search

tking2 / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 1 forks source link

ARM address space is buggy #287

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The ARM address space is currently kind of buggy.  Certain plugins that deal 
with userspace stuff (like linux_psaux and linux_dump_map) don't really work 
correctly because of this.

I attempted to figure out where the problem was, but the code was sort of hard 
to follow (sorry Andrew), so I rewrote it.

I'm attaching the patch and the changed file (the patch is hard to follow since 
a lot is rewritten).

Original issue reported on code.google.com by Joe.Sylve@gmail.com on 3 Jul 2012 at 3:48

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by jamie.l...@gmail.com on 3 Jul 2012 at 2:08

GoogleCodeExporter commented 9 years ago 
Has anyone had a chance to look this over?

Original comment by Joe.Sylve@gmail.com on 4 Jul 2012 at 1:57

GoogleCodeExporter commented 9 years ago 
Not yet Joe, I'm sorry.  I'll try to get to it this weekend, but these things 
take time.  I also need to dig out a copy of the ARM specs so I can follow 
along at home with the changes.  5:)  I'm interested to know where the 
differences arise between the existing ARM AS and the one you've provided...

Original comment by mike.auty@gmail.com on 4 Jul 2012 at 2:23

GoogleCodeExporter commented 9 years ago 
Not a problem.  Here's a copy of the ARM reference I used while writing this.  

https://www.scss.tcd.ie/~waldroj/3d1/arm_arm.pdf

I'm not sure where the bugs are in the existing ARM AS, as it was somewhat hard 
to follow.  I tried to follow the specs as closely as possible and commented 
what I could.

I do know that Andrew and I were having problems with the psaux and dump_map 
plugins with the existing AS.  These problems seem to be resolved with the new 
one.  We initially thought that it had to do with ARM's supersections, which we 
don't support, however I don't think any of the hardware we tested on even 
supports supersections.  I think there is just a bug in the current AS in 
translation somewhere.

Original comment by Joe.Sylve@gmail.com on 4 Jul 2012 at 2:44

GoogleCodeExporter commented 9 years ago 
I committed the new address space, which fixes all the userland parsing, the 
get_available_pages still isn't implemented though... will be quite painful

Original comment by atc...@gmail.com on 4 Aug 2012 at 1:20

GoogleCodeExporter commented 9 years ago 
This patch enhances support for fine pages, and course pages (when subpages are 
disabled).  Fixes issues with running certain plugins on the HTC Evo 4G.

Original comment by Joe.Sylve@gmail.com on 4 Aug 2012 at 9:35

Attachments:

GoogleCodeExporter commented 9 years ago 
is this still an issue?  if so, please do a pull request or update here: 
https://github.com/volatilityfoundation/volatility/issues

Original comment by jamie.l...@gmail.com on 20 Nov 2014 at 8:33