Problem with read_unicode_str_va function #67
Comments
|
Hi, Can you paste the full stack trace, so that we can see which line throws the error ? Also, can try to repro this issue with the C library and see if it works (or not ?) Thanks. |
|
Ok, thanks for the help. I tested with C library, it's working, the return string is 'Process' which is the expected result. and here is the stack trace: |
|
I investigate the problem further, it seems like ffi.string() function, if cdata point to pointer of bytes (in our case uint8_t *contents) stop at first null. One solution is to use ffi.unpack() instead. |
|
@0xarash thanks for investigating. Could you make a pull request when you have a working solution ? |
|
@Wenzel OK I would create a PR today. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Hello,
I'm trying to read UNICODE_STRING from a structure but hadn't any luck. Here is a info I have about the problem:
I did test on different structures, I could extract the string and the length manually with vmi.read_va, and some other functions
I checked read_unicode_str_va, the returned value.encoding and value.length seems correct, but value.contents not. extracted buffer just have one character of the string.
The host is CentOS 7 and python version is 3.6.8
Here is the error message I receive:
UnicodeDecodeError: 'utf-16-le' codec can't decode byte 0x50 in position 0: truncated dataHere is the snipped code I'm using for test.
Any idea how to deal with this problem
The text was updated successfully, but these errors were encountered: