ufrisk
commented
6 years ago Q1: Maybe, pcileech internally supports reading around 24 4kB pages simultaneously internally (not exposed from the DLL yet). If all your different memory locations are within those 24 pages it certainly would be doable without too much effort, I would just have to expose the existing underlying functionality via the DLL.
If you need to read 1000 different locations it may be possible if the reads are small enough, like 4 our 8 bytes each. But it would be a lot more work to implement and it's not really likely that I'll add this myself right now.
Q2: Yes, you may put a soft cpu on the FPGA doing this work. You would need to learn FPGA coding to do this though. This is not likely to be implemented as a part of PCILeech.
Q3: I had a driver loader kernel module for that some time ago - wx64_driverload_svc - but it's probably too old to work, but give it a try. It would require an already loaded kernel module and your driver on the local file system. But it's probably too old to work, I haven't tried it in a long while...
Is there any device that could make 500 - 1000 reads in different memory locations every 3 ms? So that's really low latency. Would it be possible to put the hack on the card itself so no attacker pc is required? Maybe that would make memory reading in multiple different places faster? usb3380
Another question how could I load unsigned driver using pcileech.