Version 1.2.2

files/agent/x64/vmmpy.py

@@ -12,9 +12,10 @@
 # (c) Ulf Frisk, 2018-2019
 # Author: Ulf Frisk, [email protected]
 #
-# Header Version: 2.6
+# Header Version: 2.7
 #
 
+import atexit
 from vmmpyc import *
 
 #------------------------------------------------------------------------------
@@ -61,6 +62,7 @@ def VmmPy_Close():
     Example:
     VmmPy_Close()
     """
+    atexit.unregister(VmmPy_Close)
     VMMPYC_Close()
 
 
@@ -107,6 +109,7 @@ def VmmPy_Initialize(args, is_printf = True, is_verbose = False, is_verbose_extr
     if is_verbose_tlp:
         args.append("-vvv")
     VMMPYC_Initialize(args)
+    atexit.register(VmmPy_Close)
 
 
 
@@ -489,6 +492,23 @@ def VmmPy_WinReg_HiveWrite(va_hive, address, bytes_data):
 
 
 
+#------------------------------------------------------------------------------
+# VmmPy NETWORK FUNCTIONALITY BELOW:
+#------------------------------------------------------------------------------
+
+def VmmPy_WinNet_Get():
+    """Retrieve networking information
+
+    Keyword arguments:
+    return -- dict with 'TcpE' list with dict for each TCP connection.
+    
+    Example:
+    VmmPy_WinReg_HiveList() --> {'TcpE': [{'ver': 4, 'pid': 612, 'state': 4, 'va': 18446690201099026448, 'time': 131983383869225588, 'time-str': '2019-03-29 13:06:26 UTC', 'src-ip': '127.0.0.1', 'src-port': 51734, 'dst-ip': '127.0.0.1', 'dst-port': 51733}, ...]}
+    """
+    return VMMPYC_WinNet_Get()
+
+
+
 #------------------------------------------------------------------------------
 # VmmPy VFS (Virtual File System) FUNCTIONALITY BELOW:
 #------------------------------------------------------------------------------

leechagent/leechagent_procparent.c

@@ -12,8 +12,8 @@
 #include "util.h"
 #include <stdio.h>
 
-#define PROCPARENT_STDOUT_SIZE  0x00100000      // 1MB
-#define PROCPARENT_STDERR_SIZE  0x00020000      // 128kB
+#define PROCPARENT_STDOUT_SIZE  0x00400000      // 4MB
+#define PROCPARENT_STDERR_SIZE  0x00040000      // 256kB
 
 typedef struct tdPROCPARENT_CONTEXT {
     PROCESS_INFORMATION ChildProcessInfo;

leechagent/version.h

@@ -3,7 +3,7 @@
 
 #define VERSION_MAJOR               1
 #define VERSION_MINOR               2
-#define VERSION_REVISION            1
+#define VERSION_REVISION            2
 #define VERSION_BUILD               0
 
 #define VER_FILE_DESCRIPTION_STR    "LeechAgent Memory Acquisition Service"

leechcore/leechrpcclient.c

@@ -609,8 +609,8 @@ BOOL LeechRPC_Open(_In_ BOOL fIsRpc)
     memcpy(&ctxDeviceMain->cfg, &pMsgRsp->cfg, sizeof(LEECHCORE_CONFIG));
     ctxDeviceMain->cfg.pfn_printf_opt = pfn_printf_opt_tmp;
     ctxDeviceMain->cfg.fRemote = TRUE;
-    ctxDeviceMain->cfg.cbMaxSizeMemIo = 0x01000000; // 16MB
-    ctxDeviceMain->fDeviceMultiThread = TRUE;
+    ctxDeviceMain->cfg.cbMaxSizeMemIo = 0x01000000;     // 16MB
+    ctxDeviceMain->fDeviceMultiThread = ctx->fIsRpc;    // RPC = multi-thread, PIPE = single-thread access
     if(pMsgRsp->flags & LEECHRPC_FLAG_FNEXIST_ReadScatterMEM) {
         ctxDeviceMain->pfnReadScatterMEM = LeechRPC_ReadScatterMEM;
     }

leechcore/version.h

@@ -3,7 +3,7 @@
 
 #define VERSION_MAJOR               1
 #define VERSION_MINOR               2
-#define VERSION_REVISION            1
+#define VERSION_REVISION            2
 #define VERSION_BUILD               0
 
 #define VER_FILE_DESCRIPTION_STR    "LeechCore Memory Acquisition Library"