Re: [Vol-users] Incorrect addresses in linux_proc_maps
1 Mar
2013
1 Mar
'13
10:53 a.m.
Thanks for reporting. We just recently removed the mask_number function (
http://code.google.com/p/volatility/source/detail?r=3090) because vm_start
and vm_end are already unsigned (so you shouldn't see negative numbers in
output).
I'm guessing this may be a problem with our output formatting, but we'll
look into it (the output of /proc/<pid>/maps like Andrew asked for would be
useful).
On Fri, Mar 1, 2013 at 10:47 AM, Andrew Case <atcuno(a)gmail.com> wrote:
Can you send the output of /proc/<pid>/maps that
corresponds to one of
the processes with the broken plugin output?
On Fri, Mar 1, 2013 at 6:52 AM, Edwin Smulders <edwin.smulders(a)gmail.com>
wrote:
Hi all,
I've just created a profile for my Ubuntu 12.04 (3.5.0-25) and I've
dumped the memory using virtualbox guestcoredump.
Using the linux_proc_maps plugin I get the following output:
http://paste.ubuntu.com/5576450/
I was expecting similar output to "cat /proc/<pid>/maps". As you can
see, these "-0x4...000" addresses are obviously wrong. Is this I am
doing wrong myself, or is this a bug? It happens for other processes
as well.
If this is a bug I'll make a new issue in the tracker with the steps
I've followed to produce this.
Cheers,
Edwin
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
Attachments:
- attachment.html (text/html — 2.7 KB)