Hello!
I am trying to write out the memory of drivers from my windows vm.
When reading I get an Overflow error on wimmount.sys driver. I am unsure how to track down details of why this is happening.
This is my code. The pefile import and handling is not relevant to the error.
from memflow import *
import logging
import pefile
import os
FORMAT = "%(levelname)s %(name)s %(asctime)-15s %(filename)s:%(lineno)d %(message)s"
logging.basicConfig(format=FORMAT)
logging.getLogger().setLevel(logging.INFO)
inventory = Inventory() # list of connectors found on the system
#print(inventory.available_connectors())
#print(inventory.connector_target_list("qemu"))
#print(inventory.connector_help("qemu"))
connector = inventory.create_connector(name="qemu")
os = inventory.create_os("win32", input=connector)
print ("Name Base Size Path")
for m in os.module_info_list():
#logging.log(logging.INFO, m.name + " " + str(m.base) + " " + str(m.size) + " " + m.path)
print(m.name + " " + str(m.base) + " " + str(m.size) + " " + m.path)
driver = os.read(m.base, c_ubyte * m.size)
try:
print( c_ubyte * m.size )
pe = pefile.PE(data=bytes(driver))
with open(m.name, 'wb') as writer:
writer.write(pe.write())
except:
#print("error with " + m.name)
print( c_ubyte * m.size )
Hello! I am trying to write out the memory of drivers from my windows vm. When reading I get an Overflow error on wimmount.sys driver. I am unsure how to track down details of why this is happening.
This is my code. The pefile import and handling is not relevant to the error.