Closed jmreyes closed 7 years ago
corelanc0d3r
commented
7 years ago thank you for the awesome commit. Technically mona.py is missing LFH support, but I was not able to find correct documentation on the LFH related structures... any help with that would be great - thanks
nemhods
commented
7 years ago I have encountered difficulties with this commit. Specifically, getOffset would report wrong values, leading to empty Lookaside Lists being displayed.
Platform info:
The issue seems to be that there are two getOffset functions in the code. One deals with instructions (line 9651), one deals with offset names (line 1802). The LAL code should call the name-based getOffset, but ends up calling the other one instead.
You should be able to verify this by adding debug prints in the two getOffset functions and using a command like !py mona.py heap -t lal in WinDbg.
My Python skills are not developed enough to fix this properly. Maybe someone could review why the wrong function is called?
jmreyes
commented
7 years ago Absolutely, I'm sorry about this! Wrong name choice since it was in use already... Will submit a PR in one or two days once I check that changing the name of the new function to e.g. getOsOffet fixes the issue. Thanks!
This would still need some additional changes in e.g.
showHeapBlockInfo, I can work on them if you are interested in getting this merged. Of course, in that case any suggestion is welcomed. Thanks!