btrForensics icon indicating copy to clipboard operation
btrForensics copied to clipboard

Published 20 hours ago verified publisher icon shujianyang

Segmentation Fault in every executable.

Open razzledazzle0x2a opened this issue 6 years ago • 4 comments

I'm running the btrForensics toolkit on Debian and trying to analyze a disk image with multiple file systems, including one btrfs file system. When I run any of the tools or the main program, with the offset of the image where the btrfs file system starts, I get a segmentation fault.

This is how I'm running the programs: "./btrfrsc -o 21931904 ../sda.dd"

And this was the output I got from debugging with gdb: [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault. 0x000055555557b7ad in btrForensics::BtrfsPool::readData (this=0x7fffffffe080, data=0x55555582b960 "", logicalAddr=32882688, size=101) at ~/.../btrForensics/Pool/BtrfsPool.cpp:191 191 return readChunkData(data, logicalAddr, &(chunk->itemHead->key), &(chunk->data), size);

I followed the instructions in the README when building and compiling, and everything seemed to work as intended.

razzledazzle0x2a avatar Mar 03 '19 02:03 razzledazzle0x2a

Hi, thanks for your feedback. I believe that the argument value for the -o option is the one given by mmls tool in SleuthKit, right?

What about the programs in Tools folder? Do they yield the same result?

Thanks, Shujian

From: razminr11 [email protected] Sent: Saturday, March 2, 2019 8:21 PM To: shujianyang/btrForensics Cc: Subscribed Subject: [shujianyang/btrForensics] Segmentation Fault in every executable. (#1)

I'm running the btrForensics toolkit on Debian and trying to analyze a disk image with multiple file systems, including one btrfs file system. When I run any of the tools or the main program, with the offset of the image where the btrfs file system starts, I get a segmentation fault.

This is how I'm running the programs: "./btrfrsc -o 21931904 ../sda.dd"

And this was the output I got from debugging with gdb: [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault. 0x000055555557b7ad in btrForensics::BtrfsPool::readData (this=0x7fffffffe080, data=0x55555582b960 "", logicalAddr=32882688, size=101) at ~/.../btrForensics/Pool/BtrfsPool.cpp:191 191 return readChunkData(data, logicalAddr, &(chunk->itemHead->key), &(chunk->data), size);

I followed the instructions in the README when building and compiling, and everything seemed to work as intended.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fshujianyang%2FbtrForensics%2Fissues%2F1&data=02%7C01%7C%7C5c2b4b9dd6664ce8ba9c08d69f7eff4a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636871765123279202&sdata=zHevo3FvSoLAzQZgJ5EZFHwSPP2Nj81zSX4wZNTPcUU%3D&reserved=0, or mute the threadhttps://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAGTc5ogWxjfmQll5Y09I-_a3Do6tti17ks5vSzG9gaJpZM4bavRY&data=02%7C01%7C%7C5c2b4b9dd6664ce8ba9c08d69f7eff4a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636871765123279202&sdata=lgMVgyuksckScOnurYfsjbUCpMv0lVdi5ccET%2Fasayo%3D&reserved=0.

shujianyang avatar Mar 04 '19 06:03 shujianyang

I got the offset for -o from sigfind actually, I had used it to find the btrfs file system on my disk image. And yes, all the programs in the Tools folder have the same result.

razzledazzle0x2a avatar Mar 04 '19 06:03 razzledazzle0x2a

Could you provide the gdb backtrace result to get the call stack information?

shujianyang avatar Mar 04 '19 07:03 shujianyang

This is the result I get when I run a backtrace on btrfrsc, at the point of segmentation fault:

#0 0x000055555557b7ad in btrForensics::BtrfsPool::readData ( this=0x7fffffffe0b0, data=0x55555582b950 "", logicalAddr=32882688, size=101) at ~/.../btrForensics/Pool/BtrfsPool.cpp:191 #1 0x000055555557b893 in btrForensics::BtrfsPool::initializeRootTree ( this=0x7fffffffe0b0) at ~/.../btrForensics/Pool/BtrfsPool.cpp:208 #2 0x000055555557ae01 in btrForensics::BtrfsPool::BtrfsPool ( this=0x7fffffffe0b0, img=0x5555557ea8a0, end=TSK_LIT_ENDIAN, devOffsets=std::vector of length -17591129712099, capacity -5864061675318 = {...}, fsRootId=0) at ~/.../btrForensics/Pool/BtrfsPool.cpp:64 #3 0x000055555557824c in main (argc=4, argv=0x7fffffffe5d8) at ~/.../btrForensics/btrfrsc.cpp:79

razzledazzle0x2a avatar Mar 04 '19 08:03 razzledazzle0x2a