dump failed on AMD target even with custom memmap specified

[FlameSky-S]

Hi, @ufrisk . I'm back with AMD issues.

I havn't had time to test my program properly since last post. Today I tested it and it works ok except random freezes which require rebooting target system to reset. Also there were minor pauses(from less than 1s to 10s plus) during the memory reading loop in my program. I googled a bit and someone suggested to check cable speed with pcileech dump. So I did the test and encountered a more severe problem.

When I run pcileech.exe -device fpga -v dump -out none -memmap memmap.txt, the speed is below 20MB/s and it randomly freezes after a few seconds (progress at 1 percent). I then disabled CSM, Secure Boot, SVM Mode, SMT and XMP Profile as another thread suggested(IOMMU was already disabled before). I tried a few more times and pcileech eventually got past 1 percent and reached 6 percent and then throw out bad TLP error, and froze after that.

I also tried pcileech probe with and without memmap option. The probe runs very fast at first(200+MB/s) but always slows down at around bfffffff. It is too slow after this point that I can't wait for it to finish. Also, the probe result seems to be inconsistant with the memory range RAMMap reports.

It occured to me that I've tested the same screamer and usb calbe on a windows target before I installed it in my home AMD PC. It worked perfectly on the windows target. So I guess the cable is not the problem of the low performance. I noticed there are a lot of memory related options in BIOS, I wonder if there're any more options that may affect dma reads? I'll write them down if those information might be helpful. My motherboard is a Gigabyte X570, CPU is Ryzen 5800X.

Thank you again for your great work!

[ufrisk]

Probe is really aggressive. things often stops working after it's used.

Please use pcileech/memprocfs with a memory map if on AMD.

Also please check https://github.com/ufrisk/LeechCore/wiki/Device_FPGA for additional options.

You may try adding -device fpga://readsize=0x18000,algo=2 to see if it makes any difference, mbe decrease readsize a bit, possibly also skipping algo=2 or adding tmread=400 or something like this. Unfortunately I'm not able to test on all kinds of hardware due to the costs involved for me.

[FlameSky-S]

I played around a bit with the debug parameters, and found no difference with the default settings. However, I've been able to dump the memory at 20MB/s semi-stable. Randomly at some point the dump freezes, sometimes it can recover while other times it needs rebooting. I've read about Vmm auto refreshing process list and physical to virtual translations, is there a similar mechanism in pcileech which may cause these random freezes?

Anyways, the issue seems cable-related. So I'm going to switch to a new usb cable and will report back later.

[FlameSky-S]

Hi, I'm all good with the new usb 3.0 cable, the dump speed is stable at 180MB/s and my program works fine now.

I've read about Vmm auto refreshing process list and physical to virtual translations

It seems that there is some kind of hidden activities which requires more bandwidth for pcileech too.