Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First Run of the Program => Cannot open file /mnt/grubesic.bin #1

Open
Udo4711 opened this issue May 25, 2016 · 2 comments
Open

First Run of the Program => Cannot open file /mnt/grubesic.bin #1

Udo4711 opened this issue May 25, 2016 · 2 comments

Comments

@Udo4711
Copy link

Udo4711 commented May 25, 2016

Hello,

I tried to run your program to test it on a dd-image which was build from a petya infected pc. But if I start the program, I receive directly the message

Cannot open file /mnt/grubesic.bin

If I start the program with strace ./main /mnt/grubesic.bin I receive the following

execve("./main", ["./main", "/mnt/grubesic.bin"], [/* 60 vars */]) = 0
brk(0) = 0x9606000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7725000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=94091, ...}) = 0
mmap2(NULL, 94091, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb770e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libstdc++.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`f\4\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=922096, ...}) = 0
mmap2(NULL, 947712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7626000
mmap2(0xb7702000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xdc000) = 0xb7702000
mmap2(0xb7707000, 26112, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7707000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\234\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1754876, ...}) = 0
mmap2(NULL, 1763964, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7477000
mprotect(0xb761f000, 4096, PROT_NONE) = 0
mmap2(0xb7620000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a8000) = 0xb7620000
mmap2(0xb7623000, 10876, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7623000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260E\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=280100, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7476000
mmap2(NULL, 282784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7430000
mmap2(0xb7474000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x43000) = 0xb7474000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240 \0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=114372, ...}) = 0
mmap2(NULL, 117524, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7413000
mmap2(0xb742f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b000) = 0xb742f000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7412000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7412940, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7620000, 8192, PROT_READ) = 0
mprotect(0xb7474000, 4096, PROT_READ) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7411000
mprotect(0xb7702000, 16384, PROT_READ) = 0
mprotect(0x804a000, 4096, PROT_READ) = 0
mprotect(0xb774b000, 4096, PROT_READ) = 0
munmap(0xb770e000, 94091) = 0
brk(0) = 0x9606000
brk(0x9627000) = 0x9627000
open("/mnt/grubesic.bin", O_RDONLY) = -1 EOVERFLOW (Value too large for defined data type)
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7724000
write(1, "Cannot open file /mnt/grubesic.b"..., 35Cannot open file /mnt/grubesic.bin
) = 35
exit_group(-1) = ?
+++ exited with 255 +++

For me it seems, that the defined data type is not the correct one, but I am not so familiar with c++.
@hasherezade
Copy link
Owner

what privileges you have to this file? maybe you are just not granted the privilege to open it for reading?

@Udo4711
Copy link
Author

Udo4711 commented Jun 3, 2016

Hi,

sorry for my late answer. I have full rights to this file:
-rwxrwxrwx 1 root root 320072933376 Mai 12 23:29 grubesic.bin

But by strace I get the following message:
open("/mnt/grubesic.bin", O_RDONLY) = -1 EOVERFLOW (Value too large for defined data type)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hasherezade @Udo4711