Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#1 Fails to read kmem on x86-64

open
nobody
None
5
2008-05-09
2008-05-09
Anonymous
No

Email: jsjpost@gmail.com

Platform: Dell Dimension E521
Processor: AMD Athlon 64 x2 dual core 3800+
Kernel: 2.6.22.18 SMP
OS: Slamd64 12.0 (port of slackware 12.0 to x86-64)
zeppoo version: 0.0.4

Have compiled several ways:
make AMD64=yes static
make AMD64=yes
make

Always get the same output:
root# ./zeppoo -f FP
Kernel: 2.6.22.18
Memory: /dev/kmem
[+] Begin Generating Fingerprints in FP

kmem read :: Invalid argument
root# ./zeppoo -V
VERSION 0.0.4
root#

The read statement on line 72 of kmem.c fails with an errno value of EINVAL. The file descriptor is 3, the buffer is 8 long, and the size requested is 8, all of which looks fine to me. File descriptor 3 was opened in openkmem_k26 with fdmode=0 (O_RDONLY). The only thing I see that might be suspicious is in zeppoo_read_memory in memory.c, in which the unsigned long variable offset is 0x806C2800 when the call to zepmem.vRead (aka readkmem) occurs. That would be a negative value if it were read as a signed number, but readkmem appears to handle the type properly as far as I can tell. Besides, the failure would occur on the prior call to lseek64 if offset were negative. Otherwise, it could be an incompatibility between lseek64 and read. Is there a "read64" that should be used for large files on a 64-bit machine?

Discussion