ufrisk
commented
4 years ago Awesome that you got PCILeech to work somewhat with DCI :) I wanted to look into this for a long time but I could not find the time with this unfortunately just being my hobby project.
I'm assuming you're using the LINUX_X64_48 signature.
It was a while since I tested this and I'm assuming you're targeting a 64-bit kernel more recent than a year or so. Chances are that something changed that breaks the shellcode ( https://github.com/ufrisk/pcileech/blob/master/pcileech_shellcode/lx64_stage2.asm )
Right now I'm working on a major update for PCILeech/MemProcFS geared towards fixing some long standing FPGA issues primarily related to AMD systems, but also to add new memory analysis functionality for WIndows. I really do need to finish this up and release before I start looking into what I'm suspecting may be somewhat dated shellcodes both for Windows and Linux.
I'll put this up as a bug for now. Chances are that I won't be able to find the time to look into this before September though. If you're interested you can take a look at the shellcode. I do suspect that it's some of the exported symbols ( at the bottom of the shellcode ) that is missing. My best guess is that set_memory_x is missing from your kallsyms; but if you're able please check the other exports as well. Please let me know if you find the culprit.
ma-schulze
Hi, so I'm trying to inject a kernelmodule via DMA via DCI-Debugging (Linux target).
Now it works fine up until the point "KMD: Code inserted into the kernel - Waiting to receive execution." (kmd.c:1361) where it freezes / loops indefinitly.
Do you have any fixes for this? Or can you maybe explain to me what exactly he is waiting for so I can look into it myself? Thanks in advance!