-
-
Notifications
You must be signed in to change notification settings - Fork 95
Device_FPGA
The LeechCore library supports reading memory using PCILeech FPGA PCIe to USB hardware.
Facts in short:
- Is supported on all supported platforms.
- Acquires memory in read/write mode.
- Acquired memory is assumed to be volatile.
- Have additional requirements.
LeechCore API:
Please specify the acquisition device type (and optionally speed configuration options) LEECHCORE_CONFIG.szDevice when calling LeechCore_Open. The speed configuration options should ideally never be used and only exists for debugging purposes. Examples:
FPGA
FPGA://<pcie_gen_1_or_2>:[<read_delay_uS>[:<write_delay_uS>[:<probe_delay_uS>]]].
Memory Process File System:
Please specify the device type in the -device option.
Examples:
-device FPGA
-device FPGA://2:300
-device FPGA://1:300:300:300
Requires the FPGA hardware which is connected to the target computer over PCIe and to the analysis computer over USB.
Also requires the FTDI FTD3XX.dll library to be placed alongside LeechCore (Windows) or a Kernel Driver (Linux). For more information please check out the PCILeech and PCILeech FPGA projects.
Sponsor PCILeech and MemProcFS:
PCILeech and MemProcFS is free and open source!
I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!
If you like what I've created with PCIleech and MemProcFS with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk
Thank You 💖