Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ValueError: invalid literal for int() with base 16: '128 (-128)' #866

Open
BoBppy opened this issue Nov 8, 2023 · 4 comments
Open

ValueError: invalid literal for int() with base 16: '128 (-128)' #866

BoBppy opened this issue Nov 8, 2023 · 4 comments

Comments

@BoBppy
Copy link

BoBppy commented Nov 8, 2023

os:Ubuntu20.04

uname -a :

Linux ubuntu 5.4.0-26-lowlatency #30-Ubuntu SMP PREEMPT Mon Apr 20 17:51:18 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

also tried in 5.4.0-165 lowlatency or generic

Error message:

python vol.py -f ubuntu.lime --profile=LinuxUbuntux64 linux_arp
Volatility Foundation Volatility Framework 2.6.1
Traceback (most recent call last):
  File "vol.py", line 192, in <module>
    main()
  File "vol.py", line 183, in main
    command.execute()
  File "/home/bob/volatility/volatility/plugins/linux/common.py", line 67, in execute
    commands.Command.execute(self, *args, **kwargs)
  File "/home/bob/volatility/volatility/commands.py", line 116, in execute
    if not self.is_valid_profile(profs[self._config.PROFILE]()):
  File "/home/bob/volatility/volatility/plugins/overlays/linux/linux.py", line 218, in __init__
    obj.Profile.__init__(self, *args, **kwargs)
  File "/home/bob/volatility/volatility/obj.py", line 862, in __init__
    self.reset()
  File "/home/bob/volatility/volatility/plugins/overlays/linux/linux.py", line 232, in reset
    self.load_vtypes()
  File "/home/bob/volatility/volatility/plugins/overlays/linux/linux.py", line 269, in load_vtypes
    vtypesvar = dwarf.DWARFParser(dwarfdata).finalize()
  File "/home/bob/volatility/volatility/dwarf.py", line 73, in __init__
    self.feed_line(line)
  File "/home/bob/volatility/volatility/dwarf.py", line 164, in feed_line
    self.process_statement(**parsed) #pylint: disable-msg=W0142
  File "/home/bob/volatility/volatility/dwarf.py", line 201, in process_statement
    self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
ValueError: invalid literal for int() with base 16: '128 (-128)'

i have pulled #852 and #854 ,but ineffective.

@Abyss-W4tcher
Copy link

Hello, recent gcc and dwarfdump versions output symbols in a format not implemented by Volatility2. You can try to patch it yourself. Check valid "DW_AT_byte_size" format from another dump/profile and edit volatility/volatility/dwarf.py#L201 to match the ones from your profile.

Ultimately, you should try using Volatility3, as it won't have any problem with this kernel version :) .

Regards

@t0toto
Copy link

t0toto commented Feb 5, 2024

So how should I edit volatility/volatility/dwarf.py?

@mischw
Copy link

mischw commented Jul 3, 2024

So how should I edit volatility/volatility/dwarf.py?

I think at the bottom of the README there is a patch by him:
https://github.com/Abyss-W4tcher/volatility2-profiles?tab=readme-ov-file#volatility-patches

@Abyss-W4tcher
Copy link

So how should I edit volatility/volatility/dwarf.py?

I think at the bottom of the README there is a patch by him: Abyss-W4tcher/volatility2-profiles#volatility-patches

Hi, this patch applies to another issue, but it might help to implement the one needed in your case 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants