search

ufrisk / LeechCore

LeechCore - Physical Memory Acquisition Library & The LeechAgent Remote Memory Acquisition Agent
GNU General Public License v3.0
517 stars 92 forks source link

Crashes with mmap :/ #39

Closed Sigma12456 closed 3 months ago

Sigma12456 commented 3 months ago

I have a problem that when i enable the mmap argument it jusr crashes. the bolean doesnt return true or false it just crashes and without that argument it doesnt crash. i never had this issue before and i didnt change anything(I think). Windows 11

`` bool Memory::Init(std::string process_name, bool memMap, bool debug) { if (!DMA_INITIALIZED) { LOG("inizializing...\n"); reinit: LPSTR args[] = { (LPSTR)"", (LPSTR)"-device", (LPSTR)"fpga://algo=0", (LPSTR)"", (LPSTR)"", (LPSTR)"", (LPSTR)"" }; DWORD argc = 3; if (debug) { args[argc++] = (LPSTR)"-v"; args[argc++] = (LPSTR)"-printf"; }

    std::string path = "";
    if (memMap)
    {
        auto temp_path = std::filesystem::temp_directory_path();
        path = (temp_path.string() + "\\mmap.txt");
        bool dumped = false;
        if (!std::filesystem::exists(path))
            dumped = this->DumpMemoryMap(debug);
        else
            dumped = true;
        LOG("Dumping memory map to file...");
        if (!dumped)
        {
            LOG("Could not dump memory map! Defaulting to no memory map!");
        }
        else
        {
            LOG("Dumped memory map!");

            args[argc++] = (LPSTR)"-norefresh";
            args[argc++] = (LPSTR)"-memmap";
            //args[argc++] = (LPSTR)"mmap.txt";
            args[argc++] = (LPSTR)path.c_str();
        }
    }
    this->vHandle = VMMDLL_Initialize(argc, args);
    if (!this->vHandle)
    {
        if (memMap)
        {
            memMap = false;
            LOG("[!] Initialization failed with Memory map? Try without MMap\n");
            goto reinit;
        }
        LOG("[!] Initialization failed! Is the DMA in use or disconnected?\n");
        return false;
    }

    ULONG64 FPGA_ID = 0, DEVICE_ID = 0;

    VMMDLL_ConfigGet(this->vHandle, LC_OPT_FPGA_FPGA_ID, &FPGA_ID);
    VMMDLL_ConfigGet(this->vHandle, LC_OPT_FPGA_DEVICE_ID, &DEVICE_ID);

    LOG("FPGA ID: %llu\n", FPGA_ID);
    LOG("DEVICE ID: %llu\n", DEVICE_ID);
    LOG("success!\n");

    if (!this->SetFPGA())
    {
        LOG("[!] Could not set FPGA!\n");
        VMMDLL_Close(this->vHandle);
        return false;
    }

    DMA_INITIALIZED = TRUE;
}
else
    LOG("DMA already initialized!\n");

if (PROCESS_INITIALIZED)
{
    LOG("Process already initialized!\n");
    return true;
}

current_process.PID = GetPidFromName(process_name);
if (!current_process.PID)
{
    LOG("[!] Could not get PID from name!\n");
    return false;
}
current_process.process_name = process_name;
if (!mem.FixCr3())
    std::cout << "Failed to fix CR3" << std::endl;
else
    std::cout << "CR3 fixed" << std::endl;

current_process.base_address = GetBaseDaddy(process_name);
if (!current_process.base_address)
{
    LOG("[!] Could not get base address!\n");
    return false;
}

current_process.base_size = GetBaseSize(process_name);
if (!current_process.base_size)
{
    LOG("[!] Could not get base size!\n");
    return false;
}

LOG("Process information of %s\n", process_name.c_str());
LOG("PID: %i\n", current_process.PID);
LOG("Base Address: 0x%llx\n", current_process.base_address);
LOG("Base Size: 0x%llx\n", current_process.base_size);

PROCESS_INITIALIZED = TRUE;

return true;

} ``

Sigma12456 commented 3 months ago

turns out enabling debug crashes it lmao

Jotalz commented 2 months ago

Although this is a closed issue, I would like to add that, in LPSTR args[] = { (LPSTR)"", (LPSTR)"-device", (LPSTR)"fpga://algo=0", (LPSTR)"", (LPSTR)"", (LPSTR)"", (LPSTR)"" };, you provided insufficient parameter positions, resulting in the last parameter args[argc++] = (LPSTR)path.c_str(); not being included when debug is turned on.

Also, the reason I'm here is that I'm actually searching for one thing: what format should mmap.txt be provided in, because in the wiki I saw two different formats, which confused me, can you provide some help? 1 0x1000 0xA0000 0x100000 0x9D00000 0xA000000 0xA200000 0xA20C000 0xB000000 0x38D0000 0x91EB000 0x93C2000 0xD94D9000 0xDA5E3000 0xDD000000 0x100000000 0x81F300000

2 # base top 0000 1000 - 9cfff 0001 100000 - 101fff 0002 103000 - bb37afff 0003 bb382000 - bb7dbfff 0004 bbc4c000 - cd216fff 0005 cefff000 - ceffffff 0006 100000000 - 42effffff

ufrisk commented 2 months ago

@Jotalz the memmap is fairly flexible, you can double check it by adding options -v and -vv and the parsed memmap should show up in the debug printouts at the very top of the initialization stuff in the console window.

Jotalz commented 2 months ago

@Jotalz the memmap is fairly flexible, you can double check it by adding options -v and -vv and the parsed memmap should show up in the debug printouts at the very top of the initialization stuff in the console window.

yes,I should try it,you are a really nice man,thanks!