From 31cb05de6beab1eeaefd8ae181070ec6e7a086ce Mon Sep 17 00:00:00 2001
From: Brian Caswell <bmc@shmoo.com>
Date: Fri, 18 Oct 2019 16:31:26 -0400
Subject: [PATCH] address issue added in 0.1.2 on hosts with more than 256Mb
 memory

---
 Cargo.lock       | 11 +++++++----
 Cargo.toml       |  2 +-
 src/bin/avml.rs  |  2 +-
 src/image.rs     |  5 ++++-
 src/iomem.rs     | 11 ++++++++++-
 test/iomem-2.txt | 24 ++++++++++++++++++++++++
 6 files changed, 47 insertions(+), 8 deletions(-)
 create mode 100644 test/iomem-2.txt

diff --git a/Cargo.lock b/Cargo.lock
index 6461b42..68facbc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -42,7 +42,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
 name = "avml"
-version = "0.1.2"
+version = "0.1.3"
 dependencies = [
  "azure_sdk_core 0.20.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "azure_sdk_storage_blob 0.23.1 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -454,7 +454,7 @@ dependencies = [
  "fnv 1.0.6 (registry+https://github.com/rust-lang/crates.io-index)",
  "futures 0.1.29 (registry+https://github.com/rust-lang/crates.io-index)",
  "http 0.1.19 (registry+https://github.com/rust-lang/crates.io-index)",
- "indexmap 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "indexmap 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
  "slab 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "string 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -562,8 +562,11 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "1.2.0"
+version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "autocfg 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+]
 
 [[package]]
 name = "iovec"
@@ -1631,7 +1634,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum hyper-rustls 0.16.1 (registry+https://github.com/rust-lang/crates.io-index)" = "15b66d1bd4864ef036adf2363409caa3acd63ebb4725957b66e621c8a36631a3"
 "checksum idna 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "38f09e0f0b1fb55fdee1f17470ad800da77af5186a1a76c026b679358b7e844e"
 "checksum idna 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "02e2673c30ee86b5b96a9cb52ad15718aa1f966f5ab9ad54a8b95d5ca33120a9"
-"checksum indexmap 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "a61202fbe46c4a951e9404a720a0180bcf3212c750d735cb5c4ba4dc551299f3"
+"checksum indexmap 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "712d7b3ea5827fcb9d4fda14bf4da5f136f0db2ae9c8f4bd4e2d1c6fde4e6db2"
 "checksum iovec 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "b2b3ea6ff95e175473f8ffe6a7eb7c00d054240321b84c57051175fe3c1e075e"
 "checksum itoa 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "501266b7edd0174f8530248f87f99c88fbe60ca4ef3dd486835b8d8d53136f7f"
 "checksum kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7507624b29483431c0ba2d82aece8ca6cdba9382bff4ddd0f7490560c056098d"
diff --git a/Cargo.toml b/Cargo.toml
index be60f27..c50073e 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "avml"
-version = "0.1.2"
+version = "0.1.3"
 license = "MIT"
 description = "A portable volatile memory acquisition tool"
 authors = ["avml@microsoft.com"]
diff --git a/src/bin/avml.rs b/src/bin/avml.rs
index d3a30bf..e5e97be 100644
--- a/src/bin/avml.rs
+++ b/src/bin/avml.rs
@@ -30,7 +30,7 @@ fn kcore(
     for range in ranges {
         for phdr in &file.phdrs {
             if range.start == phdr.vaddr - start {
-                image.write_block(phdr.offset, Range{start: range.start, end: phdr.memsz})?;
+                image.write_block(phdr.offset, Range{start: range.start, end: range.start + phdr.memsz})?;
             }
         }
     }
diff --git a/src/image.rs b/src/image.rs
index 081752f..0916caf 100644
--- a/src/image.rs
+++ b/src/image.rs
@@ -54,7 +54,9 @@ impl Header {
     where
         W: Write,
     {
+        println!("WUT {} {}", self.range.start, self.range.end);
         let bytes = self.encode()?;
+        println!("header: {:?}", bytes);
         dst.write_all(&bytes)?;
         Ok(())
     }
@@ -121,8 +123,9 @@ impl Image {
     pub fn write_block(
         &mut self,
         offset: u64,
-        range: Range<u64>,
+        mut range: Range<u64>,
     ) -> Result<(), Box<dyn Error>> {
+        range.end -= 1;
         let header = Header {
             range,
             version: self.version,
diff --git a/src/iomem.rs b/src/iomem.rs
index 9967eff..2a8020d 100644
--- a/src/iomem.rs
+++ b/src/iomem.rs
@@ -39,12 +39,21 @@ mod tests {
     #[test]
     fn parse_iomem() {
         let ranges = super::parse("test/iomem.txt").unwrap();
-
         let expected = [
             4096..654_335,
             1_048_576..1_073_676_287,
             4_294_967_296..6_979_321_855,
         ];
         assert_eq!(ranges, expected);
+
+        let ranges = super::parse("test/iomem-2.txt").unwrap();
+        let expected = [
+            4096..655_359,
+            1_048_576..1_055_838_207,
+            1_056_026_624..1_073_328_127,
+            1_073_737_728..1_073_741_823,
+            4_294_967_296..6_979_321_855,
+        ];
+        assert_eq!(ranges, expected);
     }
 }
diff --git a/test/iomem-2.txt b/test/iomem-2.txt
new file mode 100644
index 0000000..be8f5c6
--- /dev/null
+++ b/test/iomem-2.txt
@@ -0,0 +1,24 @@
+00000000-00000fff : Reserved
+00001000-0009ffff : System RAM
+000c0000-000fffff : Reserved
+  000f0000-000fffff : System ROM
+00100000-3eeecfff : System RAM
+  0be00000-0ca01160 : Kernel code
+  0ca01161-0d4396bf : Kernel data
+  0d6ba000-0dbfffff : Kernel bss
+3eeed000-3eef1fff : ACPI Tables
+3ef1b000-3ff9afff : System RAM
+3ffb7000-3ffb8fff : Unknown E820 type
+3ffbb000-3ffbbfff : Unknown E820 type
+3ffbe000-3ffbefff : Unknown E820 type
+3ffc1000-3ffc1fff : Unknown E820 type
+3ffc4000-3ffc5fff : Unknown E820 type
+3ffc8000-3ffc8fff : Unknown E820 type
+3fff3000-3fffafff : ACPI Tables
+3fffb000-3fffefff : ACPI Non-volatile Storage
+3ffff000-3fffffff : System RAM
+40000000-407fffff : 5620e0c7-8062-4dce-aeb7-520c7ef76171
+fec00000-fec00fff : PNP0003:00
+fee00000-fee00fff : Local APIC
+  fee00000-fee00fff : PNP0003:00
+100000000-19fffffff : System RAM