Hi guys, I'm trying to use "aeskeyfind" bin to do some tests on my notebook, and as the suject says, it segfaults.
Notebook: Samsung RF511 with 4GB of RAM, running Ubuntu 12.04 (just don't say...). I got a memory dump with LiME in a raw format, then I executed aeskeyfind and at 51% it segfaulted. So I downloaded the src from https://citp.princeton.edu/memory-content/, recompiled with -g flag and run with valgrind. Attached is the log file. The bug is at line 109 of aeskeyfind.c I can't understand nothing about the code so I cannot fix that. Thank you in advance, Best Regards -- Anathema +--------------------------------------------------------------------+ |GPG/PGP KeyID: 0F26965C available on http://pgpkeys.mit.edu:11371/ | |Fingerprint: F808 18A2 2E7D 6E7A 7A18 4062 0AA3 7BF2 0F26 965C | | | |http://www.msack.org | +--------------------------------------------------------------------+
anathema@cryptopunk:~/aeskeyfind$ valgrind -v ./aeskeyfind -v ../ramdump.dd ==11927== Memcheck, a memory error detector ==11927== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==11927== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==11927== Command: ./aeskeyfind -v ../ramdump.dd ==11927== --11927-- Valgrind options: --11927-- --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp --11927-- -v --11927-- Contents of /proc/version: --11927-- Linux version 3.2.0-25-generic (buildd@crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #40-Ubuntu SMP Wed May 23 20:30:51 UTC 2012 --11927-- Arch and hwcaps: AMD64, amd64-sse3-cx16 --11927-- Page sizes: currently 4096, max supported 4096 --11927-- Valgrind library directory: /usr/lib/valgrind --11927-- Reading syms from /home/anathema/aeskeyfind/aeskeyfind (0x400000) --11927-- Reading syms from /lib/x86_64-linux-gnu/ld-2.15.so (0x4000000) --11927-- Considering /lib/x86_64-linux-gnu/ld-2.15.so .. --11927-- .. CRC mismatch (computed eabdc7b7 wanted 3ee54b4e) --11927-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.15.so .. --11927-- .. CRC is valid --11927-- Reading syms from /usr/lib/valgrind/memcheck-amd64-linux (0x38000000) --11927-- Considering /usr/lib/valgrind/memcheck-amd64-linux .. --11927-- .. CRC mismatch (computed b9a585cc wanted 749d1a67) --11927-- object doesn't have a symbol table --11927-- object doesn't have a dynamic symbol table --11927-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp --11927-- Reading suppressions file: /usr/lib/valgrind/default.supp ==11927== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-11927-by-anathema-on-??? ==11927== embedded gdbserver: writing to /tmp/vgdb-pipe-to-vgdb-from-11927-by-anathema-on-??? ==11927== embedded gdbserver: shared mem /tmp/vgdb-pipe-shared-mem-vgdb-11927-by-anathema-on-??? ==11927== ==11927== TO CONTROL THIS PROCESS USING vgdb (which you probably ==11927== don't want to do, unless you know exactly what you're doing, ==11927== or are doing some strange experiment): ==11927== /usr/lib/valgrind/../../bin/vgdb --pid=11927 ...command... ==11927== ==11927== TO DEBUG THIS PROCESS USING GDB: start GDB like this ==11927== /path/to/gdb ./aeskeyfind ==11927== and then give GDB the following command ==11927== target remote | /usr/lib/valgrind/../../bin/vgdb --pid=11927 ==11927== --pid is optional if only one valgrind process is running ==11927== --11927-- REDIR: 0x40189e0 (strlen) redirected to 0x380625c7 (???) --11927-- Reading syms from /usr/lib/valgrind/vgpreload_core-amd64-linux.so (0x4a25000) --11927-- Considering /usr/lib/valgrind/vgpreload_core-amd64-linux.so .. --11927-- .. CRC mismatch (computed c82927cb wanted 1861273b) --11927-- object doesn't have a symbol table --11927-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so (0x4c27000) --11927-- Considering /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so .. --11927-- .. CRC mismatch (computed 72e29ec9 wanted f3ad49da) --11927-- object doesn't have a symbol table --11927-- REDIR: 0x4018850 (index) redirected to 0x4c2bc60 (index) --11927-- REDIR: 0x40188d0 (strcmp) redirected to 0x4c2cc20 (strcmp) --11927-- Reading syms from /lib/x86_64-linux-gnu/libc-2.15.so (0x4e32000) --11927-- Considering /lib/x86_64-linux-gnu/libc-2.15.so .. --11927-- .. CRC mismatch (computed 3af7ebbf wanted 50fc58fa) --11927-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.15.so .. --11927-- .. CRC is valid --11927-- REDIR: 0x4ebee30 (strcasecmp) redirected to 0x4a25610 (_vgnU_ifunc_wrapper) --11927-- REDIR: 0x4ebb1d0 (strnlen) redirected to 0x4a25610 (_vgnU_ifunc_wrapper) --11927-- REDIR: 0x4ec1100 (strncasecmp) redirected to 0x4a25610 (_vgnU_ifunc_wrapper) --11927-- REDIR: 0x4ebcbc0 (__GI_strrchr) redirected to 0x4c2ba80 (__GI_strrchr) --11927-- REDIR: 0x4ebb0f0 (__GI_strlen) redirected to 0x4c2bfc0 (__GI_strlen) --11927-- REDIR: 0x4eb9530 (__GI_strchr) redirected to 0x4c2bb60 (__GI_strchr) ==11927== Warning: set address range perms: large range [0x395a5000, 0x133cb5000) (defined) --11927-- REDIR: 0x4ec4d00 (strchrnul) redirected to 0x4c2e3b0 (strchrnul) --11927-- REDIR: 0x4eb5580 (free) redirected to 0x4c2a7c0 (free) ==11927== Invalid read of size 1 ==11927== at 0x40098D: main (aeskeyfind.c:109) ==11927== Address 0xffffffffb95a5000 is not stack'd, malloc'd or (recently) free'd ==11927== ==11927== ==11927== Process terminating with default action of signal 11 (SIGSEGV) ==11927== Access not within mapped region at address 0xFFFFFFFFB95A5000 ==11927== at 0x40098D: main (aeskeyfind.c:109) ==11927== If you believe this happened as a result of a stack ==11927== overflow in your program's main thread (unlikely but ==11927== possible), you can try to increase the size of the ==11927== main thread stack using the --main-stacksize= flag. ==11927== The main thread stack size used in this run was 8388608. ==11927== ==11927== HEAP SUMMARY: ==11927== in use at exit: 0 bytes in 0 blocks ==11927== total heap usage: 0 allocs, 0 frees, 0 bytes allocated ==11927== ==11927== All heap blocks were freed -- no leaks are possible ==11927== ==11927== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2) ==11927== ==11927== 1 errors in context 1 of 1: ==11927== Invalid read of size 1 ==11927== at 0x40098D: main (aeskeyfind.c:109) ==11927== Address 0xffffffffb95a5000 is not stack'd, malloc'd or (recently) free'd ==11927== --11927-- --11927-- used_suppression: 2 dl-hack3-cond-1 ==11927== ==11927== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2) Segmentation fault anathema@cryptopunk:~/aeskeyfind$
_______________________________________________ forensics-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
