[Vol-users] Problem reading mapped ranges in linux address spaces

Edwin Smulders edwin.smulders at gmail.com
Wed Jun 19 08:15:42 CDT 2013


Hi all,

I am having a problem reading certain values in an address space. I
know for certain that the range I am trying to read is mapped, i.e.
there is a vma for it.

The specific range in this case is shown in the vma list as this:

1206 0x00007faf9d98f000 0x00007faf9db4d000 r-x                   0x0
   8      1        241 /lib/x86_64-linux-gnu/libc-2.17.so

The offset in this range that I am trying to read is 0x21e9b = 0x7faf9d9b0e9b

the call may look like this: proc_as.read(0x7faf9d9b0e9b, 10)
and it will return None, meaning it could not read that address.

Using the linux_dump_map I exported the whole range and there's a
pretty big empty (inaccessible) chunk in the middle, which appears as
0-bytes in the export. I know for a fact that my libc does not have a
big area of 0-bytes, so this is pretty weird. It also works just fine
for other processes in the same dump (so using the same libc).

For research purposes I make my memory dumps with virtualbox, so I
don't think it's an issue with memory corruption; as far as i can
tell, virtualbox makes complete snapshots.

Does anyone know what might cause this problem?

Cheers,
Edwin


More information about the Vol-users mailing list