search

trolldbois / python-haystack

Process heap analysis framework - Windows/Linux - record type inference and forensics
http://trolldbois.blogspot.com/search?q=python-haystack
GNU General Public License v3.0
94 stars 33 forks source link

OverflowError on dump #5

Closed Tinche closed 8 years ago

Tinche commented 10 years ago

Trying to dump the memory of a running process:

> sudo /home/tin/.local/bin/haystack-dump 21958 dumps/portal.dump
INFO:root:Attach process 21958
INFO:root:Attach  to debugger
INFO:root:Set  options to 1
Traceback (most recent call last):
  File "/home/tin/.local/bin/haystack-dump", line 18, in 
    memory_dumper.main(sys.argv[1:])
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/haystack/memory_dumper.py", line 200, in main
    opts.func(opts)
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/haystack/memory_dumper.py", line 182, in _dump
    return dump(opt.pid, opt.dumpname, opt.type, opt.stack, opt.heap)
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/haystack/memory_dumper.py", line 176, in dump
    destname = dumper.dump()
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/haystack/memory_dumper.py", line 69, in dump
    self._dump_to_dir()
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/haystack/memory_dumper.py", line 80, in _dump_to_dir
    self._dump_all_mappings(self._dest)
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/haystack/memory_dumper.py", line 120, in _dump_all_mappings
    self._dump_mapping(m, destdir)
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/haystack/memory_dumper.py", line 153, in _dump_mapping
    mmap_fout.write(m.mmap().getByteBuffer())
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/haystack/memory_mapping.py", line 229, in mmap
    self._process().readArray(self.start, ctypes.c_ubyte, len(self) ) # keep ref
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/ptrace/debugger/process.py", line 627, in readArray
    bytes = self.readBytes(address, sizeof(basetype)*count)
  File "/home/tin/.local/venvs/haystack/local/lib/python2.7/site-packages/ptrace/debugger/process.py", line 562, in readBytes
    mem.seek(address)
OverflowError: Python int too large to convert to C long
trolldbois commented 9 years ago

Which version of python are you using ?

Edit: sorry, 2.7 ok.

trolldbois commented 9 years ago

I would probably push the blame on python-ptrace

trolldbois commented 8 years ago

non-repro Or fixed