Version 2.19.0

ufrisk · Sep 28, 2024 · e80468b · e80468b
1 parent 3ec7f74
commit e80468b
Show file tree

Hide file tree

Showing 10 changed files with 235 additions and 105 deletions.
diff --git a/README.md b/README.md
@@ -247,6 +247,7 @@ v1.0-1.8
 * Bug fixes.
 * Hibernation file support.
 
-Latest:
+[v2.19](https://github.com/ufrisk/LeechCore/releases/tag/v2.19)
 * Bug fixes.
 * Windows 11 24H2 hibernation file support.
+* ZDMA fast-write "lockless" support.
diff --git a/includes/leechcore.h b/includes/leechcore.h
@@ -14,7 +14,7 @@
 // (c) Ulf Frisk, 2020-2024
 // Author: Ulf Frisk, pcileech@frizk.net
 //
-// Header Version: 2.18.4
+// Header Version: 2.19.0
 //
 
 #ifndef __LEECHCORE_H__

diff --git a/leechagent/version.h b/leechagent/version.h
@@ -2,9 +2,9 @@
 #define STRINGIZE(s) STRINGIZE2(s)
 
 #define VERSION_MAJOR               2
-#define VERSION_MINOR               18
-#define VERSION_REVISION            10
-#define VERSION_BUILD               78
+#define VERSION_MINOR               19
+#define VERSION_REVISION            0
+#define VERSION_BUILD               79
 
 #define VER_FILE_DESCRIPTION_STR    "LeechAgent Memory Acquisition Service"
 #define VER_FILE_VERSION            VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD

diff --git a/leechcore/device_fpga.c b/leechcore/device_fpga.c
diff --git a/leechcore/leechcore.h b/leechcore/leechcore.h
@@ -14,7 +14,7 @@
 // (c) Ulf Frisk, 2020-2024
 // Author: Ulf Frisk, pcileech@frizk.net
 //
-// Header Version: 2.18.4
+// Header Version: 2.19.0
 //
 
 #ifndef __LEECHCORE_H__

diff --git a/leechcore/ob/ob.h b/leechcore/ob/ob.h
@@ -670,6 +670,11 @@ POB_SET ObMap_FilterSet(_In_opt_ POB_MAP pm, _In_opt_ PVOID ctx, _In_opt_ OB_MAP
 */
 DWORD ObMap_RemoveByFilter(_In_opt_ POB_MAP pm, _In_opt_ PVOID ctx, _In_opt_ OB_MAP_FILTER_REMOVE_PFN_CB pfnFilterRemoveCB);
 
+/*
+* Sort compare callback function.
+*/
+typedef int(*OB_MAP_SORT_COMPARE_FUNCTION)(_In_ POB_MAP_ENTRY e1, _In_ POB_MAP_ENTRY e2);
+
 /*
 * Sort the ObMap entry index by a sort compare function.
 * NB! The items sorted by the sort function are const OB_MAP_ENTRY* objects
@@ -679,7 +684,7 @@ DWORD ObMap_RemoveByFilter(_In_opt_ POB_MAP pm, _In_opt_ PVOID ctx, _In_opt_ OB_
 * -- return
 */
 _Success_(return)
-BOOL ObMap_SortEntryIndex(_In_opt_ POB_MAP pm, _In_ _CoreCrtNonSecureSearchSortCompareFunction pfnSort);
+BOOL ObMap_SortEntryIndex(_In_opt_ POB_MAP pm, _In_ OB_MAP_SORT_COMPARE_FUNCTION pfnSort);
 
 /*
 * Sort the ObMap entry index by key ascending.
@@ -848,7 +853,7 @@ typedef struct tdOB_STRMAP *POB_STRMAP;
 * -- return = TRUE on insertion, FALSE otherwise.
 */
 _Success_(return)
-BOOL ObStrMap_PushU(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR usz);
+BOOL ObStrMap_PushU(_In_opt_ POB_STRMAP psm, _In_opt_ LPCSTR usz);
 
 /*
 * Push / Insert into the ObStrMap.
@@ -857,7 +862,7 @@ BOOL ObStrMap_PushU(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR usz);
 * -- return = TRUE on insertion, FALSE otherwise.
 */
 _Success_(return)
-BOOL ObStrMap_PushA(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR sz);
+BOOL ObStrMap_PushA(_In_opt_ POB_STRMAP psm, _In_opt_ LPCSTR sz);
 
 /*
 * Push / Insert into the ObStrMap.
@@ -866,7 +871,7 @@ BOOL ObStrMap_PushA(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR sz);
 * -- return = TRUE on insertion, FALSE otherwise.
 */
 _Success_(return)
-BOOL ObStrMap_PushW(_In_opt_ POB_STRMAP psm, _In_opt_ LPWSTR wsz);
+BOOL ObStrMap_PushW(_In_opt_ POB_STRMAP psm, _In_opt_ LPCWSTR wsz);
 
 /*
 * Push / Insert into the ObStrMap.
@@ -877,7 +882,7 @@ BOOL ObStrMap_PushW(_In_opt_ POB_STRMAP psm, _In_opt_ LPWSTR wsz);
 * -- return = TRUE on insertion, FALSE otherwise.
 */
 _Success_(return)
-BOOL ObStrMap_PushPtrUU(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR usz, _Out_opt_ LPSTR *puszDst, _Out_opt_ PDWORD pcbuDst);
+BOOL ObStrMap_PushPtrUU(_In_opt_ POB_STRMAP psm, _In_opt_ LPCSTR usz, _Out_opt_ LPSTR *puszDst, _Out_opt_ PDWORD pcbuDst);
 
 /*
 * Push / Insert into the ObStrMap.
@@ -888,7 +893,7 @@ BOOL ObStrMap_PushPtrUU(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR usz, _Out_opt_ L
 * -- return = TRUE on insertion, FALSE otherwise.
 */
 _Success_(return)
-BOOL ObStrMap_PushPtrAU(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR sz, _Out_opt_ LPSTR *puszDst, _Out_opt_ PDWORD pcbuDst);
+BOOL ObStrMap_PushPtrAU(_In_opt_ POB_STRMAP psm, _In_opt_ LPCSTR sz, _Out_opt_ LPSTR *puszDst, _Out_opt_ PDWORD pcbuDst);
 
 /*
 * Push / Insert into the ObStrMap.
@@ -899,7 +904,7 @@ BOOL ObStrMap_PushPtrAU(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR sz, _Out_opt_ LP
 * -- return = TRUE on insertion, FALSE otherwise.
 */
 _Success_(return)
-BOOL ObStrMap_PushPtrWU(_In_opt_ POB_STRMAP psm, _In_opt_ LPWSTR wsz, _Out_opt_ LPSTR *puszDst, _Out_opt_ PDWORD pcbuDst);
+BOOL ObStrMap_PushPtrWU(_In_opt_ POB_STRMAP psm, _In_opt_ LPCWSTR wsz, _Out_opt_ LPSTR *puszDst, _Out_opt_ PDWORD pcbuDst);
 
 /*
 * Push / Insert into the ObStrMap.
@@ -910,7 +915,7 @@ BOOL ObStrMap_PushPtrWU(_In_opt_ POB_STRMAP psm, _In_opt_ LPWSTR wsz, _Out_opt_
 * -- return = TRUE on insertion, FALSE otherwise.
 */
 _Success_(return)
-BOOL ObStrMap_PushPtrUW(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR usz, _Out_opt_ LPWSTR *pwszDst, _Out_opt_ PDWORD pcbwDst);
+BOOL ObStrMap_PushPtrUW(_In_opt_ POB_STRMAP psm, _In_opt_ LPCSTR usz, _Out_opt_ LPWSTR *pwszDst, _Out_opt_ PDWORD pcbwDst);
 
 /*
 * Push / Insert into the ObStrMap.
@@ -921,7 +926,7 @@ BOOL ObStrMap_PushPtrUW(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR usz, _Out_opt_ L
 * -- return = TRUE on insertion, FALSE otherwise.
 */
 _Success_(return)
-BOOL ObStrMap_PushPtrWW(_In_opt_ POB_STRMAP psm, _In_opt_ LPWSTR wsz, _Out_opt_ LPWSTR *pwszDst, _Out_opt_ PDWORD pcbwDst);
+BOOL ObStrMap_PushPtrWW(_In_opt_ POB_STRMAP psm, _In_opt_ LPCWSTR wsz, _Out_opt_ LPWSTR *pwszDst, _Out_opt_ PDWORD pcbwDst);
 
 /*
 * Push / Insert into the ObStrMap. Result pointer is dependant on fWideChar flag.
@@ -933,7 +938,7 @@ BOOL ObStrMap_PushPtrWW(_In_opt_ POB_STRMAP psm, _In_opt_ LPWSTR wsz, _Out_opt_
 * -- return = TRUE on insertion, FALSE otherwise.
 */
 _Success_(return)
-BOOL ObStrMap_PushPtrUXUW(_In_opt_ POB_STRMAP psm, _In_opt_ LPSTR usz, _Out_opt_ LPSTR *puszDst, _Out_opt_ PDWORD pcbuDst, BOOL fWideChar);
+BOOL ObStrMap_PushPtrUXUW(_In_opt_ POB_STRMAP psm, _In_opt_ LPCSTR usz, _Out_opt_ LPSTR *puszDst, _Out_opt_ PDWORD pcbuDst, BOOL fWideChar);
 
 /*
 * Push a UNICODE_OBJECT Pointer for delayed resolve at finalize stage.
@@ -1094,7 +1099,7 @@ POB_COMPRESSED ObCompressed_NewFromByte(_In_opt_ VMM_HANDLE H, _In_opt_ POB_CACH
 * -- return
 */
 _Success_(return != NULL)
-POB_COMPRESSED ObCompress_NewFromStrA(_In_opt_ VMM_HANDLE H, _In_opt_ POB_CACHEMAP pcmg, _In_ LPSTR sz);
+POB_COMPRESSED ObCompress_NewFromStrA(_In_opt_ VMM_HANDLE H, _In_opt_ POB_CACHEMAP pcmg, _In_ LPCSTR sz);
 
 /*
 * Retrieve the uncompressed size of the compressed data object.
@@ -1162,7 +1167,7 @@ BOOL ObMemFile_Append(_In_opt_ POB_MEMFILE pmf, _In_reads_(cb) PBYTE pb, _In_ QW
 * -- return
 */
 _Success_(return)
-BOOL ObMemFile_AppendString(_In_opt_ POB_MEMFILE pmf, _In_opt_z_ LPSTR sz);
+BOOL ObMemFile_AppendString(_In_opt_ POB_MEMFILE pmf, _In_opt_z_ LPCSTR sz);
 
 /*
 * Append a string (ansi or utf-8) to the ObMemFile.
@@ -1172,7 +1177,7 @@ BOOL ObMemFile_AppendString(_In_opt_ POB_MEMFILE pmf, _In_opt_z_ LPSTR sz);
 * -- return = the number of bytes appended (excluding terminating null).
 */
 _Success_(return != 0)
-SIZE_T ObMemFile_AppendStringEx(_In_opt_ POB_MEMFILE pmf, _In_z_ _Printf_format_string_ LPSTR uszFormat, ...);
+SIZE_T ObMemFile_AppendStringEx(_In_opt_ POB_MEMFILE pmf, _In_z_ _Printf_format_string_ LPCSTR uszFormat, ...);
 
 /*
 * Append a string (ansi or utf-8) to the ObMemFile.
@@ -1182,7 +1187,7 @@ SIZE_T ObMemFile_AppendStringEx(_In_opt_ POB_MEMFILE pmf, _In_z_ _Printf_format_
 * -- return = the number of bytes appended (excluding terminating null).
 */
 _Success_(return != 0)
-SIZE_T ObMemFile_AppendStringEx2(_In_opt_ POB_MEMFILE pmf, _In_z_ _Printf_format_string_ LPSTR uszFormat, _In_ va_list arglist);
+SIZE_T ObMemFile_AppendStringEx2(_In_opt_ POB_MEMFILE pmf, _In_z_ _Printf_format_string_ LPCSTR uszFormat, _In_ va_list arglist);
 
 /*
 * Read data 'as file' from the ObMemFile.
@@ -1229,6 +1234,15 @@ typedef struct tdOB_COUNTER_ENTRY {
 */
 POB_COUNTER ObCounter_New(_In_opt_ VMM_HANDLE H, _In_ QWORD flags);
 
+/*
+* Clear the ObCounter by removing all counts and keys.
+* NB! underlying allocated memory will remain unchanged.
+* -- pm
+* -- return = clear was successful - always true.
+*/
+_Success_(return)
+BOOL ObCounter_Clear(_In_opt_ POB_COUNTER pc);
+
 /*
 * Retrieve the number of counted keys the ObCounter.
 * -- pc

diff --git a/leechcore/ob/ob_map.c b/leechcore/ob/ob_map.c
@@ -277,9 +277,9 @@ PVOID _ObMap_GetNextByKey(_In_ POB_MAP pm, _In_ QWORD qwKey, _In_opt_ PVOID pvOb
 PVOID _ObMap_GetNextByIndex(_In_ POB_MAP pm, _Inout_ PDWORD pdwIndex, _In_opt_ PVOID pvObject)
 {
     if(pvObject) {
-        *pdwIndex = pm->c - 1;
-    } else {
         *pdwIndex = *pdwIndex - 1;
+    } else {
+        *pdwIndex = pm->c - 1;
     }
     if(pm->fObjectsOb) { Ob_DECREF(pvObject); }
     return _ObMap_GetByEntryIndex(pm, *pdwIndex);
@@ -725,7 +725,7 @@ BOOL ObMap_Clear(_In_opt_ POB_MAP pm)
 //-----------------------------------------------------------------------------
 
 _Success_(return)
-BOOL _ObMap_SortEntryIndex(_In_ POB_MAP pm, _In_ _CoreCrtNonSecureSearchSortCompareFunction pfnSort)
+BOOL _ObMap_SortEntryIndex(_In_ POB_MAP pm, _In_ OB_MAP_SORT_COMPARE_FUNCTION pfnSort)
 {
     DWORD iEntry;
     POB_MAP_ENTRY pSort;
@@ -734,7 +734,7 @@ BOOL _ObMap_SortEntryIndex(_In_ POB_MAP pm, _In_ _CoreCrtNonSecureSearchSortComp
     for(iEntry = 1; iEntry < pm->c; iEntry++) {
         memcpy(pSort + iEntry, &pm->Directory[OB_MAP_INDEX_DIRECTORY(iEntry)][OB_MAP_INDEX_TABLE(iEntry)][OB_MAP_INDEX_STORE(iEntry)], sizeof(OB_MAP_ENTRY));
     }
-    qsort(pSort + 1, pm->c - 1, sizeof(OB_MAP_ENTRY), pfnSort);
+    qsort(pSort + 1, pm->c - 1, sizeof(OB_MAP_ENTRY), (_CoreCrtNonSecureSearchSortCompareFunction)pfnSort);
     for(iEntry = 1; iEntry < pm->c; iEntry++) {
         memcpy(&pm->Directory[OB_MAP_INDEX_DIRECTORY(iEntry)][OB_MAP_INDEX_TABLE(iEntry)][OB_MAP_INDEX_STORE(iEntry)], pSort + iEntry, sizeof(OB_MAP_ENTRY));
     }
@@ -754,11 +754,11 @@ BOOL _ObMap_SortEntryIndex(_In_ POB_MAP pm, _In_ _CoreCrtNonSecureSearchSortComp
     return TRUE;
 }
 
-int _ObMap_SortEntryIndexByKey_CmpSort(_In_ POB_MAP_ENTRY p1, _In_ POB_MAP_ENTRY p2)
+int _ObMap_SortEntryIndexByKey_CmpSort(_In_ POB_MAP_ENTRY e1, _In_ POB_MAP_ENTRY e2)
 {
     return
-        (p1->k < p2->k) ? -1 :
-        (p1->k > p2->k) ? 1 : 0;
+        (e1->k < e2->k) ? -1 :
+        (e1->k > e2->k) ? 1 : 0;
 }
 
 /*
@@ -770,7 +770,7 @@ int _ObMap_SortEntryIndexByKey_CmpSort(_In_ POB_MAP_ENTRY p1, _In_ POB_MAP_ENTRY
 * -- return
 */
 _Success_(return)
-BOOL ObMap_SortEntryIndex(_In_opt_ POB_MAP pm, _In_ _CoreCrtNonSecureSearchSortCompareFunction pfnSort)
+BOOL ObMap_SortEntryIndex(_In_opt_ POB_MAP pm, _In_ OB_MAP_SORT_COMPARE_FUNCTION pfnSort)
 {
     OB_MAP_CALL_SYNCHRONIZED_IMPLEMENTATION_WRITE(pm, BOOL, FALSE, _ObMap_SortEntryIndex(pm, pfnSort))
 }
@@ -785,7 +785,7 @@ BOOL ObMap_SortEntryIndex(_In_opt_ POB_MAP pm, _In_ _CoreCrtNonSecureSearchSortC
 _Success_(return)
 BOOL ObMap_SortEntryIndexByKey(_In_opt_ POB_MAP pm)
 {
-    return ObMap_SortEntryIndex(pm, (_CoreCrtNonSecureSearchSortCompareFunction)_ObMap_SortEntryIndexByKey_CmpSort);
+    return ObMap_SortEntryIndex(pm, _ObMap_SortEntryIndexByKey_CmpSort);
 }
 
 //-----------------------------------------------------------------------------
@@ -844,16 +844,20 @@ BOOL _ObMap_Push(_In_ POB_MAP pm, _In_ QWORD qwKey, _In_ PVOID pvObject)
     if(!pm->Directory[OB_MAP_INDEX_DIRECTORY(iEntry)][OB_MAP_INDEX_TABLE(iEntry)]) {    // allocate "store" if required
         if(!(pm->Directory[OB_MAP_INDEX_DIRECTORY(iEntry)][OB_MAP_INDEX_TABLE(iEntry)] = LocalAlloc(LMEM_ZEROINIT, sizeof(OB_MAP_ENTRY) * OB_MAP_ENTRIES_STORE))) { return FALSE; }
     }
-    if(pm->fObjectsOb) {
-        Ob_INCREF(pvObject);
-    }
     pm->c++;
-    pe = _ObMap_GetFromIndex(pm, iEntry);
-    pe->k = qwKey;
-    pe->v = pvObject;
-    _ObMap_InsertHash(pm, TRUE, iEntry);
-    _ObMap_InsertHash(pm, FALSE, iEntry);
-    return TRUE;
+    if((pe = _ObMap_GetFromIndex(pm, iEntry))) {
+        if(pm->fObjectsOb) {
+            Ob_INCREF(pvObject);
+        }
+        pe->k = qwKey;
+        pe->v = pvObject;
+        _ObMap_InsertHash(pm, TRUE, iEntry);
+        _ObMap_InsertHash(pm, FALSE, iEntry);
+        return TRUE;
+    } else {
+        pm->c--;
+        return FALSE;
+    }
 }
 
 _Success_(return)

diff --git a/leechcore/version.h b/leechcore/version.h
@@ -2,9 +2,9 @@
 #define STRINGIZE(s) STRINGIZE2(s)
 
 #define VERSION_MAJOR               2
-#define VERSION_MINOR               18
-#define VERSION_REVISION            10
-#define VERSION_BUILD               78
+#define VERSION_MINOR               19
+#define VERSION_REVISION            0
+#define VERSION_BUILD               79
 
 #define VER_FILE_DESCRIPTION_STR    "LeechCore Memory Acquisition Library"
 #define VER_FILE_VERSION            VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD

diff --git a/leechcorepyc/pkggen_linux.sh b/leechcorepyc/pkggen_linux.sh
@@ -43,7 +43,7 @@ leechcorepyc = Extension(
 
 setup(
     name='leechcorepyc',
-    version='2.18.10', # VERSION_END
+    version='2.19.0', # VERSION_END
     description='LeechCore for Python',
     long_description='LeechCore for Python : native extension for physical memory access',
     url='https://github.com/ufrisk/LeechCore',

diff --git a/leechcorepyc/version.h b/leechcorepyc/version.h
@@ -2,9 +2,9 @@
 #define STRINGIZE(s) STRINGIZE2(s)
 
 #define VERSION_MAJOR               2
-#define VERSION_MINOR               18
-#define VERSION_REVISION            10
-#define VERSION_BUILD               78
+#define VERSION_MINOR               19
+#define VERSION_REVISION            0
+#define VERSION_BUILD               79
 
 #define VER_FILE_DESCRIPTION_STR    "LeechCore Memory Acquisition Library : Python API"
 #define VER_FILE_VERSION            VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD