Recent releases for pcileech

pcileech v1.0

2016-08-08T23:03:43+00:00

Initial Release after DEF CON 24 talk.

pcileech v1.1

2016-09-05T17:36:26+00:00

New functionality, updates and bug fixes.

pcileech v1.2

2016-09-28T17:54:26+00:00

New functionality, updates and bug fixes.

pcileech v1.3

2016-12-15T08:24:17+00:00

The Changes/Updates are described below: core: basic linux 4.8 support. core: mac_fvrecover - retrieve filevault2 password from locked mac. core: stability improvements for USB2 and new options [-out none, -usb2, -iosize, -v] implant: pull large files from target [wx64_filepull, mac_filepull, lx64_filepull]. implant: spawn cmd in user context [wx64_pscmd_user]. implant: stability improvements for Win8+ [wx64_pscreate, wx64_pscmd, wx64_pscmd_user]. other: load kmd by compiling and inserting .ko on linux [ pcileech_kmd/linux ]. other: firmware flash support in Windows.

pcileech v1.5

2017-03-17T20:50:56+00:00

core: Win10 generic HAL attack stabilized (-sig win10_x64) signature: macOS Sierra updated. signature: Windows 10 updated. other: bug fix - memory write in macOS. other: firmware flash fixes for PP3380 device.

pcileech v2.0

2017-05-24T10:20:23+00:00

Mount target system live RAM and file system as drive. Substantial refactorings to support multiple future hardware devices. Signature: Linux 4.10 kernel support in LINUX_X64_EFI signature.

pcileech v2.1

2017-06-12T11:23:35+00:00

Linux support. Android support.

pcileech v2.2

2017-08-30T08:50:43+00:00

UEFI support. Linux 2.6.33-4.6 target support.

pcileech v2.3

2017-10-12T09:23:20+00:00

FPGA support.

pcileech v2.5

2017-11-06T20:28:28+00:00

pcileech v2.6

2018-02-08T12:42:40+00:00

PCIeScreamer and AC701 FPGA support.

pcileech v3.0

2018-03-12T12:10:34+00:00

Initial release of the Memory Process File System. Various other changes and bug fixes.

pcileech v3.1

2018-03-20T10:45:00+00:00

Linux FPGA support. Various bug fixes.

pcileech v3.4

2018-07-14T12:54:45+00:00

Changelog: * Memory Process File System - runtime tunables in .config directory - allows for disabling of caching and adjusting refresh periods. * Various bug fixes

pcileech v3.6

2018-10-30T11:47:33+00:00

New content: - Various bug fixes including fix for 'missing dll' issue and working support for pml4-user page tables. - Additional exported functions from pcileech.dll

pcileech v3.6.1

2018-10-30T11:47:33+00:00

New content: - Various bug fixes including fix for 'missing dll' issue and working support for pml4-user page tables. - Additional exported functions from pcileech.dll

pcileech v3.6.2

2018-10-30T11:47:33+00:00

New content: - Various bug fixes including fix for 'missing dll' issue and working support for pml4-user page tables. - Additional exported functions from pcileech.dll

pcileech v3.7

2019-01-03T18:13:59+00:00

New content: * Support for RAWTCP device - used to communicate with DMA patched HP iLO. Thanks to Synacktiv for the contribution and the awesome research!

pcileech v4.0

2019-03-08T11:40:45+00:00

Details: * Major cleanup and internal refactorings. * FPGA max memory auto-detect and more stable dumping strategy. * New stable Windows 10 kernel injects with FPGA hardware on non-virtualization based security systems. * User mode injects (experimental). * Removal of built-in device support - the [LeechCore](https://github.com/ufrisk/LeechCore) `leechcore.dll`/`leechcore.so` library is now used instead. New devices include: * Memory dump files (raw linear dump files and microsoft crash dump files). * Hyper-V save files. * Live memory via DumpIt / WinPmem. * remote devices via -remote setting. * Removal of API and built-in _Memory Process File System_ - please use the more capable APIs in the [LeechCore](https://github.com/ufrisk/LeechCore) and [Memory Process File System](https://github.com/ufrisk/MemProcFS) instead. * Multiple other changes and syntax updates.

pcileech v4.1

2019-04-05T09:22:06+00:00

- Project upgrade to Visual Studio 2019. - LeechAgent support - remote memory acquisition and analysis.

pcileech v4.2

2019-07-30T11:05:33+00:00

* Signature updates: * Linux kernel module - LINUX_X64_48 (latest versions) * Win10 1903 kernel module - WIN10_X64_2 (requires windows version of PCILeech)

pcileech v4.3

2019-10-14T11:27:03+00:00

* Bug fixes. * Support for new device (NeTV2 / RawUDP) via LeechCore library.

pcileech v4.4

2020-01-07T11:52:49+00:00

* Bug fixes and stability improvements. * Support for MemProcFS v3 library. * Code signing of binaries. * "tlploop" command.

pcileech v4.5

2020-08-03T05:33:24+00:00

* Bug fixes. * Support for v2 of the LeechCore memory acquisition library. * FPGA stability and speed improvements. * MemProcFS integration when running on Windows. * Support for user-defined physical memory map (-memmap option).

pcileech v4.6

2020-08-26T20:55:53+00:00

* Support for [LiveCloudKd](https://github.com/ufrisk/LeechCore/wiki/Device_LiveCloudKd).

pcileech v4.7

2020-09-05T21:04:42+00:00

* Bug fixes. * WIN10_X64_3 new stable kernel signature for Windows 10 - including Win10 2004 release. * Unlock signature updates - Win10/Linux (NB! most recent kernels on Linux not yet supported).

pcileech v4.8

2020-12-21T22:00:48+00:00

* Bug fixes. * Better support for recent x64 Linux kernels.

pcileech v4.9

2021-05-09T12:58:20+00:00

* Bug fixes. * Signature updates. * Better support for recent x64 Linux kernels (Ubuntu 21.04). * Unmount of monted driver when CTRL+C pressed.

pcileech v4.10

2021-05-24T06:02:36+00:00

* Linux support for Windows 10 built-in signatures (dependency on MemProcFS v4.0). * Separate releases for Windows and Linux. * General cleanup.

pcileech v4.11

2021-08-16T06:24:06+00:00

* Support for VMWare Workstation/Player live VM memory. * Support for remote memory analysis with LeechAgent `agent-forensic` command. * Runs MemProcFS forensic mode remotely. * Retrieves ElasticSearch compatible JSON data.

pcileech v4.12

2021-09-25T19:05:10+00:00

32-bit support (pcileech binary).

pcileech v4.13

2022-01-07T07:55:38+00:00

* Bug fixes. * Mount improvements: - Windows host file system support: Upgrade to [Dokany2](https://github.com/dokan-dev/dokany/releases) (NB! Dokany2 will have to be installed!). - Linux host file system support: FUSE support added.
Example: `./pcileech mount /home/user/fusemnt/leechfs -kmd ` - Now possible to access other local drives than C: on Windows targets. * Visual Studio 2022 Support.

pcileech v4.14

2022-02-05T15:21:05+00:00

* Process Virtual Memory support (Windows only). - Commands: search, patch, write, display, pagedisplay - Example: pcileech patch -pid 732 -sig unlock_win10x64.sig

pcileech v4.15

2022-08-04T06:39:53+00:00

* Support for MemProcFS v5.0

pcileech v4.16

2023-08-20T19:32:16+00:00

* FPGA performance improvements. * Command `none` added. * Options `-bar-ro` and `-bar-rw` added.

pcileech v4.17

2023-09-24T15:18:42+00:00

* I/O BAR support. * Linux improvements: - KMD signature update (LINUX_X64_48) to support latest Ubuntu kernels. - Update of kernel modules to support latest kernels. - New KMD signature - LINUX_X64_MAP - specify target system kernel System.map in -in option. - New kernel module: lx64_exec_root.