dissect.target icon indicating copy to clipboard operation
dissect.target copied to clipboard
verified publisher icon fox-it

Error on target-shell info

Open damasch opened this issue 2 years ago • 4 comments

I can't post the sample image for reasons.

If i try to inspect a img file ive got this error message from the console.

I am only running the info command.

2023-06-29T13:45:38.174456Z [error    ] negative seek position -9471507106590374116 [dissect.target.tools.shell]
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/dist-packages/dissect/target/tools/shell.py", line 1072, in run_cli
    cli.cmdloop()
  File "/usr/lib/python3.11/cmd.py", line 138, in cmdloop
    stop = self.onecmd(line)
           ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/cmd.py", line 217, in onecmd
    return func(arg)
           ^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/target/tools/shell.py", line 475, in do_info
    return print_target_info(self.target)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/target/tools/info.py", line 126, in print_target_info
    print(f"IPs           : {', '.join(target.ips)}")
                                       ^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/target/target.py", line 622, in __getattr__
    result = func.__get__(p)
             ^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/target/helpers/cache.py", line 228, in cache_wrapper
    return cache.call(\*args, \*\*kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/target/helpers/cache.py", line 104, in call
    func_cache[key] = self.func(\*args, \*\*kwargs)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/target/plugins/os/unix/linux/_os.py", line 38, in ips
    for ip in parse_unix_dhcp_log_messages(self.target):
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/target/helpers/network_managers.py", line 547, in parse_unix_dhcp_log_messages
    for line in path.open("rt"):
  File "/usr/local/lib/python3.11/dist-packages/dissect/util/stream.py", line 151, in readinto
    buf = self.read(len(b))
          ^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/util/stream.py", line 140, in read
    self._fill_buf()
  File "/usr/local/lib/python3.11/dist-packages/dissect/util/stream.py", line 55, in _fill_buf
    self._buf = self._read(self._pos_align, self.align)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/util/stream.py", line 423, in _read
    self._fh.seek(run_block_offset \* self.block_size + run_pos)
  File "/usr/local/lib/python3.11/dist-packages/dissect/target/volume.py", line 296, in seek
    return self.fh.seek(offset, whence)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/util/stream.py", line 75, in seek
    pos = self._seek(pos, whence)
          ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/dissect/util/stream.py", line 60, in _seek
    raise ValueError(f"negative seek position {pos}")
ValueError: negative seek position -947150710659037411

damasch avatar Jul 04 '23 08:07 damasch

That's a spicy seek position :smile: Are you able to share details on the type of image? Disk type (VMDK/QCOW2/dd), partition/volume information (regular partitions with an MBR/GPT or logical volumes with LVM2) and filesystems (ext4/xfs/ffs) would be helpful in trying to track down this issue. I'll come back with some debug commands if you can provide some of this info.

Schamper avatar Jul 04 '23 09:07 Schamper

This is the maximum information I am able to post:

Disk Type is 'img'

Error on load:

<Target /my/path/image.img>: Can't identify filesystem:

info from the os-release

os=Ubuntu 20.04.3

damasch avatar Jul 04 '23 09:07 damasch

Could you perform the following steps?

target-shell /my/path/image.img -p

This will open a Python shell. Can you output the result of the following:

t.fs.get("/var/log/cloud-init.log").open()._runlist
t.fs.get("/var/log/cloud-init.log").open().size
t.fs.get("/var/log/cloud-init.log").open().block_size

If you are more comfortable continuing this over email, let me know.

Schamper avatar Jul 07 '23 15:07 Schamper

podman run -u0 --privileged --security-opt seccomp=unconfined --device /dev/fuse -it --rm -v $(pwd):/mnt:Z ghcr.io/fox-it/dissect:latest

(3.14) root@7702547b5a52:/workspace# target-info -j /mnt/vzdump-qemu.vma -vvv

2024-05-31T09:42:02.491911Z [debug    ] <Target /mnt/vzdump-qemu.vma>: <RootFilesystemEntry '/var/log/journal/c48785d40f244d4c8fd0c5ad0d650050/user-1000.journal'>::is_symlink() [dissect.target.target]
2024-05-31T09:42:02.498500Z [error    ] <Target /mnt/vzdump-qemu.vma>: Exception in retrieving information for target: `<Target /mnt/vzdump-qemu-.vma>`. Use `-vv` for details. [dissect.target.target]
2024-05-31T09:42:02.498606Z [debug    ] <Target /mnt/vzdump-qemu.vma>:  [dissect.target.target]
Traceback (most recent call last):
  File "/opt/3.14/lib/python3.9/site-packages/dissect/target/tools/info.py", line 82, in main
    print(json.dumps(get_target_info(target), indent=4, default=str))
  File "/opt/3.14/lib/python3.9/site-packages/dissect/target/tools/info.py", line 106, in get_target_info
    "ips": target.ips,
  File "/opt/3.14/lib/python3.9/site-packages/dissect/target/target.py", line 648, in __getattr__
    result = func.__get__(p)
  File "/opt/3.14/lib/python3.9/site-packages/dissect/target/helpers/cache.py", line 228, in cache_wrapper
    return cache.call(*args, **kwargs)
  File "/opt/3.14/lib/python3.9/site-packages/dissect/target/helpers/cache.py", line 104, in call
    func_cache[key] = self.func(*args, **kwargs)
  File "/opt/3.14/lib/python3.9/site-packages/dissect/target/plugins/os/unix/linux/_os.py", line 44, in ips
    for ip in parse_unix_dhcp_log_messages(self.target):
  File "/opt/3.14/lib/python3.9/site-packages/dissect/target/helpers/network_managers.py", line 533, in parse_unix_dhcp_log_messages
    for record in messages:
  File "/opt/3.14/lib/python3.9/site-packages/dissect/target/plugins/os/unix/log/journal.py", line 401, in journal
    journal = JournalFile(fh, self.target)
  File "/opt/3.14/lib/python3.9/site-packages/dissect/target/plugins/os/unix/log/journal.py", line 275, in __init__
    self.header = c_journal.Header(self.fh)
  File "/opt/3.14/lib/python3.9/site-packages/dissect/cstruct/types/base.py", line 24, in __call__
    return self.read(*args, **kwargs)
  File "/opt/3.14/lib/python3.9/site-packages/dissect/cstruct/types/base.py", line 73, in read
    return self._read(obj)
  File "<compiled Header>", line 15, in _read
EOFError

hillar avatar May 31 '24 09:05 hillar