[Vol-users] Problem reading mapped ranges in linux address spaces
edwin.smulders at gmail.com
Wed Jun 19 08:15:42 CDT 2013
I am having a problem reading certain values in an address space. I
know for certain that the range I am trying to read is mapped, i.e.
there is a vma for it.
The specific range in this case is shown in the vma list as this:
1206 0x00007faf9d98f000 0x00007faf9db4d000 r-x 0x0
8 1 241 /lib/x86_64-linux-gnu/libc-2.17.so
The offset in this range that I am trying to read is 0x21e9b = 0x7faf9d9b0e9b
the call may look like this: proc_as.read(0x7faf9d9b0e9b, 10)
and it will return None, meaning it could not read that address.
Using the linux_dump_map I exported the whole range and there's a
pretty big empty (inaccessible) chunk in the middle, which appears as
0-bytes in the export. I know for a fact that my libc does not have a
big area of 0-bytes, so this is pretty weird. It also works just fine
for other processes in the same dump (so using the same libc).
For research purposes I make my memory dumps with virtualbox, so I
don't think it's an issue with memory corruption; as far as i can
tell, virtualbox makes complete snapshots.
Does anyone know what might cause this problem?
More information about the Vol-users