Closed false closed 4 years ago
ufrisk
commented
4 years ago which device/vendor id?, and did you change anything else in the bistream config besides the vendor and device id (I'm mainly thinking about things like class id, subsystem id and similar changes to the PCIe core)
false
commented
4 years ago No I only changed the vid and device ids.
So I have been doing different tests. When I force the max to 16gb (-max arg) it actually reads all the page with 94% success which is the same than the default vid. But I can't read the 0x1000 address. I also can't get the basic exemple of memprofs to initialize the fpga. If I force the max in the exemple, it still fails on the cr3 init step. So I guess it fails on reading, I dumped a bit of memory with pcileech and it seemed to be only zeros but I'm not sure of that test. So my question is, if it says page read successfully : 94% in the pcileech probe, does it validate the ability to read all these addresses ? Have you got any idea of what I could debug to find out what's going wrong and have my custom vid not causing so much trouble ?
ufrisk
commented
4 years ago PCILeech tries to auto-detect the amount of memory. If it fails doing this it will default to 4GB.
The probe reads a tiny amount of memory from each 4kB memory page, and if successful report this as success. This indicates you are able to read something at least. Unfortunately what you also mention also indicates your data read may be corrupt.
Custom VID/PID and messing around with the PCIe core in other ways aren't really a supported configuration by me so you'll have to debug and try your way around here. I wish you the best of luck :)
false
commented
4 years ago I'm not sure but I might have found some hints converning my issue , could you give me your point of view ?
I did direct tlp commands. Read 4 bytes works. Read 128 bytes works, example :
pcileech.exe tlp -vvv -in 00000020060000ff00001000
TLP: Transmitting PCIe TLP. (use -vvv option for detailed info).
TX: MRd32: Len: 020 ReqID: 0600 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 20 06 00 00 ff 00 00 10 00 ... ........
RX: CplD: Len: 020 ReqID: 0600 CplID: 0000 Status: 0 BC: 080 Tag: 00 LowAddr: 00
0000 4a 00 00 20 00 00 00 80 06 00 00 00 e9 4d 06 00 J.. .........M..
0010 01 00 00 00 01 00 00 00 3f 00 18 10 00 00 00 00 ........?.......
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 9b 20 00 00 00 00 00 .......... .....
0040 00 00 00 00 ff ff 00 00 00 93 cf 00 00 00 00 00 ................
0050 00 00 00 00 ff ff 00 00 00 9b cf 00 00 00 00 00 ................
0060 00 00 00 00 00 50 7f c7 00 00 00 00 7c 16 00 00 .....P .....|...
0070 30 00 da 16 00 00 10 00 00 00 00 00 30 4a c2 4e 0...........0J.N
0080 00 f8 ff ff 00 80 00 c0 c7 f7 ff ff ............Read 512 bytes does not work :
pcileech.exe tlp -vvv -in 00000080060000ff00001000
TLP: Transmitting PCIe TLP. (use -vvv option for detailed info).
TX: MRd32: Len: 080 ReqID: 0600 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 80 06 00 00 ff 00 00 10 00 ............Overall the tlp display memory doesn't work :
PCILeech_files_and_binaries_v4.4-20200201>pcileech.exe tlp -vvv -in 00000000060080ff00001000
TLP: Transmitting PCIe TLP. (use -vvv option for detailed info).
TX: MRd32: Len: 000 ReqID: 0600 BE_FL: ff Tag: 80 Addr: 00001000
0000 00 00 00 00 06 00 80 ff 00 00 10 00 ............If I change the length to shorter then I receive packets, but the length 00 seems to cause a problem. It also explains why the probe works, as it send 4 bytes TLPs.
Moreover with shorter lengths the read memory does not seem to be corrupted which could be a good sign for a potential solution ?
Is there a way to make memory read and "restraining" / globally restrain the TLPs to a desired length ?
false
commented
4 years ago I think it's fixed but lead me to a new issue, I will open a new thread :-)
Hello,
I am having some kind of issue with pcileech. It seems to not detect system memory above 4GB with a certain VID PID.
here is an exemple of probe : PCILeech_files_and_binaries_v4.4-20200201>pcileech.exe probe
Memory Map: START END #PAGES 0000000000000000 - 000000000009ffff 000000a0 00000000000c0000 - 00000000c77fffff 000c7740
Current Action: Probing Memory Access Mode: Normal Progress: 4096 / 4096 (100%) Speed: 227 MB/s Address: 0x0000000100000000 Pages read: 817120 / 1048576 (77%) Pages failed: 231456 (22%) Memory Probe: Completed.
What could be the cause ? Could it be an OS protection ?