ufrisk
commented
1 year ago Hi and many thanks,
I hope my PCILeech / LeechCore / MemProcFS open source software will be useful.
Doing the research you propose however most likely requires a bit more expensive development boards than the Artix-7 currently in use. Also it would take quite some time to look into this.
Right now I don't have a business case to warrant me spending the required time and money for this research. I'm busy enough focusing on other things.
There is just no payback for me for the invested time. The larger companies aren't interested one single bit, or if they are they don't pay anything - bounties or similar. A former microsoft employee even boasted on twitter way back that they managed to do the current Windows 11 implementation without giving as much as a single cent to my project. Sad truth is that financially it would be better to find a simple XSS than doing DMA research. It still has been some great fun though and I'll continue building on these software project.
But who knows, maybe in the future if I get some free time I might look into this just for fun...
Or if you decide to go ahead with this research it would definitely be very interesting :)
Hi Ulf,
first of all thanks for your epic work.
I have a question regarding Kernel DMA Protection and IOMMUs. As far as I know LeechCore based tools don't work with an IOMMU (Kernel DMA Protection) enabled. Shouldn't it be possible to emulate a device which supports the IOMMU so it can read and write in the memory reserved for the device.
I am asking because I have read that Windows may just use two domains for the DMA remapping (not 100 percent sure if this is true). So let's say that is the case and there are two domains one for OS stuff and one for everything else, shouldn't it than be possible to access for example user space data even if the computer is even locked.
I hope my question was somewhat understandable. Otherwise we are welcome to discuss the topic further.