Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cr4sh/smram_parse
System Management RAM analysis tool
https://github.com/cr4sh/smram_parse
analysis dfir firmware forensics investigation reversing security smm uefi
Last synced: 3 months ago
JSON representation
System Management RAM analysis tool
- Host: GitHub
- URL: https://github.com/cr4sh/smram_parse
- Owner: Cr4sh
- License: gpl-3.0
- Created: 2016-10-22T08:33:43.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2021-04-05T15:02:32.000Z (almost 4 years ago)
- Last Synced: 2024-07-31T18:16:00.129Z (6 months ago)
- Topics: analysis, dfir, firmware, forensics, investigation, reversing, security, smm, uefi
- Language: Python
- Homepage:
- Size: 21.5 KB
- Stars: 72
- Watchers: 7
- Forks: 16
- Open Issues: 2
-
Metadata Files:
- Readme: README.TXT
- License: LICENSE.TXT
Awesome Lists containing this project
README
System Management RAM analysis tool.
**************************************************************************
For more information about this project please read the following article:
http://blog.cr4.sh/2016/10/exploiting-ami-aptio-firmware.html
To use full capabilities of this tool you need to install UEFIDump (https://github.com/LongSoft/UEFITool/releases/tag/A32), ida-efiutils (https://github.com/snare/ida-efiutils) and edit corresponding variables in smram_parse.py code.
This tool was tested only with 6 generation Intel NUC firmware based on AMI Aptio V code base.
FEATURES:
* SMRAM and SMST address information
* Loaded SMM drivers list
* SMM protocols list
* SMI entry address for each CPU
* SW SMI handlers list
* Root SmiHandlerRegister() handlers list
* Child SmiHandlerRegister() handlers list
USAGE:
$ smram_parse.py [flash_image_dump]
Output example: https://raw.githubusercontent.com/Cr4sh/smram_parse/master/EXAMPLE.TXT
Written by:
Dmytro Oleksiuk (aka Cr4sh)
[email protected]
http://blog.cr4.sh