You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am seeing the following errors in the log when parse_ese is used in a hunt on Windows 11. I used the default Windows.Forensics.SRUM hunt to test with. I am not sure if this is causing blue screens on some of the systems. We are seeing on some Win11 clients a memory leak that is consuming most of the system's memory and causing blue screens.
Below are the errors I am seeing in parse_ese on version 0.73.3.
PANIC: runtime error: slice bounds out of range [-2:]
I am seeing the following errors in the log when parse_ese is used in a hunt on Windows 11. I used the default Windows.Forensics.SRUM hunt to test with. I am not sure if this is causing blue screens on some of the systems. We are seeing on some Win11 clients a memory leak that is consuming most of the system's memory and causing blue screens.
Below are the errors I am seeing in parse_ese on version 0.73.3.
PANIC: runtime error: slice bounds out of range [-2:]
goroutine 193698 [running]: www.velocidex.com/golang/velociraptor/utils.RecoverVQL({0x7ff7f4d66110, 0xc001719080}) /velociraptor-build/velociraptor/utils/panic.go:25 +0xcb panic({0x7ff7f47b5880?, 0xc000b9a000?}) /usr/local/go/src/runtime/panic.go:785 +0x132 www.velocidex.com/golang/go-ntfs/parser.(*PagedReader).ReadAt(0xc005b72040, {0xc00320e736, 0x2, 0x2}, 0x7ff7f47dd860?) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/reader.go:119 +0x6db www.velocidex.com/golang/go-ese/parser.ParseUint16({0x7ff7f4d22960, 0xc005b72040}, 0xfffffffffffffffe) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/ese_gen.go:1268 +0x51 www.velocidex.com/golang/go-ese/parser.(*Tag)._ValueOffset(...) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/ese_gen.go:1149 www.velocidex.com/golang/go-ese/parser.(*Tag).valueOffset(0x7ff7f46ea040?, 0x1?) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/pages.go:58 +0x6e www.velocidex.com/golang/go-ese/parser.(*Tag).ValueOffsetInPage(0xc003be7e00?, 0xc003be7e00, 0xc001a751e0) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/pages.go:62 +0x1d www.velocidex.com/golang/go-ese/parser.GetPageValues(0xc003be7e00, 0xc001a751e0, 0x2) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/pages.go:94 +0x15f www.velocidex.com/golang/go-ese/parser._walkPages(0xc003be7e00, 0x2, 0xc000063dc0, 0xc000063df0) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/pages.go:302 +0x18d www.velocidex.com/golang/go-ese/parser._walkPages(0xc003be7e00, 0x6f, 0xc000063dc0, 0xc000063df0) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/pages.go:323 +0x333 www.velocidex.com/golang/go-ese/parser.WalkPages(...) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/pages.go:288 www.velocidex.com/golang/go-ese/parser.(*Catalog).DumpTable(0xc000aee2a0, {0xc00254c3c0?, 0x400?}, 0xc000903fa8) /go/pkg/mod/www.velocidex.com/golang/[email protected]/parser/catalog.go:673 +0x112 www.velocidex.com/golang/velociraptor/vql/parsers/ese._ESEPlugin.Call.func1() /velociraptor-build/velociraptor/vql/parsers/ese/ese.go:254 +0x8cb created by www.velocidex.com/golang/velociraptor/vql/parsers/ese._ESEPlugin.Call in goroutine 193696 /velociraptor-build/velociraptor/vql/parsers/ese/ese.go:197 +0xc5
The text was updated successfully, but these errors were encountered: