search

moyix / pdbparse

Python code to parse Microsoft PDB files
Other
309 stars 83 forks source link

Process ntkrnlmp.pdb except #54

Open 55-AA opened 3 years ago

55-AA commented 3 years ago

the file link is: http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/A32C55CDEBC1441DAC80552A86F5F11F1/ntkrnlmp.pdb

Traceback (most recent call last): File "/usr/local/bin/pdb_print_gvars.py", line 56, in main(args[0], args[1]) File "/usr/local/bin/pdb_print_gvars.py", line 23, in main pdb = pdbparse.parse(filename) File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 554, in parse return PDB7(f, fast_load) File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 521, in init self.read_root(self.root_stream) File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 467, in read_root parent = self)) File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 154, in init self.load() File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 262, in load tpis = tpi.parse_stream(self.stream_file, unnamed_hack, elim_fwdrefs) File "/usr/local/lib64/python3.6/site-packages/pdbparse/tpi.py", line 1160, in parse_stream tpi_stream = TPIStream.parse_stream(fp) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 300, in parse_stream return self._parsereport(stream, context, "(parsing)") File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport obj = self._parse(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse return self.subcon._parsereport(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport obj = self._parse(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2120, in _parse subobj = sc._parsereport(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport obj = self._parse(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse return self.subcon._parsereport(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport obj = self._parse(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2413, in _parse e = self.subcon._parsereport(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport obj = self._parse(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse return self.subcon._parsereport(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport obj = self._parse(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2120, in _parse subobj = sc._parsereport(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport obj = self._parse(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse return self.subcon._parsereport(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport obj = self._parse(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 5040, in _parse stream2 = io.BytesIO(data._parsereport(stream, context, path)) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport obj = self._parse(stream, context, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 848, in _parse return stream_read(stream, length, path) File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 91, in stream_read raise StreamError("stream read less than specified amount, expected %d, found %d" % (length, len(data)), path=path) construct.core.StreamError: Error in path (parsing) -> TPIStream -> types -> types -> type_data stream read less than specified amount, expected 94, found 0

moyix commented 3 years ago

What version of Windows does this kernel PDB come from? I wonder if it's related to the fact that the PDB format changed a bit recently?

See this Volatility issue: https://github.com/volatilityfoundation/volatility3/issues/516

changliu98 commented 3 years ago

Got issue with pdbparse too, always shows an KeyError on any pdb file