You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
if you generate an ELF core file containing the memory dump of VM in QEMU (qemu-system-x86_64 than in console dump-guest-memory FILENAME) and you parse it with a simple Rust program as
use goblin::Object;
use std::io::Read;
use std::fs::File;
fn main() {
let mut file = File::open("/tmp/elf").map_err(|_| "open file error").expect("Error");
let mut head = vec![0; 1024*1024*2];
file.read(&mut head).ok();
println!("{:?}\n", Object::parse(&head));
}
you get Err(Malformed("Section 1 size (151127112) + offset (11) is out of bounds. Overflowed: false")) but the ELF core is correctly formatted. I suppose the error is a offset-by-one error.
The text was updated successfully, but these errors were encountered:
Malformed entity: Section 1 size (8724103072) + offset (11) is out of bounds. Overflowed: false
The interesting thing is that it appears that size and offset have their places swapped.
❯ readelf --sections ../win11-for-dump2.elf
There are 2 section headers, starting at offset 0x40:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .shstrtab STRTAB 0000000000000000 207ff3fa0
000000000000000b 0000000000000000 0 0 0
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
D (mbind), l (large), p (processor specific)
h33p
linked a pull request
Jul 2, 2024
that will
close
this issue
Hi,
if you generate an ELF core file containing the memory dump of VM in QEMU (
qemu-system-x86_64
than in consoledump-guest-memory FILENAME
) and you parse it with a simple Rust program asyou get
Err(Malformed("Section 1 size (151127112) + offset (11) is out of bounds. Overflowed: false"))
but the ELF core is correctly formatted. I suppose the error is a offset-by-one error.The text was updated successfully, but these errors were encountered: