jaclaz wrote:
Rossetoecioccolato wrote:
http://www.gmgsystemsinc.com/knttools/
The KnTTools Enterprise Edition has support dumping VRAM and NIC SRAM for about 5 years now. :-)Good <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> which are the "select" cards and nic's? <img src="images/smiles/icon_confused.gif" alt="Confused" title="Confused" />
Quote::
Acquisition of VRAM, SRAM or NVRAM from select video and network adapters.
I mean are they specific models, specific buses, specific brands?
jaclaz
Video cards and NIC's pretty much all use PCIe at this point, at least on desktop/laptop PC's, I think that I still have a couple of PCI and AGP video cards somewhere, if they still work; but the only place that you can buy one is on eBay. Reading device memory is highly dependent on the specific hardware. You identify the specific device using it's PnP ID, read the data sheet for that device and proceed accordingly. It also depends on which version of MS Windows. VRAM acquisition from Vista (Windows 2003 and Windows 7+ are supported) is no longer supported because it required a hack and because not too many business users are unfortunate enough to still be using Vista. A large number of AMD Radeo and NVIDIA gpu chipsets are supported. Intel GPU's don't yet have similar programming capabilities. (Am I wrong?) Many Realtek and Broadcom NIC's are supported, including NetExtreme. In many cases NVRAM and CPU microcode also are acquired. Generally, the chipsets that are supported are the ones that commonly are being exploited for GPU and NIC-based malware. Use the contact information on the KnTTools web site to get more specific information on makes and models supported.
↧