linux_dmesg error - Githubissues

GoogleCodeExporter commented 8 years ago

linux_dmesg seems to be exiting with an error.  Tested with Volatility 2.2 and 
2.3_alpha on CentOS 6.3 x86 (kernel 2.6.32-279.14.1.el6.i686).  Memory image 
and profile available from http://deer-run.com/~hal/mem-forensics.tgz

Here's the output on 2.3_alpha:

[root@localhost mem-forensics]# vol.py --plugins=. 
--profile=LinuxCentOS-2_6_32-279_14_1x86 -f centos.lime linux_dmesg
Volatile Systems Volatility Framework 2.3_alpha
Traceback (most recent call last):
  File "/usr/local/bin/vol.py", line 186, in <module>
    main()
  File "/usr/local/bin/vol.py", line 177, in main
    command.execute()
  File "/usr/local/src/volatility-20121208/volatility/plugins/linux/common.py", line 57, in execute
    commands.Command.execute(self, *args, **kwargs)
  File "/usr/local/src/volatility-20121208/volatility/commands.py", line 111, in execute
    func(outfd, data)
  File "/usr/local/src/volatility-20121208/volatility/plugins/linux/dmesg.py", line 89, in render_text
    for buf in data:
  File "/usr/local/src/volatility-20121208/volatility/plugins/linux/dmesg.py", line 82, in calculate
    yield self._ver_3(log_buf_addr, log_buf_len)
  File "/usr/local/src/volatility-20121208/volatility/plugins/linux/dmesg.py", line 68, in _ver_3
    ret = ret + "[{0}.{1}] {2}\n".format(cur_ts, cur_ts / 1000000000, buf)
  File "/usr/local/src/volatility-20121208/volatility/plugins/overlays/basic.py", line 92, in __format__
    return format(self.__str__(), formatspec)
  File "/usr/local/src/volatility-20121208/volatility/plugins/overlays/basic.py", line 83, in __str__
    return unicode(self).encode('ascii', 'replace') or ""
  File "/usr/local/src/volatility-20121208/volatility/plugins/overlays/basic.py", line 89, in __unicode__
    return self.v().decode(self.encoding, 'replace').split("\x00", 1)[0] or u''
  File "/usr/local/src/volatility-20121208/volatility/plugins/overlays/basic.py", line 67, in v
    result = self.obj_vm.zread(self.obj_offset, self.length)
  File "/usr/local/src/volatility-20121208/volatility/plugins/addrspaces/intel.py", line 299, in zread
    return self.__read_bytes(vaddr, length, pad = True)
  File "/usr/local/src/volatility-20121208/volatility/plugins/addrspaces/intel.py", line 273, in __read_bytes
    buf = self.__read_chunk(vaddr, chunk_len)
  File "/usr/local/src/volatility-20121208/volatility/plugins/addrspaces/intel.py", line 250, in __read_chunk
    paddr = self.vtop(vaddr)
  File "/usr/local/src/volatility-20121208/volatility/plugins/addrspaces/intel.py", line 441, in vtop
    pdpte = self.get_pdpte(vaddr)
  File "/usr/local/src/volatility-20121208/volatility/plugins/addrspaces/intel.py", line 384, in get_pdpte
    return self.pdpte_cache[self.pdpte_index(vaddr)]
IndexError: tuple index out of range

Original issue reported on code.google.com by h...@deer-run.com on 8 Dec 2012 at 8:16

GoogleCodeExporter commented 8 years ago

Original comment by jamie.l...@gmail.com on 10 Dec 2012 at 2:13

GoogleCodeExporter commented 8 years ago

Using the profile from the other issue fixes this as well.

Original comment by atc...@gmail.com on 10 Dec 2012 at 6:30

Changed state: Fixed

Thrown / volatility

linux_dmesg error #366