Minimum granularity: page (4kB)

[Zibux]

is there any way to change the minimum granularity to byte?

[ufrisk]

Yes, it's already supported in the FPGA version if you craft your own PCIe packets right now as an example. On the USB3380 it's just not coded like that in PCILeech, it's not a limitation in the hardware.

But why? all page protection that I know of that may render memory unreadable is working on at least a 4kB granularity. The only use I really see for allowing reads less than 4kB is if you wish to read some memory mapped hardware register that only allows DWORD (4 byte) reads or something like that.

Otherwise why just not read the full 4kB and then extract the byte you are looking for?

[Zibux]

Because of speed. If i am reading useless bytes it will decrease speed that i can read ? Its nice to see FPGA support i will most probably buy the hardware in near future.

[ufrisk]

The real killer with regards to speed is latency though. Especially if doing multiple very small reads. Reading single bytes (or DWORDs/4-bytes) from a page isn't going to speed up things much since you'll have to do a ton of reads instead of just one big read for a MB or so. At least for the USB3380. For the FPGA it's a different story though. You could look into this yourself by modifying the code in the right places. PCILeech is open source :)

[Zibux]

When im reading memory from pcileech, addresses are in different location then they would be when im reading memory from pc right ? Is there any way to find same location or offset to memory?

[ufrisk]

Yes, if you have a physical memory dump from PCILeech you may use volatility as an example.

[Zibux]

Is there any function in pcileech that would return real memory location? I have problem with pointers if i read pointer it will point to real memory address not the dump one. I will check out volatility thanks!