search

ufrisk / pcileech

Direct Memory Access (DMA) Attack Software
GNU Affero General Public License v3.0
5.04k stars 735 forks source link

PCILeech_VmmConfigSet issue #63

Closed false closed 5 years ago

false commented 6 years ago

Hello,

For info I had the following issue on the 3.5 version too.

It seems I have a problem with setting custom values to PCILEECH_VMM_CONFIG_READCACHE_TICKS, PCILEECH_VMM_CONFIG_TLBCACHE_TICKS .. . The issue is if I edit directly the constant values and rebuild the dll they are taken into account and I don't get "freezes" every 5s. But if i set the same new value through PCILeech_VmmConfigSet : example : PCILeech_VmmConfigSet(PCILEECH_VMM_CONFIG_READCACHE_TICKS, (10 * 1000 / VMMPROC_UPDATERTHREAD_PERIOD); , it seems it is not taken into account ; Even though I read the new set values through VmmConfigGet calls.

I tried to set the config after and before the pcileechvmm init method but no chance. Is there any particular way to set these values for them to be taken into account ? I have checked sources and it seems they are indeed passed to the ThreadProcCache.

ufrisk commented 6 years ago

The PCILEECH_VMM_CONFIG_READCACHE_TICKS specifies the validity of the memory read cache. Clearing this only affects the performance marginally.

The real killer is the refresh of the process cache which are related to the PCILEECH_VMM_CONFIG_PROCCACHE_TICKS_PARTIAL and the PCILEECH_VMM_CONFIG_PROCCACHE_TICKS_TOTAL settings. Can you please try altering those settings to see if it makes any difference?

false commented 6 years ago

I was not clear, I am actually setting the 4 values : readcache, tlb, partial, total. When I ‘embed’ the new values with the dll génération it works as expected, when I set them through vmmconfigset I still see the freezes.

ufrisk commented 6 years ago

Thanks for this report :) I'll look into this and see if I can fix it in the next release.

ufrisk commented 6 years ago

Can you please check if this is working better in the newly released Memory Process File System - https://github.com/ufrisk/MemProcFS

My plan is to move all memory analysis functionality into the Memory Process File System project and remove it from PCILeech - which will focus on DMA attacks and acquisition. The Memory Process File System will seamlessly call into PCILeech whenever needed so the end-user experience should not differ much - except that the new project supports more features.