Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Weird problem #12

Open
ghost opened this issue Jun 1, 2018 · 1 comment
Open

Weird problem #12

ghost opened this issue Jun 1, 2018 · 1 comment

Comments

@ghost
Copy link

ghost commented Jun 1, 2018

The path variable does not seem to get passed to EMList properly for some reason. Python really isn't my language of choice, so I don't really know how to fix it. I've tried to set the path variable with tempfile.gettempdir(). I can see that storage_path is set as a global variable and is set with tempfile.gettempdir(), so I thought doing that might remedy the problem, but it didn't.

0:084> !py C:\\Users\\aaa\\AppData\\Local\\Temp\\shadow\\pykd_driver.py jechunks


Traceback (most recent call last):

  File "C:\\Users\\aaa\\AppData\\Local\\Temp\\shadow\\pykd_driver.py", line 59, in <module>
    shadow.dump_chunks()

  File "C:\Users\aaa\AppData\Local\Temp\shadow\shadow.py", line 1344, in dump_chunks
    jeheap = load_jeheap(path)

  File "C:\Users\aaa\AppData\Local\Temp\shadow\shadow.py", line 151, in load_jeheap
    return jemalloc.jemalloc(path=path)

  File "C:\Users\aaa\AppData\Local\Temp\shadow\jemalloc.py", line 34, in __init__
    self.chunks = EMList(")/chunks" 7ffad203502bath)  <<<<<<<<<<<<<<<< An address. ????????

RuntimeError: Cannot open EMList
@ghost
Copy link
Author

ghost commented Jun 1, 2018
edited by ghost
Loading

I managed to find the version of Pykd you recommend by downloading the 2gig backup from their site and going through each one. I've installed it and still get the exact same issue, so I don't think it's anything to do with Pykd.

0:085> !py C:\\Users\\aaa\\AppData\\Local\\Temp\\shadow\\pykd_driver.py jeparse
[shadow] parsing structures from memory...
[shadow] 2018-06-01 21:54:40


Traceback (most recent call last):

  File "C:\\Users\\aaa\\AppData\\Local\\Temp\\shadow\\pykd_driver.py", line 42, in <module>
    shadow.parse(read_content_preview, config_path, do_debug_log=do_debug_log)

  File "C:\Users\aaa\AppData\Local\Temp\shadow\shadow.py", line 269, in parse
    parse_general(jeheap)

  File "C:\Users\aaa\AppData\Local\Temp\shadow\shadow.py", line 309, in parse_general
    arenas_addr = dbg.read_dwords(arenas_arr_addr, jeheap.narenas)

  File "C:\Users\aaa\AppData\Local\Temp\shadow\pykd_engine.py", line 159, in read_dwords
    return pykd.loadQWords(addr, size)

ArgumentError: Python argument types in
    pykd.pykd.loadQWords(NoneType, NoneType)
did not match C++ signature:
    loadQWords(unsigned __int64 offset, unsigned long count)
    loadQWords(unsigned __int64 offset, unsigned long count, bool phyAddr)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants