physmem2profit: Service Failed to start. 31: A device attached to the system is not functioning
I seem to be having issues with the physmem2profit service on my bare-metal Windows 10 host. Any suggesstions?
Compiled with Microsoft Visual Studio Community 2019 version 16.5.5
Ran on Microsoft Windows Version 10 2004 update:
.\Physmem2profit.exe --ip 192.168.128.142 -p 80 --verbose
Attacking machine command:
python3 physmem2profit --host 192.168.128.142 --port 80 --mode all --driver winpmem --install c:/temp/att_winpmem_64.sys --label foobar
Receiving the following output from the Windows 10 host after attacking with my Kali machine:
[+] Found driver bridge: WinPmem.
[+] Registered command: Install.
[+] Registered command: Uninstall.
[+] Registered command: Map.
[+] Registered command: Read.
[*] Starting server on 192.168.128.142:21...
[+] Server Started.
[*] Waiting for a connection...
[+] Connected!
[*] Invoking Command Install for driver WinPmem.
[*] Installing service...
[*] Creating service physmem2profit...
[+] Service created successfully.
[*] Starting service...
[*] Service is stopped. Trying to start it...
[-] Service Failed to start. 31: A device attached to the system is not functioning
[*] Invoking Command Uninstall for driver WinPmem.
[?] Service already stopped.
[+] Successfully unloaded the WinPMem driver.
[*] Exit command received. Terminating.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 2
- Comments: 15 (7 by maintainers)
Commits related to this issue
- Trying to fix the soft https://github.com/FSecureLABS/physmem2profit/issues/7 — committed to lyghtnox/physmem2profit by lyghtnox 3 years ago
Hello,
I tried the most recent driver and got the same issue as @Antho59 , this seems to be caused by a change in the IOCTRL codes. I recompiled the Physmem2profit server with
INFO_IOCTRL = 0x22C40Fand I got past this specific error. However it’s still not working.After sending the Map command it just hangs there for a while and at some point the python client crashes with “File does not exist:
<path to image.raw>”When I add some debug statements in the client, I see the
nvalue used in the for loop to build therunsarray is 0. However in DebugView I see “Memory range runs found: 7”, so this seems to mismatch and I don’t know why. For now this is beyond my Windows Kernel understanding/knowledge.@timhir: Any chance you could have a quick look at this? I understand you’re probably busy, so maybe if you could give me some pointers I might be able to investigate that further.
Cheers, Boris
I will try to investigate this at some point. Unfortunately cannot give any guarantees on the schedule 😕