Windows: Handles - catch exception in handle iteration

An `InvalidAddressException` can occur inside of `__iter__` when iterating over the handle table (the exact exception occurs when creating the subtype in `objects.Array.__getitem__`. This changes the handle code to do a manual iteration over the sequence using the array length and indexes, catching the exception, logging the index, and continuing. In the test sample that prompted this change, the exception occurred on the access of the very last item in the array. closes #1573
volatilityfoundation · Jan 31, 2025 · 718d439 · 718d439
1 parent ad90804
commit 718d439
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/volatility3/framework/plugins/windows/handles.py b/volatility3/framework/plugins/windows/handles.py
@@ -243,7 +243,12 @@ def _make_handle_array(self, offset, level, depth=0):
         layer_object = self.context.layers[virtual]
         masked_offset = offset & layer_object.maximum_address
 
-        for entry in table:
+        for i in range(len(table)):
+            try:
+                entry = table[i]
+            except exceptions.InvalidAddressException:
+                vollog.debug("Failed to get handle table entry at index {i}")
+                continue
             # This triggered a backtrace in many testing samples
             # in the level == 0 path
             # The code above this calls `is_valid` on the `offset`