huettenhain
commented
4 years ago Hey there! I'd like to try and reproduce this to chase down the bug; any chance you share the sample you are looking at? A SHA256 hash is (most likely) fine.
Closed dummys closed 1 year ago
huettenhain
commented
4 years ago Hey there! I'd like to try and reproduce this to chase down the bug; any chance you share the sample you are looking at? A SHA256 hash is (most likely) fine.
dummys
commented
4 years ago Not a malware, contacted you on signal
huettenhain
commented
4 years ago I can reproduce this, but sadly I do not know how to fix this. The provided test file came out of a Delphi compiler that seems to store class metadata in a format that I am unfamiliar with, and sadly I don't have the time to figure it out right now. With commit 63ab807, I added an error message that is, at least, mildly better than the stacktrace you received. My focus is very strongly on malware and I don't want to mismanage expectations here - it is really unlikely that I'll find the time to figure this out. However, if someone explains to me how to detect that compiler and parse its class metadata, then I will try to add support. That explanation may be in any form, pull request, comment here, link to a foreign language forum post with vague details, you name it.
huettenhain
commented
1 year ago It's stale, and let's be realistic, I am not fixing this. I am sorry about it, but it just won't happen.
Hello,
Here is the error:
ror running script: DhrakeParseClass.java ghidra.program.model.mem.MemoryAccessException: Address ram:00000000 does not exist in memory ghidra.program.model.mem.MemoryAccessException: Address ram:00000000 does not exist in memory at ghidra.program.database.mem.MemoryMapDB.getByte(MemoryMapDB.java:1222) at ghidra.program.flatapi.FlatProgramAPI.getByte(FlatProgramAPI.java:1816) at DhrakeParseClass.run(DhrakeParseClass.java:41) at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:365) at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:220) at ghidra.app.script.GhidraScript.execute(GhidraScript.java:198) at ghidra.app.plugin.core.script.RunScriptTask.run(RunScriptTask.java:57) at ghidra.util.task.Task.monitoredRun(Task.java:126) at ghidra.util.task.TaskRunner.lambda$startTaskThread$1(TaskRunner.java:94) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:830)