m4b
commented
1 year ago interesting; @IridiumXOR would you be interested in working on a PR to fix this? :)
Open IridiumXOR opened 1 year ago
m4b
commented
1 year ago interesting; @IridiumXOR would you be interested in working on a PR to fix this? :)
h33p
commented
3 months ago Experiencing similar problem:
Malformed entity: Section 1 size (8724103072) + offset (11) is out of bounds. Overflowed: falseThe interesting thing is that it appears that size and offset have their places swapped.
❯ readelf --sections ../win11-for-dump2.elf
There are 2 section headers, starting at offset 0x40:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .shstrtab STRTAB 0000000000000000 207ff3fa0
000000000000000b 0000000000000000 0 0 0
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
D (mbind), l (large), p (processor specific)so while reading the PR for fixing this issue, it was revealed that the primary cause of this was that the full file was not being loaded into memory, so that parsing was out of bounds. Is this also the cause of your failure here in this issue?
Hi, if you generate an ELF core file containing the memory dump of VM in QEMU (
qemu-system-x86_64than in consoledump-guest-memory FILENAME) and you parse it with a simple Rust program asyou get
Err(Malformed("Section 1 size (151127112) + offset (11) is out of bounds. Overflowed: false"))but the ELF core is correctly formatted. I suppose the error is a offset-by-one error.