A couple of days after demonstrating winlockpwn I came over libforensic1394, a full C library with full Python bindings for leveraging the SBP2 FireWire (IEE1394) DMA feature to perform memory dumps and live patching of physical memory.
It works like a charm, and it is much more stable than the old winlockpwn hack. This is due to the fact that instead of posing as an iPod (or any other SBP2 device for that matter), it presents the SBP2 stack with the original FireWire bus info from the attacker machine. Targets that use Windows 7 and other operating systems seem to be more happy with this, and the results is fewer BSODs and much more consistency and stability.
The library was coded and made available by Freddie Witherden, and there is also a paper available describing the library. The paper even includes signatures for Windows 7 and OS X Snow Leopard, and code samples for performing live patching of RAM. This is great stuff, stand by for a code sample by yours truly in a couple of days.
Update: I’ve released a tool at github called Inception, which uses libforensic1394 to unlock Windows 7 boxes. The tool is much more stable than winlockpwn. Drop me a line if you want to contribute.