From dc91939d37f81ec8b761039e728e70e014c9224f Mon Sep 17 00:00:00 2001 From: ufrisk Date: Sat, 25 Sep 2021 20:58:28 +0200 Subject: [PATCH] Version 4.12 --- .gitignore | 1 + includes/leechcore.h | 10 +++-- includes/lib32/leechcore.lib | Bin 0 -> 5360 bytes includes/lib32/vmm.lib | Bin 0 -> 22060 bytes includes/lib64/leechcore.lib | Bin 5268 -> 5268 bytes includes/lib64/vmm.lib | Bin 21642 -> 21642 bytes includes/vmmdll.h | 24 +++++++----- pcileech.sln | 25 ++++++------ pcileech/Makefile | 4 ++ pcileech/executor.c | 12 +++--- pcileech/memdump.c | 2 +- pcileech/oscompatibility.h | 9 +++-- pcileech/pcileech.c | 4 +- pcileech/pcileech.h | 17 ++++++--- pcileech/pcileech.vcxproj | 67 +++++++++++++++++++++++++++------ pcileech/pcileech.vcxproj.user | 15 ++++++++ pcileech/statistics.c | 2 +- pcileech/umd.c | 4 +- pcileech/version.h | 4 +- pcileech/vfs.c | 18 ++++----- readme.md | 3 ++ 21 files changed, 152 insertions(+), 69 deletions(-) create mode 100644 includes/lib32/leechcore.lib create mode 100644 includes/lib32/vmm.lib diff --git a/.gitignore b/.gitignore index 0d30033..2541a1d 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ /files/pcileech /files/lib /files/temp +/files/x86/lib /files/USB3380Flash /files/USB3380Flash_installer *.bin diff --git a/includes/leechcore.h b/includes/leechcore.h index 29ce7f7..c9da083 100644 --- a/includes/leechcore.h +++ b/includes/leechcore.h @@ -14,7 +14,7 @@ // (c) Ulf Frisk, 2020-2021 // Author: Ulf Frisk, pcileech@frizk.net // -// Header Version: 2.7 +// Header Version: 2.8 // #ifndef __LEECHCORE_H__ @@ -41,7 +41,8 @@ typedef unsigned __int64 QWORD, *PQWORD; #define EXPORTED_FUNCTION __attribute__((visibility("default"))) typedef void VOID, *PVOID, *HANDLE, **PHANDLE, *HMODULE; typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64; -typedef uint64_t SIZE_T, *PSIZE_T, FILETIME, *PFILETIME; +typedef size_t SIZE_T, *PSIZE_T; +typedef uint64_t FILETIME, *PFILETIME; typedef uint32_t DWORD, *PDWORD, *LPDWORD, BOOL, *PBOOL, NTSTATUS; typedef uint16_t WORD, *PWORD; typedef uint8_t BYTE, *PBYTE, *LPBYTE, UCHAR; @@ -169,7 +170,10 @@ typedef struct tdMEM_SCATTER { DWORD version; // MEM_SCATTER_VERSION BOOL f; // TRUE = success data in pb, FALSE = fail or not yet read. QWORD qwA; // address of memory to read - PBYTE pb; // buffer to hold memory contents + union { + PBYTE pb; // buffer to hold memory contents + QWORD _Filler; + }; DWORD cb; // size of buffer to hold memory contents. DWORD iStack; // internal stack pointer QWORD vStack[MEM_SCATTER_STACK_SIZE]; // internal stack diff --git a/includes/lib32/leechcore.lib b/includes/lib32/leechcore.lib new file mode 100644 index 0000000000000000000000000000000000000000..7b390f27189f9adf8fde0a7a966fd2d2b5e79ae6 GIT binary patch literal 5360 zcmcIoO>A355FXntO`Z5BcAC$R7OCqdqwWX*QE;76NCO}WA7&J~hCEV`bV&Cu zr;FGkMe;OESAhl!LZdgQE?l; z*}%F-6w6g<595rj?=Gz`?u7m;h_W)c%TE%EgqU>@2 zAcl0a3nQ@`U>$X}5Wr#7y@qWB`MW5;h?K`Mm{1@9UC;?p*a0C3Lj=0v0SLk#=z(6? z4Sv`OyPyL+;B8UU=i-a1b2_{gy&oM+oS+r!!s+V0b;oSxY^1TNe<=Yk`Fr!@ZE&Dw z$1V~;L&z&x$x1PfobsPCrIo4VOwlCZo8${A-Egyu9Az2b61ZjrIS)7uZ^xUn&yg3T zqY;?a0Z9T1TRRFHIvNhEp;wJX%Y2lM?UfQ|C1){#bdLy;+ifAnZE}ZMx7$#@Sj2Sj zZ#REpSd<25{hG%IZ-yuT2zl`S$B4zpGn6-9UOYcA!&rcEe0f(eyiG#*#84rx*Ytsy z=)zLV}KoGD5V+c2|^z% zFGkV@qf)Mx&(-=L%MSKysmy8Ct^Q)Zst=?I08O?f1b84(@iF`o#Ax8yPZlP9!tx_!8e zriJ8|?RHGIn-6Y(uy^G<1Yk$)ZnsS$Eg?)r4oQ(FKT@Q{g`D)h6%22;*}kpV^kIbF z&ip0PS3iBZP?&0-*I!y&BN)nJcwwv8mvU^dW$#b8;7v{LTPHk^6ED_~Q?>=~hZ}c( zBRsDYZ=_wk_y`Yf$)4{$e_(wt;`taJyUE+MV?5!+S>EGa-G?|kI1c|7YZoc*MEdpB zufBf}k#=$UOsr1M#PvC;0p4-)uaD*t;3FUEH;c z<>Hq|Zuk96e(7geqH1gtDdA$#Xm#Y?K}71bkd$(?UBqKfJFdO*_R1kd>{1ZbI#-2N zxE4Go;ez_a9Cs7`11pv^7XSbN literal 0 HcmV?d00001 diff --git a/includes/lib32/vmm.lib b/includes/lib32/vmm.lib new file mode 100644 index 0000000000000000000000000000000000000000..0d5e9565aa19a0dbb2caa08c60f77b558d8b533e GIT binary patch literal 22060 zcmdU1dvKM-6+b)_j1*Bp0TBa41%Ut|4*~)6CLuS;CHE#MK4ReBkX!P=n*<5{!@kDp z^kHWl2d!G#;?!}Rwxexr|7f*p#i}hR+VM3iM{j+q1{#*W9F20l$uPSoCUY7>|4*)E_7GUWv zfWrF#Rul@l15>1BAGx%y6o9B`vP;W1132_Jrbv+wTxz}=fGF}^ms)-cK-4e-y$os9TtVN*6scmmpl@S}RE~8eT3zeX zs?Sgksl3~zwbueT^fabO75{Om6!{LlfGJYRPC>^pMOsrJ=q^l=igpV+f+Qtcj>>Zamvq=vYlCox4@pAhsarbzYJh7Muf z>X9~92)Z9rq}Y2d#jgf%=pd#@ZD@x>h}VV`n=AXl&DepnqEsK^j_$!oYH+AMpi*V)a+`QL z%+}?qdk3~ybPAR(-&vJN)TerbZ6~UsxO^!~tzLy#$OMRv4nTX4Q<99^1M?ag~p(pXA;`AT0jo$O8yZSA2N z1eZT75MZlvP9vBV5!p(vBb6R1iuQ~!x_vAmA5A4_1q`V5a+MS=yfhP9y8436hQb#jpeo3&oQKfGgL{dc`x#!-Ti@z`x&}sY7lH)i@ap&W!eXm>A~RIA|ND> zDPgg|DPhc3u264%4?C%~(_jL`W27=3@ zMMj{q+}Kb$)xRxZX+}vyn{)(I<|?NY=|Y)w1lxnv!L>^aU0!SxW2sdNd=f?tB+m}- zlQ2pX2KwD;?4jWFQ1H4?CLQ)l_;he>;4TlG0B#|Vt;)qmb|hnF z=mu-5IJ$IAPpUW3+TA^91Uf_^O+b{TQ!Ad=dK;3vss^{FQh^#8?C??AaxY4|8N;;K zE(X}O6yUx>jMJ_FxC7~7T{^5{~)is6yODwg4kZ!tg~<`-f52h`EF65uhUo9X~gBJDx!shGwa0G>ojtOs}%X;(e!L#o&a za6i&}F>C{jV;)2*z*ylPq{*1K8>zA#btCOTdv;V~dtlmz_PmbYE3ge7z_vae&VW3a z2&chhSOw*<4laiZSPg5S7)qcBR>H+_30w*bVJQ^CVpsxep%lts5nKiPijNste7 z;Uc&Y=D>WI2ko#4I^asU0t#ROR6`9^LKQSXBhwBdgL=>1X9d9e{9ys z@||9kTrmDAjxKgDTBsFr*<8wiwB!Bid3K*#mvc9Jc`(5(D-&Do0i!&M>B`(_f{|xv zbs_`0m=^#DWLrv8}>V{@hD$%iW{d8(Y@WXKhR z3#oHaXBt6XY+jEDb1FpiUbGh{!A9GivFD3z>*WD@FNQ0ct_5Hk6@BIQD5GPL7hnbAfrD6BRajS~=|`qA+|X4d?X3mdSnw zQFV}~H}}kE=9AIB^-AE=DbcajYe~WIpCyc1`yZVJKd)un+Ikn4O z*ZVMUJC!F9@bMMHIMFJW=Y42cnh#>(kn#S@=b%4gXWB|yBXdj)L7=%2J`T$8Rg8&}fne8QDVgz3#8Sq7*CFpNxN2mK_FIsoLu0W_vMr^h*TdCDcWx~Dbs-Ci^n+NG zLA@NdoHU#~+tm;Pl79+z;3uhMiJUb3k z$#CxybT3aUFId5*71_b|O!7P~-Z5T$Ow;f`V-738u!B%|JPA!-zZiL3z^` z43;z{7#%^MQL{ieX#VK7jW7MjjC>1z_WJ{BFvF`7we$Iv9Jt?sWLk*q_ls=e-vXkO zS(xbU^}@EWIE*`DJP|+R3KPjK!`lil0_lD*Bnm&2 zKSWvy)2a(oiLRlp0*r>bpXr!9h4h;EJpt27SpJBR!)U7eA)L>Vq#Wf|LjEJ;F`bI> zO!`a`MqLW$PMd_kNf&*lVx029;d7c(ThjxB1KmUU3)>duM;co&9Bh83U=|f51%N?P z`Zf*!p5}ZL2vE6opl=7(@xkG7Qs2lJ56gd7{^^5GrKoEB$VfOW z^~X0dR?1u&8NZM}L`owg=RH1}zPu1CU_FzCZm}}?R^6RT`zOBs_8|mtJC<*;40FjF z2{im@F8M#cxl}CkN$!CBA<~?+>}XnZ7J}Z0t!BJX4%?E&;tnZ4pWgb@M2w94-i?pF zah_w`S5uXtt7Q#5wYHu0PYrR>D8V~4}K^Pyv}5Y{;?mNG0f7PH?ixo_`3Xumtx#G)vw zG%F{4_Q$LK@gDWrbOuWVX2*=jwPVx$cO9m7oWbDHO|}FJ-Hyzf8J~CX4Z=E)#Tt8` zm8>-P)$ja$&5?PCb-sxu1J260@IA*Me&gIJ#|d$!9Z{JW9#I|ze7@1k*QftA7ZGQf zh$3n}*52b*&5uWJc!^fc*(RDEVn3C3Wp;@(Bj5Ria4*P)o8#8~`n0=`Q|r!QaOp-s znHhF&lrVkS^3=+Y3GG4)nldgd8s}9vR6lxvyz03ontP)m2Ttg5%B?X+FFWx!n)es6 zXk%|j4(rYv>rW6?K8tkb&C-s0A>*(ct4oK}|kI*$Gi zyCh)v9%C#!XLaj`WZ428k)n}f-w~M8as8t+57C*mz{K$#?ZUPpH!l8p)sxN`yx2r? zZp38sg~j5|K8Jo*aftTtOH3?z$0p&z_ZG84#_|vSm1gs$I-a_=8#`KwxwGz_G4u`v zW)|vbPORP=9O3O^Mq#S{CTA2b@*&B~MQKv#{$h6SGjIOg=QO`A({c3cN(mU+GH$iM z{_OZMTJ0Beh|UeDgbQsS(_^vyH$Srg(U$0F!8=t68QMZ_z7@^7?F(9mmztQ)t8@t# z+CJu7wev?Gy-4$|(2u2G{7Sg+wlU+f@uw@Epw)4ij_2GZOQ6tpG4uNCADnodJfG!$ z9PhqZyPcM>q3z>5y?d|u=DUQuA{(ySPQ&9e=YuPbw>*0Z;uf*E{yTJOZrD~XWqR|x zcklgV38JpdhAM95$BJFTSiJU)&z>iXi&<>{J%27yn?Jk#5TTZ2K~>!www<|A^~j8M zuhOV0Wl??443t9{epE5DXvd#AjuCEIHe6+HcwEM}DTD6k3lMh|i!0wlC}TsnF@yQ% zf4_H_Fv~MyDnmnKGP~z%vkKm&-E*}M(|FY(hi~YXEoIjGhwl6E(?y85CV+?!8^}ZT zUVu0cMaGWI+!>u%`squTA#z0)WcP`Ogbv%vr3`Y{`Oh3CO@Eozsmo1d^_oWOKz<j8AxL>tCKHFTUDDQ%h1#kp6h&HV3K3L{bY;XrvM*PCIX; z?9GeOrdkt8{||`9+>+cV{Umb7V>C+ZvY;wsLyuBsJ(#%ktC#W-wVp?H9&Jf8L*p^4 z{GVnWI83YjdOMynFm!JgGb8lw?GHRlBeX$Bq!m8LBlMLS<^Lt5Mic2&Y-0B3Ilnyi zJjFXU=t$!I+gSU{dsyR(4ex&X{ErE#i9u3Eg&rARGxsO!a>)brNl%{7T@F^If>5VwHz^w5u3R< w7S))1pNj*?;^LH^%*-9j>O42=^8LxWT=GDD(v#n+JvmkTI}6Lk<^Lup=(Ip3 qIdyrUl7_mmtaH;gUAQ?pQAd7qnwIqBv$};~RXU7YH|OZdsQ~~=xg^j4 delta 98 zcmeBL$=J1$af6cc~${(~_QiR<{tWN{2CGbB>;z8UW*pB5VKv diff --git a/includes/vmmdll.h b/includes/vmmdll.h index 183f954..cfac4f0 100644 --- a/includes/vmmdll.h +++ b/includes/vmmdll.h @@ -7,7 +7,7 @@ // (c) Ulf Frisk, 2018-2021 // Author: Ulf Frisk, pcileech@frizk.net // -// Header Version: 4.2 +// Header Version: 4.3 // #include "leechcore.h" @@ -34,7 +34,8 @@ typedef unsigned __int64 QWORD, *PQWORD; #define EXPORTED_FUNCTION __attribute__((visibility("default"))) typedef void VOID, *PVOID, *HANDLE, **PHANDLE, *HMODULE; typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64; -typedef uint64_t SIZE_T, *PSIZE_T, FILETIME, *PFILETIME; +typedef size_t SIZE_T, *PSIZE_T; +typedef uint64_t FILETIME, *PFILETIME; typedef uint32_t DWORD, *PDWORD, *LPDWORD, BOOL, *PBOOL, NTSTATUS; typedef uint16_t WORD, *PWORD; typedef uint8_t BYTE, *PBYTE, *LPBYTE, UCHAR; @@ -343,7 +344,10 @@ typedef struct tdVMMDLL_VFS_FILELISTBLOB { DWORD cbStruct; DWORD cFileEntry; DWORD cbMultiText; - LPSTR uszMultiText; + union { + LPSTR uszMultiText; + QWORD _Reserved; + }; DWORD _FutureUse[8]; VMMDLL_VFS_FILELISTBLOB_ENTRY FileEntry[0]; } VMMDLL_VFS_FILELISTBLOB, *PVMMDLL_VFS_FILELISTBLOB; @@ -892,7 +896,7 @@ typedef struct tdVMMDLL_MAP_HANDLEENTRY { DWORD dwPID; DWORD dwPoolTag; DWORD _FutureUse[5]; - union { LPSTR uszType; LPWSTR wszType; }; // U/W dependant + union { LPSTR uszType; LPWSTR wszType; QWORD _Pad1; }; // U/W dependant } VMMDLL_MAP_HANDLEENTRY, *PVMMDLL_MAP_HANDLEENTRY; typedef struct tdVMMDLL_MAP_NETENTRY { @@ -940,12 +944,12 @@ typedef struct tdVMMDLL_MAP_SERVICEENTRY { DWORD dwOrdinal; DWORD dwStartType; SERVICE_STATUS ServiceStatus; - union { LPSTR uszServiceName; LPWSTR wszServiceName; };// U/W dependant - union { LPSTR uszDisplayName; LPWSTR wszDisplayName; };// U/W dependant - union { LPSTR uszPath; LPWSTR wszPath; }; // U/W dependant - union { LPSTR uszUserTp; LPWSTR wszUserTp; }; // U/W dependant - union { LPSTR uszUserAcct; LPWSTR wszUserAcct; }; // U/W dependant - union { LPSTR uszImagePath; LPWSTR wszImagePath; }; // U/W dependant + union { LPSTR uszServiceName; LPWSTR wszServiceName; QWORD _Reserved1; }; // U/W dependant + union { LPSTR uszDisplayName; LPWSTR wszDisplayName; QWORD _Reserved2; }; // U/W dependant + union { LPSTR uszPath; LPWSTR wszPath; QWORD _Reserved3; }; // U/W dependant + union { LPSTR uszUserTp; LPWSTR wszUserTp; QWORD _Reserved4; }; // U/W dependant + union { LPSTR uszUserAcct; LPWSTR wszUserAcct; QWORD _Reserved5; }; // U/W dependant + union { LPSTR uszImagePath; LPWSTR wszImagePath; QWORD _Reserved6; }; // U/W dependant DWORD dwPID; DWORD _FutureUse1; QWORD _FutureUse2; diff --git a/pcileech.sln b/pcileech.sln index ba531ef..f84d133 100644 --- a/pcileech.sln +++ b/pcileech.sln @@ -45,32 +45,33 @@ Global GlobalSection(ProjectConfigurationPlatforms) = postSolution {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x64.ActiveCfg = Debug|x64 {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x64.Build.0 = Debug|x64 - {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x86.ActiveCfg = Debug|x64 + {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x86.ActiveCfg = Debug|Win32 + {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Debug|x86.Build.0 = Debug|Win32 {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x64.ActiveCfg = Release|x64 {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x64.Build.0 = Release|x64 - {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x86.ActiveCfg = Release|x64 - {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x64.ActiveCfg = ReleaseMT|x64 - {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x64.Build.0 = ReleaseMT|x64 - {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x86.ActiveCfg = ReleaseMT|x64 + {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x86.ActiveCfg = Release|Win32 + {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.Release|x86.Build.0 = Release|Win32 + {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x64.ActiveCfg = Release|x64 + {DFFA1B4C-279B-4356-ADB1-08A6F4795931}.ReleaseMT|x86.ActiveCfg = Debug|x64 {5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Debug|x64.ActiveCfg = Release|x64 {5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Debug|x86.ActiveCfg = Release|x64 - {5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Debug|x86.Build.0 = Release|x64 {5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Release|x64.ActiveCfg = Release|x64 {5C698F13-6E9F-46F3-95FC-55376A65D8BF}.Release|x86.ActiveCfg = Release|x64 {5C698F13-6E9F-46F3-95FC-55376A65D8BF}.ReleaseMT|x64.ActiveCfg = Release|x64 {5C698F13-6E9F-46F3-95FC-55376A65D8BF}.ReleaseMT|x86.ActiveCfg = Release|x64 - {5C698F13-6E9F-46F3-95FC-55376A65D8BF}.ReleaseMT|x86.Build.0 = Release|x64 {E11BECC1-685F-41B9-A352-A6127FAB3758}.Debug|x64.ActiveCfg = Debug|x64 {E11BECC1-685F-41B9-A352-A6127FAB3758}.Debug|x86.ActiveCfg = Debug|x64 {E11BECC1-685F-41B9-A352-A6127FAB3758}.Release|x64.ActiveCfg = Release|x64 {E11BECC1-685F-41B9-A352-A6127FAB3758}.Release|x86.ActiveCfg = Release|x64 {E11BECC1-685F-41B9-A352-A6127FAB3758}.ReleaseMT|x64.ActiveCfg = ReleaseMT|x64 + {E11BECC1-685F-41B9-A352-A6127FAB3758}.ReleaseMT|x64.Build.0 = ReleaseMT|x64 {E11BECC1-685F-41B9-A352-A6127FAB3758}.ReleaseMT|x86.ActiveCfg = ReleaseMT|x64 {F2F4AA4A-BEFE-4738-9412-820007919334}.Debug|x64.ActiveCfg = Debug|x64 {F2F4AA4A-BEFE-4738-9412-820007919334}.Debug|x86.ActiveCfg = Debug|x64 {F2F4AA4A-BEFE-4738-9412-820007919334}.Release|x64.ActiveCfg = Release|x64 {F2F4AA4A-BEFE-4738-9412-820007919334}.Release|x86.ActiveCfg = Release|x64 {F2F4AA4A-BEFE-4738-9412-820007919334}.ReleaseMT|x64.ActiveCfg = ReleaseMT|x64 + {F2F4AA4A-BEFE-4738-9412-820007919334}.ReleaseMT|x64.Build.0 = ReleaseMT|x64 {F2F4AA4A-BEFE-4738-9412-820007919334}.ReleaseMT|x86.ActiveCfg = ReleaseMT|x64 {3476ABD2-5DEA-43E6-A676-8BE25F74535A}.Debug|x64.ActiveCfg = Debug|x64 {3476ABD2-5DEA-43E6-A676-8BE25F74535A}.Debug|x64.Build.0 = Debug|x64 @@ -81,19 +82,17 @@ Global {3476ABD2-5DEA-43E6-A676-8BE25F74535A}.Release|x86.ActiveCfg = Release|Win32 {3476ABD2-5DEA-43E6-A676-8BE25F74535A}.Release|x86.Build.0 = Release|Win32 {3476ABD2-5DEA-43E6-A676-8BE25F74535A}.ReleaseMT|x64.ActiveCfg = Release|x64 - {3476ABD2-5DEA-43E6-A676-8BE25F74535A}.ReleaseMT|x64.Build.0 = Release|x64 {3476ABD2-5DEA-43E6-A676-8BE25F74535A}.ReleaseMT|x86.ActiveCfg = Release|Win32 - {3476ABD2-5DEA-43E6-A676-8BE25F74535A}.ReleaseMT|x86.Build.0 = Release|Win32 {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x64.ActiveCfg = Debug|x64 {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x64.Build.0 = Debug|x64 - {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x86.ActiveCfg = Debug|x64 + {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x86.ActiveCfg = Debug|Win32 + {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Debug|x86.Build.0 = Debug|Win32 {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x64.ActiveCfg = Release|x64 {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x64.Build.0 = Release|x64 - {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x86.ActiveCfg = Release|x64 + {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x86.ActiveCfg = Release|Win32 + {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.Release|x86.Build.0 = Release|Win32 {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.ReleaseMT|x64.ActiveCfg = Release|x64 - {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.ReleaseMT|x64.Build.0 = Release|x64 {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.ReleaseMT|x86.ActiveCfg = Release|x64 - {6326FCE0-1BA5-4AEC-9973-7783309FFD6B}.ReleaseMT|x86.Build.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/pcileech/Makefile b/pcileech/Makefile index 8e6d36f..8e2ccf5 100644 --- a/pcileech/Makefile +++ b/pcileech/Makefile @@ -1,5 +1,9 @@ CC=gcc CFLAGS +=-I. -I../includes -D LINUX -L. -l:leechcore.so -l:vmm.so -pthread +#CFLAGS += -g -O0 +CFLAGS += -fPIE -pie -fstack-protector -D_FORTIFY_SOURCE=2 -O1 -Wl,-z,noexecstack +CFLAGS += -Wall -Wno-format-truncation -Wno-enum-compare -Wno-pointer-sign -Wno-multichar -Wno-unused-variable -Wno-unused-value +CFLAGS += -Wno-pointer-to-int-cast -Wno-int-to-pointer-cast LDFLAGS +=-Wl,-rpath,'$$ORIGIN' -ldl DEPS = pcileech.h OBJ = oscompatibility.o device.o pcileech.o executor.o extra.o help.o kmd.o memdump.o mempatch.o statistics.o umd.o util.o vfs.o vmmx.o diff --git a/pcileech/executor.c b/pcileech/executor.c index 894d30a..b9d7e2c 100644 --- a/pcileech/executor.c +++ b/pcileech/executor.c @@ -51,7 +51,7 @@ typedef struct tdEXEC_HANDLE { // input buffer to targeted console (outgoing info) // read from this console and send to targeted console -DWORD ConsoleRedirect_ThreadConsoleInput(PCONSOLEREDIR_THREADDATA pd) +DWORD WINAPI ConsoleRedirect_ThreadConsoleInput(PCONSOLEREDIR_THREADDATA pd) { DWORD cbWrite, cbModulo, cbModuloAck; while(!pd->fTerminateThread) { @@ -73,7 +73,7 @@ DWORD ConsoleRedirect_ThreadConsoleInput(PCONSOLEREDIR_THREADDATA pd) return 0; } -DWORD ConsoleRedirect_ThreadConsoleOutput(PCONSOLEREDIR_THREADDATA pd) +DWORD WINAPI ConsoleRedirect_ThreadConsoleOutput(PCONSOLEREDIR_THREADDATA pd) { while(!pd->fTerminateThread) { *(pd->pInfoIS->con.pb + (pd->pInfoIS->con.cbRead % EXEC_IO_CONSOLE_BUFFER_SIZE)) = (BYTE)getchar(); @@ -149,7 +149,7 @@ VOID Exec_Callback(_Inout_ PHANDLE phCallback) // core initialize ph = *phCallback = LocalAlloc(LMEM_ZEROINIT, sizeof(EXEC_HANDLE)); if(!ph) { return; } - ph->pbDMA = LocalAlloc(LMEM_ZEROINIT, ctxMain->pk->dataOutExtraLengthMax); + ph->pbDMA = LocalAlloc(LMEM_ZEROINIT, (SIZE_T)ctxMain->pk->dataOutExtraLengthMax); if(!ph->pbDMA) { LocalFree(ph); *phCallback = NULL; return; } ph->is.magic = EXEC_IO_MAGIC; // open output file @@ -177,7 +177,7 @@ VOID Exec_Callback(_Inout_ PHANDLE phCallback) cbLength = 0; result = DeviceReadDMA(ctxMain->pk->DMAAddrPhysical + ctxMain->pk->dataOutExtraOffset, (DWORD)SIZE_PAGE_ALIGN_4K(ctxMain->pk->dataOutExtraLength), ph->pbDMA, NULL) && - (cbLength = fwrite(ph->pbDMA, 1, ctxMain->pk->dataOutExtraLength, ph->pFileOutput)) && + (cbLength = fwrite(ph->pbDMA, 1, (SIZE_T)ctxMain->pk->dataOutExtraLength, ph->pFileOutput)) && (ctxMain->pk->dataOutExtraLength == cbLength); ph->qwFileWritten += cbLength; ph->fError = !result; @@ -227,8 +227,8 @@ BOOL Exec_ExecSilent(_In_ LPSTR szShellcodeName, _In_ PBYTE pbIn, _In_ QWORD cbI // [Y , X [ = data in (to target computer) // [X , buf_max [ = data out (from target computer) //------------------------------------------------ - memcpy(pbBuffer, pKmdExec->pbShellcode, pKmdExec->cbShellcode); - memcpy(pbBuffer + SIZE_PAGE_ALIGN_4K(pKmdExec->cbShellcode), pbIn, cbIn); + memcpy(pbBuffer, pKmdExec->pbShellcode, (SIZE_T)pKmdExec->cbShellcode); + memcpy(pbBuffer + SIZE_PAGE_ALIGN_4K(pKmdExec->cbShellcode), pbIn, (SIZE_T)cbIn); result = DeviceWriteDMA_Retry(ctxMain->hLC, pk->DMAAddrPhysical, cbBuffer, pbBuffer); if(!result) { goto fail; } pk->dataInExtraOffset = SIZE_PAGE_ALIGN_4K(pKmdExec->cbShellcode); diff --git a/pcileech/memdump.c b/pcileech/memdump.c index 3d2da81..e3d1e6b 100644 --- a/pcileech/memdump.c +++ b/pcileech/memdump.c @@ -55,7 +55,7 @@ VOID MemoryDump_SetOutFileName() } } -DWORD MemoryDump_File_ThreadProc(_In_ PMEMDUMP_FILEWRITE ctx) +DWORD WINAPI MemoryDump_File_ThreadProc(_In_ PMEMDUMP_FILEWRITE ctx) { PMEMDUMP_FILEWRITE_DATA pd; while(ctx->fValid) { diff --git a/pcileech/oscompatibility.h b/pcileech/oscompatibility.h index f750364..eb2e296 100644 --- a/pcileech/oscompatibility.h +++ b/pcileech/oscompatibility.h @@ -55,7 +55,7 @@ typedef uint16_t WCHAR, *PWCHAR, *LPWSTR, *LPCWSTR; typedef uint32_t DWORD, *PDWORD, ULONG, *PULONG; typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64; typedef uint64_t LARGE_INTEGER, *PLARGE_INTEGER, FILETIME; -typedef uint64_t SIZE_T, *PSIZE_T; +typedef size_t SIZE_T, *PSIZE_T; typedef void *OVERLAPPED, *LPOVERLAPPED; typedef struct tdEXCEPTION_RECORD32 { CHAR sz[80]; } EXCEPTION_RECORD32; typedef struct tdEXCEPTION_RECORD64 { CHAR sz[152]; } EXCEPTION_RECORD64; @@ -99,6 +99,7 @@ typedef struct tdEXCEPTION_RECORD64 { CHAR sz[152]; } EXCEPTION_RECORD64 #define _Out_writes_bytes_(x) #define _Out_writes_opt_(x) //#define _Success_(return) +#define WINAPI #define max(a, b) (((a) > (b)) ? (a) : (b)) #define min(a, b) (((a) < (b)) ? (a) : (b)) @@ -121,13 +122,13 @@ typedef struct tdEXCEPTION_RECORD64 { CHAR sz[152]; } EXCEPTION_RECORD64 #define ExitThread(dwExitCode) (pthread_exit(dwExitCode)) #define ExitProcess(c) (exit(c ? EXIT_SUCCESS : EXIT_FAILURE)) #define Sleep(dwMilliseconds) (usleep(1000*dwMilliseconds)) -#define fopen_s(ppFile, szFile, szAttr) ((*ppFile = fopen(szFile, szAttr)) ? 0 : 1) +#define fopen_s(ppFile, szFile, szAttr) ((*ppFile = fopen64(szFile, szAttr)) ? 0 : 1) #define GetModuleFileNameA(m, f, l) (readlink("/proc/self/exe", f, l)) #define ZeroMemory(pb, cb) (memset(pb, 0, cb)) #define WinUsb_SetPipePolicy(h, p, t, cb, pb) // TODO: implement this for better USB2 performance. #define CloseHandle(h) // TODO: remove this dummy implementation & replace with WARN. -#define _ftelli64(f) (ftello(f)) -#define _fseeki64(f, o, w) (fseeko(f, o, w)) +#define _ftelli64(f) (ftello64(f)) +#define _fseeki64(f, o, w) (fseeko64(f, o, w)) #define _chsize_s(fd, cb) (ftruncate64(fd, cb)) #define _fileno(f) (fileno(f)) #define InterlockedAdd64(p, v) (__sync_fetch_and_add(p, v)) diff --git a/pcileech/pcileech.c b/pcileech/pcileech.c index 9e8503b..0f0e45c 100644 --- a/pcileech/pcileech.c +++ b/pcileech/pcileech.c @@ -167,7 +167,7 @@ BOOL PCILeechConfigIntialize(_In_ DWORD argc, _In_ char* argv[]) } } else if(0 == strcmp(argv[i], "-in")) { ctxMain->cfg.cbIn = max(0x40000, 0x1000 + Util_GetFileSize(argv[i + 1])); - ctxMain->cfg.pbIn = LocalAlloc(LMEM_ZEROINIT, ctxMain->cfg.cbIn); + ctxMain->cfg.pbIn = LocalAlloc(LMEM_ZEROINIT, (SIZE_T)ctxMain->cfg.cbIn); if(!ctxMain->cfg.pbIn) { return FALSE; } if(!Util_ParseHexFileBuiltin(argv[i + 1], ctxMain->cfg.pbIn, (DWORD)ctxMain->cfg.cbIn, (PDWORD)&ctxMain->cfg.cbIn)) { return FALSE; } } else if(0 == strcmp(argv[i], "-s")) { @@ -242,7 +242,7 @@ VOID PCILeechFreeContext() * Call the free context functionality in a separate thread (in case it gets stuck). * -- pv */ -VOID PCILeechCtrlHandler_TryShutdownThread(PVOID pv) +VOID WINAPI PCILeechCtrlHandler_TryShutdownThread(PVOID pv) { __try { PCILeechFreeContext(); diff --git a/pcileech/pcileech.h b/pcileech/pcileech.h index e379602..b08da36 100644 --- a/pcileech/pcileech.h +++ b/pcileech/pcileech.h @@ -13,6 +13,7 @@ typedef unsigned __int64 QWORD, *PQWORD; #endif /* _WIN32 */ #ifdef LINUX +#define WINAPI typedef uint16_t WORD, *PWORD, USHORT, *PUSHORT; typedef long long unsigned int QWORD, *PQWORD, ULONG64, *PULONG64; #endif /* LINUX */ @@ -138,10 +139,16 @@ typedef struct tdKmdExec { DWORD dwMagic; BYTE pbChecksumSHA256[32]; QWORD qwVersion; - LPSTR szOutFormatPrintf; + union { + LPSTR szOutFormatPrintf; + QWORD _Filler2; + }; QWORD cbShellcode; - PBYTE pbShellcode; - QWORD filler[4]; + union { + PBYTE pbShellcode; + QWORD _Filler3; + }; + QWORD _Filler4[4]; } KMDEXEC, *PKMDEXEC; #pragma pack(pop) /* RE-ENABLE STRUCT PADDINGS */ @@ -195,7 +202,7 @@ typedef struct tdKMDDATA { QWORD dataOutExtraLengthMax; // [0x210] maximum length of extra out-data. QWORD dataOutConsoleBuffer; // [0x218] physical address of 1-page console buffer. QWORD dataOut[28]; // [0x220] - PVOID fn[32]; // [0x300] used by shellcode to store function pointers. + QWORD fn[32]; // [0x300] used by shellcode to store function pointers. CHAR dataInStr[MAX_PATH]; // [0x400] string in-data CHAR ReservedFutureUse2[252]; CHAR dataOutStr[MAX_PATH]; // [0x600] string out-data @@ -220,7 +227,7 @@ typedef struct tdKMDHANDLE { typedef struct tdVFS_CONTEXT { BOOL fInitialized; WCHAR wchMountPoint; - BOOL(*pfnDokanUnmount)(WCHAR DriveLetter); + BOOL(WINAPI *pfnDokanUnmount)(WCHAR DriveLetter); } VFS_CONTEXT, *PVFS_CONTEXT; #define PCILEECH_CONTEXT_MAGIC 0xfeefd00d diff --git a/pcileech/pcileech.vcxproj b/pcileech/pcileech.vcxproj index 74f1e30..d833549 100644 --- a/pcileech/pcileech.vcxproj +++ b/pcileech/pcileech.vcxproj @@ -1,13 +1,17 @@  + + Debug + Win32 + Debug x64 - - ReleaseMT - x64 + + Release + Win32 Release @@ -72,6 +76,13 @@ Unicode false + + Application + true + v142 + Unicode + false + Application false @@ -80,7 +91,7 @@ Unicode false - + Application false v142 @@ -96,10 +107,13 @@ + + + - + @@ -109,11 +123,11 @@ $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)includes; $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(SolutionDir)includes\lib64; - - $(SolutionDir)\files\ - $(SolutionDir)\files\temp\$(ProjectName)\ + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)includes; - $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(SolutionDir)includes\lib64; + $(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);$(SolutionDir)includes\lib32; + $(SolutionDir)files\$(PlatformShortName)\ + $(SolutionDir)files\temp\$(ProjectName)\$(PlatformShortName)\ $(SolutionDir)\files\ @@ -123,6 +137,13 @@ $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)includes; $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(SolutionDir)includes\lib64; + + + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)includes; + $(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);$(SolutionDir)includes\lib32; + $(SolutionDir)files\$(PlatformShortName)\ + $(SolutionDir)files\temp\$(ProjectName)\$(PlatformShortName)\ + Level3 @@ -148,6 +169,31 @@ + + + Level3 + Disabled + true + /D WIN32 %(AdditionalOptions) + CompileAsC + + + + + Debug + leechcore.lib;vmm.lib;%(AdditionalDependencies) + $(OutDir)\lib\$(TargetName).pdb + Console + + + + + + + + + + Level3 @@ -180,7 +226,7 @@ - + Level3 MaxSpeed @@ -190,7 +236,6 @@ /D WIN32 %(AdditionalOptions) CompileAsC - MultiThreaded true diff --git a/pcileech/pcileech.vcxproj.user b/pcileech/pcileech.vcxproj.user index 71b854e..1ab3c0a 100644 --- a/pcileech/pcileech.vcxproj.user +++ b/pcileech/pcileech.vcxproj.user @@ -7,6 +7,13 @@ WindowsLocalDebugger -device pmem -remote rpc://frizk@ad.frizk.net:localhost display -min 0x1000 + + \\ad.frizk.net\data\dev-pcileech\bin\pcileech.exe + \\ad.frizk.net\data\dev-pcileech\bin\ + WORKSTATION.ad.frizk.net + WindowsLocalDebugger + -device pmem -remote rpc://frizk@ad.frizk.net:localhost display -min 0x1000 + WindowsRemoteDebugger wx64_pscmd -kmd 0x7ffff000 -device rawudp://10.9.0.175 -v -vv @@ -15,4 +22,12 @@ \\ad.frizk.net\data\dev-pcileech\bin\ WORKSTATION.ad.frizk.net + + WindowsRemoteDebugger + wx64_pscmd -kmd 0x7ffff000 -device rawudp://10.9.0.175 -v -vv + \\ad.frizk.net\data\dev-pcileech\bin\pcileech.exe + pcileech -device fpga -v -vv -vvv -min 0x1000 display + \\ad.frizk.net\data\dev-pcileech\bin\ + WORKSTATION.ad.frizk.net + \ No newline at end of file diff --git a/pcileech/statistics.c b/pcileech/statistics.c index 1968257..06d5243 100644 --- a/pcileech/statistics.c +++ b/pcileech/statistics.c @@ -106,7 +106,7 @@ VOID _PageStatShowUpdate(_Inout_ PPAGE_STATISTICS ps) ps->i.fIsFirstPrintCompleted = TRUE; } -VOID _PageStatThreadLoop(_In_ PPAGE_STATISTICS ps) +VOID WINAPI _PageStatThreadLoop(_In_ PPAGE_STATISTICS ps) { while(!ps->i.fThreadExit) { Sleep(100); diff --git a/pcileech/umd.c b/pcileech/umd.c index eb82fcd..4369256 100644 --- a/pcileech/umd.c +++ b/pcileech/umd.c @@ -25,7 +25,7 @@ VOID Action_UmdPsList() PDWORD pdwPIDs = NULL; PVMMDLL_PROCESS_INFORMATION pProcInfo = NULL; // 1: Initialize MemProcFS/vmm.dll - if(!(pdwPIDs = LocalAlloc(LMEM_ZEROINIT, cPIDs * sizeof(DWORD)))) { goto fail; } + if(!(pdwPIDs = LocalAlloc(LMEM_ZEROINIT, (SIZE_T)(cPIDs * sizeof(DWORD))))) { goto fail; } if(!(pProcInfo = LocalAlloc(0, sizeof(VMMDLL_PROCESS_INFORMATION)))) { goto fail; } if(!Vmmx_Initialize(FALSE, FALSE)) { printf("UMD: Failed initializing required MemProcFS/vmm.dll\n"); @@ -35,7 +35,7 @@ VOID Action_UmdPsList() if(!VMMDLL_PidList(pdwPIDs, &cPIDs)) { printf("UMD: Failed list PIDs.\n"); } else { - qsort(pdwPIDs, cPIDs, sizeof(DWORD), UmdCompare32); + qsort(pdwPIDs, (SIZE_T)cPIDs, sizeof(DWORD), UmdCompare32); for(i = 0; i < cPIDs; i++) { ZeroMemory(pProcInfo, sizeof(VMMDLL_PROCESS_INFORMATION)); pProcInfo->magic = VMMDLL_PROCESS_INFORMATION_MAGIC; diff --git a/pcileech/version.h b/pcileech/version.h index 8551f88..a3bfd48 100644 --- a/pcileech/version.h +++ b/pcileech/version.h @@ -2,9 +2,9 @@ #define STRINGIZE(s) STRINGIZE2(s) #define VERSION_MAJOR 4 -#define VERSION_MINOR 11 +#define VERSION_MINOR 12 #define VERSION_REVISION 0 -#define VERSION_BUILD 25 +#define VERSION_BUILD 26 #define VER_FILE_DESCRIPTION_STR "The PCILeech Direct Memory Access Attack Toolkit" #define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD diff --git a/pcileech/vfs.c b/pcileech/vfs.c index a731ecd..55f4bc5 100644 --- a/pcileech/vfs.c +++ b/pcileech/vfs.c @@ -164,9 +164,9 @@ BOOL VfsCache_DirectoryGetDirectory(_Out_ PVFS_RESULT_FILEINFO *ppfi, _Out_ PQWO continue; } *pcfi = pds->CacheDirectory[i].cfi; - *ppfi = (PVFS_RESULT_FILEINFO)LocalAlloc(0, *pcfi * sizeof(VFS_RESULT_FILEINFO)); + *ppfi = (PVFS_RESULT_FILEINFO)LocalAlloc(0, (SIZE_T)(*pcfi * sizeof(VFS_RESULT_FILEINFO))); if(!*ppfi) { goto fail; } - memcpy(*ppfi, pds->CacheDirectory[i].pfi, *pcfi * sizeof(VFS_RESULT_FILEINFO)); + memcpy(*ppfi, pds->CacheDirectory[i].pfi, (SIZE_T)(*pcfi * sizeof(VFS_RESULT_FILEINFO))); LeaveCriticalSection(&pds->LockCache); pds->Statistics.cLISTDIR.hit++; return TRUE; @@ -185,13 +185,13 @@ VOID VfsCache_DirectoryPut(_In_ LPCWSTR wcsDirectoryName, _In_ PVFS_RESULT_FILEI cd->qwExpireTickCount64 = 0; LocalFree(cd->pfi); cd->pfi = NULL; - cd->pfi = (PVFS_RESULT_FILEINFO)LocalAlloc(0, cfi * sizeof(VFS_RESULT_FILEINFO)); + cd->pfi = (PVFS_RESULT_FILEINFO)LocalAlloc(0, (SIZE_T)(cfi * sizeof(VFS_RESULT_FILEINFO))); if(!cd->pfi) { LeaveCriticalSection(&pds->LockCache); return; } cd->qwExpireTickCount64 = GetTickCount64() + qwCacheValidMs; - memcpy(cd->pfi, pfi, cfi * sizeof(VFS_RESULT_FILEINFO)); + memcpy(cd->pfi, pfi, (SIZE_T)(cfi * sizeof(VFS_RESULT_FILEINFO))); cd->cfi = cfi; wcscpy_s(cd->wszDirectoryName, MAX_PATH, wcsDirectoryName); pds->CacheDirectoryIndex = (pds->CacheDirectoryIndex + 1) % CACHE_DIRECTORY_ENTRIES; @@ -323,7 +323,7 @@ VOID VfsCache_FilePut(_In_ LPCWSTR wcsFileName, _In_ QWORD cbOffset, _In_ PBYTE pds->CacheFile[pds->CacheFileIndex].cb = cb; pds->CacheFile[pds->CacheFileIndex].cbOffset = cbOffset; wcscpy_s(pds->CacheFile[pds->CacheFileIndex].wszFileName, MAX_PATH, wcsFileName); - memcpy(pds->CacheFile[pds->CacheFileIndex].pb, pb, cb); + memcpy(pds->CacheFile[pds->CacheFileIndex].pb, pb, (SIZE_T)cb); pds->CacheFileIndex = (pds->CacheFileIndex + 1) % CACHE_FILE_ENTRIES; LeaveCriticalSection(&pds->LockCache); } @@ -526,7 +526,7 @@ VOID Vfs_StatisticsShowUpdate(_In_ PVFS_STATISTICS s) } } -VOID Vfs_StatisticsThread(_In_ PVFS_STATISTICS s) +VOID WINAPI Vfs_StatisticsThread(_In_ PVFS_STATISTICS s) { while(!s->fThreadExit) { Sleep(100); @@ -880,7 +880,7 @@ VOID ActionMount() PDOKAN_OPTIONS pDokanOptions = NULL; PDOKAN_OPERATIONS pDokanOperations = NULL; WCHAR wszMountPoint[] = { 'K', ':', '\\', 0 }; - int(*fnDokanMain)(PDOKAN_OPTIONS, PDOKAN_OPERATIONS); + int(WINAPI *fnDokanMain)(PDOKAN_OPTIONS, PDOKAN_OPERATIONS); // sanity checks if(!ctxMain->phKMD && (PCILEECH_DEVICE_EQUALS("usb3380") || (ctxMain->cfg.qwAddrMax > 0x0000040000000000) || (ctxMain->cfg.qwAddrMax < 0x00400000))) { printf( @@ -895,7 +895,7 @@ VOID ActionMount() if(!ctxMain->phKMD) { printf("MOUNT: INFO: FILES folder not mounted. (No kernel module loaded).\n"); } // allocate hModuleDokan = LoadLibraryExA("dokan1.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32); - fnDokanMain = (int(*)(PDOKAN_OPTIONS, PDOKAN_OPERATIONS))GetProcAddress(hModuleDokan, "DokanMain"); + fnDokanMain = (int(WINAPI *)(PDOKAN_OPTIONS, PDOKAN_OPERATIONS))GetProcAddress(hModuleDokan, "DokanMain"); if(!hModuleDokan || !fnDokanMain) { printf("MOUNT: Failed. The required DOKANY file system library is not installed. \n"); printf("Please download from : https://github.com/dokan-dev/dokany/releases/latest\n"); @@ -965,7 +965,7 @@ VOID ActionMount() if(ctxMain->cfg.fVerbose) { pDokanState->Statistics.hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Vfs_StatisticsThread, &pDokanState->Statistics, 0, NULL); } - ctxMain->vfs.pfnDokanUnmount = (BOOL(*)(WCHAR))GetProcAddress(hModuleDokan, "DokanUnmount"); + ctxMain->vfs.pfnDokanUnmount = (BOOL(WINAPI *)(WCHAR))GetProcAddress(hModuleDokan, "DokanUnmount"); ctxMain->vfs.wchMountPoint = wszMountPoint[0]; ctxMain->vfs.fInitialized = TRUE; status = fnDokanMain(pDokanOptions, pDokanOperations); diff --git a/readme.md b/readme.md index d86e3f5..5412358 100644 --- a/readme.md +++ b/readme.md @@ -252,3 +252,6 @@ v4.1 * Support for remote memory analysis with LeechAgent `agent-forensic` command. * Runs MemProcFS forensic mode remotely. * Retrieves ElasticSearch compatible JSON data. + +[v4.12](https://github.com/ufrisk/pcileech/releases/tag/v4.12) +* 32-bit support (pcileech binary).