Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Process ntkrnlmp.pdb except #54

Open
55-AA opened this issue Aug 1, 2021 · 2 comments
Open

Process ntkrnlmp.pdb except #54

55-AA opened this issue Aug 1, 2021 · 2 comments

Comments

@55-AA
Copy link

55-AA commented Aug 1, 2021

the file link is:
http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/A32C55CDEBC1441DAC80552A86F5F11F1/ntkrnlmp.pdb

Traceback (most recent call last):
File "/usr/local/bin/pdb_print_gvars.py", line 56, in
main(args[0], args[1])
File "/usr/local/bin/pdb_print_gvars.py", line 23, in main
pdb = pdbparse.parse(filename)
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 554, in parse
return PDB7(f, fast_load)
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 521, in init
self.read_root(self.root_stream)
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 467, in read_root
parent = self))
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 154, in init
self.load()
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 262, in load
tpis = tpi.parse_stream(self.stream_file, unnamed_hack, elim_fwdrefs)
File "/usr/local/lib64/python3.6/site-packages/pdbparse/tpi.py", line 1160, in parse_stream
tpi_stream = TPIStream.parse_stream(fp)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 300, in parse_stream
return self._parsereport(stream, context, "(parsing)")
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse
return self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2120, in _parse
subobj = sc._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse
return self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2413, in _parse
e = self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse
return self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2120, in _parse
subobj = sc._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse
return self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 5040, in _parse
stream2 = io.BytesIO(data._parsereport(stream, context, path))
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 848, in _parse
return stream_read(stream, length, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 91, in stream_read
raise StreamError("stream read less than specified amount, expected %d, found %d" % (length, len(data)), path=path)
construct.core.StreamError: Error in path (parsing) -> TPIStream -> types -> types -> type_data
stream read less than specified amount, expected 94, found 0
@moyix
Copy link
Owner

moyix commented Aug 1, 2021

What version of Windows does this kernel PDB come from? I wonder if it's related to the fact that the PDB format changed a bit recently?

See this Volatility issue: volatilityfoundation/volatility3#516

@changliu98
Copy link

Got issue with pdbparse too, always shows an KeyError on any pdb file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@moyix @55-AA @changliu98