiltin(argv[i + 1], ctxMain->cfg.pbIn, (DWORD)ctxMain->cfg.cbIn, (PDWORD)&ctxMain->cfg.cbIn)) { return FALSE; }
} else if(0 == strcmp(argv[i], "-s")) {
Expand Down Expand Up @@ -242,7 +242,7 @@ VOID PCILeechFreeContext()
* Call the free context functionality in a separate thread (in case it gets stuck).
* -- pv
*/
VOID PCILeechCtrlHandler_TryShutdownThread(PVOID pv)
VOID WINAPI PCILeechCtrlHandler_TryShutdownThread(PVOID pv)
{
__try {
PCILeechFreeContext();
Expand Down
17 changes: 12 additions & 5 deletions pcileech/pcileech.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
typedef unsigned __int64 QWORD, *PQWORD;
#endif /* _WIN32 */
#ifdef LINUX
#define WINAPI
typedef uint16_t WORD, *PWORD, USHORT, *PUSHORT;
typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64;
#endif /* LINUX */
Expand Down Expand Up @@ -138,10 +139,16 @@ typedef struct tdKmdExec {
DWORD dwMagic;
BYTE pbChecksumSHA256[32];
QWORD qwVersion;
LPSTR szOutFormatPrintf;
union {
LPSTR szOutFormatPrintf;
QWORD _Filler2;
};
QWORD cbShellcode;
PBYTE pbShellcode;
QWORD filler[4];
union {
PBYTE pbShellcode;
QWORD _Filler3;
};
QWORD _Filler4[4];
} KMDEXEC, *PKMDEXEC;
#pragma pack(pop) /* RE-ENABLE STRUCT PADDINGS */

Expand Down Expand Up @@ -195,7 +202,7 @@ typedef struct tdKMDDATA {
QWORD dataOutExtraLengthMax; // [0x210] maximum length of extra out-data.
QWORD dataOutConsoleBuffer; // [0x218] physical address of 1-page console buffer.
QWORD dataOut[28]; // [0x220]
PVOID fn[32]; // [0x300] used by shellcode to store function pointers.
QWORD fn[32]; // [0x300] used by shellcode to store function pointers.
CHAR dataInStr[MAX_PATH]; // [0x400] string in-data
CHAR ReservedFutureUse2[252];
CHAR dataOutStr[MAX_PATH]; // [0x600] string out-data
Expand All @@ -220,7 +227,7 @@ typedef struct tdKMDHANDLE {
typedef struct tdVFS_CONTEXT {
BOOL fInitialized;
WCHAR wchMountPoint;
BOOL(*pfnDokanUnmount)(WCHAR DriveLetter);
BOOL(WINAPI *pfnDokanUnmount)(WCHAR DriveLetter);
} VFS_CONTEXT, *PVFS_CONTEXT;

#define PCILEECH_CONTEXT_MAGIC 0xfeefd00d
Expand Down
Loading

0 comments on commit dc91939

Please sign in to comment.