-
-
Notifications
You must be signed in to change notification settings - Fork 95
Device_Totalmeltdown
The LeechCore library supports reading and writing memory from Windows 7 / 2008R2 systems vulnerable to CVE-2018-1038 "Total Meltdown"
Facts in short:
- Is supported on 64-bit Windows 7 / 2008R2.
- Acquires memory in read/write mode.
- Acquired memory is assumed to be volatile.
- Have additional requirements.
LeechCore API:
Please specify the acquisition device type in LC_CONFIG.szDevice
when calling LcCreate
. Example: totalmeltdown
.
PCILeech / MemProcFS:
Please specify the device type in the -device
option.
Example:
-device totalmeltdown
The target system must be a Windows 7 or Windows 2008R2 system vulnerable to the Total Meltdown vulnerability (CVE-2018-1038). This vulnerability was live between January 2018 to March 2018. Please see more information in the following blog entry.
Sponsor PCILeech and MemProcFS:
PCILeech and MemProcFS is free and open source!
I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!
If you like what I've created with PCIleech and MemProcFS with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk
Thank You 💖