Failed to load kernel module

[uranusb]

Hello,

I am now trying to load the kernel module through "kmdload". However, there is something wrong with kernel loading. I tried several commands and got error messages. The issue is we could not load the kernel module and for "probe", all the pages are failed to read. Also, for "kmdload". Following are commands and error messages (The device is NeTV2 board):

E:\PCILeech>pcileech probe -device rawudp://ip=192.168.0.222 -v

DEVICE: FPGA: NeTV2 RawUDP PCIe gen2 x1 [0,0,0] [v4.2,0200] Memory Map: START END #PAGES

Current Action: Probing Memory Access Mode: Normal Progress: 4096 / 4096 (100%) Speed: 819 MB/s Address: 0x0000000100000000 Pages read: 0 / 1048576 (0%) Pages failed: 1048576 (100%) Memory Probe: Completed.

E:\PCILeech>pcileech dump -device rawudp://ip=192.168.0.222 -v

DEVICE: FPGA: NeTV2 RawUDP PCIe gen2 x1 [0,0,0] [v4.2,0200] Memory Map: START END #PAGES

Current Action: Dumping memory Access Mode: Normal Progress: 32 / 4096 (0%) Speed: 32 MB/s Address: 0x0000000002000000 Pages read: 0 / 1048576 (0%) Pages failed: 8192 (0%) file - terminating.

E:\PCILeech>pcileech kmdload -kmd WIN10_X64 -device rawudp://ip=192.168.0.222 -v

DEVICE: FPGA: NeTV2 RawUDP PCIe gen2 x1 [0,0,0] [v4.2,0200] KMD: Failed. Error reading or interpreting memory #1. PCILEECH: Failed to load kernel module.

E:\PCILeech>pcileech kmdload -kmd WIN10_X64_2 -device rawudp://ip=192.168.0.222 -v

DEVICE: FPGA: NeTV2 RawUDP PCIe gen2 x1 [0,0,0] [v4.2,0200] MemProcFS: Failed to initialize memory process file system in call to vmm.dll!VMMDLL_Initialize KMD: Failed initializing required MemProcFS/vmm.dll PCILEECH: Failed to load kernel module.

Here are what we did before running commands:

1. We set up MemProcFS following https://github.com/ufrisk/MemProcFS.
2. We disabled VT-d in BIOS.

Some other details:

1. The target system is WIN10 and the version is 1903.
2. The attack system is also WIN10.

Any help is this regard is greatly appreciated.

Thank you!

[ufrisk]

From what I can see PCILeech is able to contact the NeTV2. The NeTV2 have the PCIe link set up and have received its bus/dev-num from the host system. This is all good news.

It seems though that it's not able to read any memory. It's a bit hard for me to tell what the problem is, but can you try an alternative TLP reading algorithm with algo=2, example (run after a fresh power-on):

pcileech dump -device rawudp://algo=2,ip=192.168.0.222 -v

is there any improvement?

also, what system are you running, cpu, mobo, memory size & mhz?

I know PCILeech do have troubles on some systems right now. I'll try to get a test system to pinpoint these issues better.

[uranusb]

Thanks for your reply!

I have tested several ways to solve this issue and I finally found that the issue is most probably caused by the PCIE extension cable I used. After removing the cable and connecting the board with the target machine directly, I can finally read the memory successfully.

Here is the new update:

E:\PCILeech>pcileech probe -device rawudp://ip=192.168.0.222 -v

DEVICE: FPGA: NeTV2 RawUDP PCIe gen2 x1 [0,0,0] [v4.2,0200]

Memory Map: START END #PAGES 0000000000000000 - 000000000009ffff 000000a0 00000000000c0000 - 000000006bdfffff 0006bd40 0000000100000000 - 0000000165fb5fff 00065fb6 0000000165fc0000 - 000000095e9bbfff 007f89fc 000000095ec00000 - 000000108dffffff 0072f400

Current Action: Probing Memory Access Mode: Normal Progress: 67808 / 67808 (100%) Speed: 858 MB/s Address: 0x000000108E000000 Pages read: 16751506 / 17358848 (96%) Pages failed: 607342 (3%) Memory Probe: Completed.

E:\PCILeech>pcileech kmdload -kmd WIN10_X64 -device rawudp://ip=192.168.0.222 -v

DEVICE: FPGA: NeTV2 RawUDP PCIe gen2 x1 [0,0,0] [v4.2,0200] INFO: PA PT BASE: 0x00000000001ad000 INFO: PA PT: 0x0000000004a04000 INFO: PA HAL HEAP: 0x00000000001098b0 INFO: VA SHELLCODE: 0xfffff7a4c0040210 KMD: Code inserted into the kernel - Waiting to receive execution. KMD: Execution received - continuing ... INFO: PA KMD BASE: 0x68ffc000 Kernel reported memory map below: START END #PAGES 0000000000001000 - 0000000000057fff 00000057 0000000000059000 - 000000000009dfff 00000045 0000000000100000 - 0000000059817fff 00059718 000000005981a000 - 0000000069807fff 0000ffee 000000006bdff000 - 000000006bdfffff 00000001 0000000100000000 - 000000108dffffff 00f8e000

KMD: Successfully loaded at address: 0x68ffc000

However, the "dump" command still doesn't work as following:

E:\PCILeech>pcileech dump -device rawudp://ip=192.168.0.222 -v

DEVICE: FPGA: NeTV2 RawUDP PCIe gen2 x1 [0,0,0] [v4.2,0200] Memory Dump: Initializing ...Memory Dump: Failed. Cannot set initial file size to 4GB for 'safer dump'.

Is this because the memory size of my computer is too large?

P.S. Here is the spec of systems I am using:

Target machine： CPU: i7-7700 RAM: 64gb DDR4 2400mhz OS: Windows 10 1903

Host machine: CPU: i5-6200U RAM: 8gb DDR3 1866mhz OS: Windows 10 1903

[ufrisk]

It's nice to see that you were able to solve your problem and that you got it working :)

About the dump not working, do you have enough disk space on your E drive? Also, what file system are you running on your E drive? If you're running FAT32 it will only support 4GB max file size and that would make your dump fail. You would need to dump to an NTFS file system. Please let me know if this solves your issue.

[uranusb]

Thanks for your suggestion. I found that the problem is caused by my disk space. When I changed the project location to another disk which has enough size, I was able to run "dump" successfully.

[ufrisk]

awesome, I'm happy the issue is successfully resolved and will be closing this issue.

I also, today, published some stability updates to the FPGA bitstream at https://github.com/ufrisk/pcileech-fpga that I would recommend flashing to your device is possible.

Good Luck :)