Unable to use ScanProc
RRancio opened this issue · 23 comments
RRancio commented
I am unable to read the memory of the desired process with the PID, and I was also unable to do it with the example provided in this same repository. Do you know why this could be?
When running the code, it gives me this error: could not attach to process
package scan
import (
"fmt"
"strings"
"github.com/hillu/go-yara/v4"
)
func Teca() {
c, err := yara.NewCompiler()
if c == nil || err != nil {
return
}
rule := `
rule Suspicious_Injection {
strings:
$a1 = {2e 74 68 65 6d 69 64 61}
condition:
all of them
}`
if err = c.AddString(rule, ""); err != nil {
return
}
r, err := c.GetRules()
if err != nil {
return
}
var m yara.MatchRules
err = r.ScanProc(9152, 0, 0, &m)
if err != nil {
fmt.Println(err)
return
}
if len(m) > 0 {
for _, match := range m {
rule := strings.Replace(match.Rule, "_", " ", -1)
fmt.Println(rule)
}
}
}
RRancio commented
ayuda porfavor
hillu commented
"Could not attach to process" most likely means that you lack the required privileges. On Windows systems, this is SeDebugPrivilege. On Linux systems, this is determined by the PTRACE_MODE_ATTACH_FSCREDS check.
RRancio commented
By "lack the required privileges" you mean that im missing some admin perms or related?, since i was on administrator running it thru cmd, if not, please correct me
hillu commented
@RRancio You seem to be using Windows. You can use whoami /priv to determine if your user has SeDebugPrivilege.
RRancio commented
It says "Habilitada" wich means is enabled
ozanh commented
Let me add a few windows experiences about process scanning on Windows.
We primarily use SYSTEM account (because our product is a service) or Administrator account to scan with yara. You may need to run your Powershell or cmd.exe terminal as administrator and run your scanner executable on that terminal. I've never had an issue with the administrator account except for some protected special windows processes.
Secondly, there may be a security product installed on the system that can block such actions; then exceptions should be added to those products.
RRancio commented
Our product is not currently registered as a company. Furthermore, I have the highest possible permissions. Attempting to run the tool with escalated permissions beyond the administrator would pose a problem for the active antivirus on the current device. I tried running it without Administrator, with Administrator, and with TrustedInstaller; none of the three options proved to be functional.
hillu commented
At this point I think that it would be most helpful to use API-level logging, using Processs Monitor for example to figure out which operation actually fails. I'd expect that to be OpenProcess from within libyara. In any case, this probably has more to do with your environment than with go-yara.
RRancio commented
what should i need to see in Process monitor?, i didn't catched any issue tbh
hillu commented
what should i need to see in Process monitor?, i didn't catched any issue tbh
Let's have a look at the YARA code base and look for the error code ERROR_COULD_NOT_ATTACH_TO_PROCESS, the error code that correponds to the message you are getting… (A simple string search using grep or similar is good enough.)
We can see that for our question, the only useful occurrence is libyara/proc/windows.c, in the function _yr_process_attach. This function attempts to do some process token manipulation and finally tries to open the process that needs to be scanned:
proc_info->hProcess = OpenProcess(
PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, pid);This is the call that fails, for whatever reason. You should see this in your Process Moonitor trace. And possibly some events right before it that might point you to the cause.
RRancio commented
From what I see here, this never actually performs an OpenProcess on the desired PID; it simply ignores that API call
RRancio commented
is there a build parameter that im forced to use btw?, because i build using go build -ldflags "-s" main.go
hillu commented
is there a build parameter that im forced to use btw?, because i build using
go build -ldflags "-s" main.go
No. Have you checked that your libyara has been compiled with process scanning support? (It should be the default for Windows targets.)
Use the debugger of your choice, set a breakpoint on _yr_process_attach and trace through that function.
RRancio commented
I remember when i make the library, a warning was shown, specifically this:
Rancio@DESKTOP-LH08RGB MSYS /C/Users/Rancio/Downloads/yara-4.4.0
$ make
make all-am
make[1]: Entering directory '/C/Users/Rancio/Downloads/yara-4.4.0'
CC libyara/proc/la-none.lo
CCLD libyara.la
libtool: warning: undefined symbols not allowed in x86_64-pc-msys shared libraries; building static only
copying selected object files to avoid basename conflicts...
CCLD yara.exe
CCLD yarac.exe
make[1]: Leaving directory '/C/Users/Rancio/Downloads/yara-4.4.0'
i don't know if that is something related but, i tested a long ago to use scanfile and it was working fine, so i didn't take it serious, im still trying to figure out where is the _yr_process_attach thing on here
edit: i found the _yr_process_attach in the downloads folder, not seems to be installed in some "important" or classic software path: C:\Users\Rancio\Downloads\yara-4.4.0\libyara\proc\windows.c
hillu commented
I remember when i make the library, a warning was shown, specifically this:
Please do a make clean && make and post the entire output (in text form, no screenshot, please.) This way I'll be able to tell if your YARA library has been built with process scanning support.
RRancio commented
Sure, there is the output:
Rancio@DESKTOP-LH08RGB MSYS /c/users/rancio/downloads/yara-4.4.0
$ make clean && make
rm -f yara.exe yarac.exe
rm -f yara yarac
rm -f test-arena.exe test-alignment.exe test-atoms.exe test-api.exe test-rules.exe test-pe.exe test-elf.exe test-version.exe test-bitmask.exe test-math.exe test-stack.exe test-re-split.exe test-async.exe test-string.exe test-lnk.exe test-dotnet.exe
rm -f test-arena test-alignment test-atoms test-api test-rules test-pe test-elf test-version test-bitmask test-math test-stack test-re-split test-async test-string test-lnk test-dotnet
test -z "tests/mapper.exe" || rm -f tests/mapper.exe
test -z "libyara.la" || rm -f libyara.la
rm -f ./so_locations
rm -rf .libs _libs
rm -rf libyara/.libs libyara/_libs
rm -rf libyara/modules/console/.libs libyara/modules/console/_libs
rm -rf libyara/modules/cuckoo/.libs libyara/modules/cuckoo/_libs
rm -rf libyara/modules/dex/.libs libyara/modules/dex/_libs
rm -rf libyara/modules/dotnet/.libs libyara/modules/dotnet/_libs
rm -rf libyara/modules/elf/.libs libyara/modules/elf/_libs
rm -rf libyara/modules/hash/.libs libyara/modules/hash/_libs
rm -rf libyara/modules/lnk/.libs libyara/modules/lnk/_libs
rm -rf libyara/modules/macho/.libs libyara/modules/macho/_libs
rm -rf libyara/modules/magic/.libs libyara/modules/magic/_libs
rm -rf libyara/modules/math/.libs libyara/modules/math/_libs
rm -rf libyara/modules/pb_tests/.libs libyara/modules/pb_tests/_libs
rm -rf libyara/modules/pe/.libs libyara/modules/pe/_libs
rm -rf libyara/modules/pe/authenticode-parser/.libs libyara/modules/pe/authenticode-parser/_libs
rm -rf libyara/modules/string/.libs libyara/modules/string/_libs
rm -rf libyara/modules/tests/.libs libyara/modules/tests/_libs
rm -rf libyara/modules/time/.libs libyara/modules/time/_libs
rm -rf libyara/proc/.libs libyara/proc/_libs
rm -rf libyara/tlshc/.libs libyara/tlshc/_libs
rm -rf tests/.libs tests/_libs
rm -f *.o
rm -f cli/*.o
rm -f libyara/*.o
rm -f libyara/*.lo
rm -f libyara/modules/console/*.o
rm -f libyara/modules/console/*.lo
rm -f libyara/modules/cuckoo/*.o
rm -f libyara/modules/cuckoo/*.lo
rm -f libyara/modules/dex/*.o
rm -f libyara/modules/dex/*.lo
rm -f libyara/modules/dotnet/*.o
rm -f libyara/modules/dotnet/*.lo
rm -f libyara/modules/elf/*.o
rm -f libyara/modules/elf/*.lo
rm -f libyara/modules/hash/*.o
rm -f libyara/modules/hash/*.lo
rm -f libyara/modules/lnk/*.o
rm -f libyara/modules/lnk/*.lo
rm -f libyara/modules/macho/*.o
rm -f libyara/modules/macho/*.lo
rm -f libyara/modules/magic/*.o
rm -f libyara/modules/magic/*.lo
rm -f libyara/modules/math/*.o
rm -f libyara/modules/math/*.lo
rm -f libyara/modules/pb_tests/*.o
rm -f libyara/modules/pb_tests/*.lo
rm -f libyara/modules/pe/*.o
rm -f libyara/modules/pe/*.lo
rm -f libyara/modules/pe/authenticode-parser/*.o
rm -f libyara/modules/pe/authenticode-parser/*.lo
rm -f libyara/modules/string/*.o
rm -f libyara/modules/string/*.lo
rm -f libyara/modules/tests/*.o
rm -f libyara/modules/tests/*.lo
rm -f libyara/modules/time/*.o
rm -f libyara/modules/time/*.lo
rm -f libyara/proc/*.o
rm -f libyara/proc/*.lo
rm -f libyara/tlshc/*.o
rm -f libyara/tlshc/*.lo
rm -f tests/*.o
test -z "" || rm -f
test -z "test-arena.log test-alignment.log test-atoms.log test-api.log test-rules.log test-pe.log test-elf.log test-version.log test-bitmask.log test-math.log test-stack.log test-re-split.log test-async.log test-string.log test-lnk.log test-dotnet.log" || rm -f test-arena.log test-alignment.log test-atoms.log test-api.log test-rules.log test-pe.log test-elf.log test-version.log test-bitmask.log test-math.log test-stack.log test-re-split.log test-async.log test-string.log test-lnk.log test-dotnet.log
test -z "test-arena.trs test-alignment.trs test-atoms.trs test-api.trs test-rules.trs test-pe.trs test-elf.trs test-version.trs test-bitmask.trs test-math.trs test-stack.trs test-re-split.trs test-async.trs test-string.trs test-lnk.trs test-dotnet.trs" || rm -f test-arena.trs test-alignment.trs test-atoms.trs test-api.trs test-rules.trs test-pe.trs test-elf.trs test-version.trs test-bitmask.trs test-math.trs test-stack.trs test-re-split.trs test-async.trs test-string.trs test-lnk.trs test-dotnet.trs
test -z "test-suite.log" || rm -f test-suite.log
rm -f *.lo
make all-am
make[1]: Entering directory '/c/users/rancio/downloads/yara-4.4.0'
CC cli/args.o
CC cli/common.o
CC cli/threading.o
CC cli/yara.o
In file included from cli/args.h:34,
from cli/yara.c:59:
cli/yara.c: In function 'scan_dir':
cli/yara.c:522:18: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has
type 'LONGLONG' {aka 'long long int'} [-Wformat=]
522 | _T("skipping %s (%" PRIu64
| ^~~~~~~~~~~~~~~~
cli/unicode.h:41:16: note: in definition of macro '_T'
41 | #define _T(x) x
| ^
cli/yara.c: In function 'handle_message':
cli/yara.c:1089:23: warning: format '%d' expects argument of type 'int', but argument 3 has type 'in
t64_t' {aka 'long long int'} [-Wformat=]
1089 | _tprintf(_T("%" PF_S " =%" PRId64), meta->identifier, meta->integer);
| ^~~
cli/unicode.h:41:16: note: in definition of macro '_T'
41 | #define _T(x) x
| ^
cli/yara.c:1125:20: warning: 'I' flag used with '%x' gnu_printf format [-Wformat=]
1125 | _T("0x%" PRIx64 ":%d:%" PF_S),
| ^~~~~
cli/unicode.h:41:16: note: in definition of macro '_T'
41 | #define _T(x) x
| ^
cli/yara.c:1125:20: warning: format '%x' expects argument of type 'unsigned int', but argument 2 has
type 'int64_t' {aka 'long long int'} [-Wformat=]
1125 | _T("0x%" PRIx64 ":%d:%" PF_S),
| ^~~~~
cli/unicode.h:41:16: note: in definition of macro '_T'
41 | #define _T(x) x
| ^
cli/yara.c:1131:20: warning: 'I' flag used with '%x' gnu_printf format [-Wformat=]
1131 | _T("0x%" PRIx64 ":%" PF_S),
| ^~~~~
cli/unicode.h:41:16: note: in definition of macro '_T'
41 | #define _T(x) x
| ^
cli/yara.c:1131:20: warning: format '%x' expects argument of type 'unsigned int', but argument 2 has
type 'int64_t' {aka 'long long int'} [-Wformat=]
1131 | _T("0x%" PRIx64 ":%" PF_S),
| ^~~~~
cli/unicode.h:41:16: note: in definition of macro '_T'
41 | #define _T(x) x
| ^
CC libyara/modules/tests/la-tests.lo
CC libyara/modules/elf/la-elf.lo
CC libyara/modules/math/la-math.lo
libyara/modules/math/math.c: In function 'to_string':
libyara/modules/math/math.c:733:35: warning: format '%d' expects argument of type 'int', but argumen
t 4 has type 'int64_t' {aka 'long long int'} [-Wformat=]
733 | snprintf(str, INT64_MAX_STRING, "%" PRId64, i);
| ^~~ ~
| |
| int64_t {aka long long int}
In file included from libyara/modules/math/math.c:34:
./libyara/include/yara/strutils.h:54:20: note: format string is defined here
54 | #define PRId64 "I64d"
CC libyara/modules/time/la-time.lo
CC libyara/modules/pe/la-pe.lo
CC libyara/modules/pe/la-pe_utils.lo
CC libyara/modules/console/la-console.lo
CC libyara/modules/string/la-string.lo
CC libyara/modules/lnk/la-lnk.lo
CC libyara/modules/lnk/la-lnk_utils.lo
CC libyara/modules/hash/la-hash.lo
CC libyara/modules/dotnet/la-dotnet.lo
CC libyara/la-grammar.lo
CC libyara/la-ahocorasick.lo
CC libyara/la-arena.lo
CC libyara/la-atoms.lo
libyara/atoms.c: In function '_yr_atoms_case_insensitive':
libyara/atoms.c:730:33: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
730 | new_atom->atom.bytes[i] = atoms_cursor[i];
| ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
In file included from libyara/atoms.c:82:
./libyara/include/yara/atoms.h:52:11: note: at offset 4 into destination object 'bytes' of size 4
52 | uint8_t bytes[YR_MAX_ATOM_LENGTH];
| ^~~~~
libyara/atoms.c:731:32: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
731 | new_atom->atom.mask[i] = 0xFF;
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
./libyara/include/yara/atoms.h:53:11: note: at offset 4 into destination object 'mask' of size 4
53 | uint8_t mask[YR_MAX_ATOM_LENGTH];
| ^~~~
libyara/atoms.c:730:33: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
730 | new_atom->atom.bytes[i] = atoms_cursor[i];
| ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
./libyara/include/yara/atoms.h:52:11: note: at offset 5 into destination object 'bytes' of size 4
52 | uint8_t bytes[YR_MAX_ATOM_LENGTH];
| ^~~~~
libyara/atoms.c:731:32: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
731 | new_atom->atom.mask[i] = 0xFF;
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
./libyara/include/yara/atoms.h:53:11: note: at offset 5 into destination object 'mask' of size 4
53 | uint8_t mask[YR_MAX_ATOM_LENGTH];
| ^~~~
libyara/atoms.c:730:33: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
730 | new_atom->atom.bytes[i] = atoms_cursor[i];
| ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
./libyara/include/yara/atoms.h:52:11: note: at offset 6 into destination object 'bytes' of size 4
52 | uint8_t bytes[YR_MAX_ATOM_LENGTH];
| ^~~~~
libyara/atoms.c:731:32: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
731 | new_atom->atom.mask[i] = 0xFF;
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
./libyara/include/yara/atoms.h:53:11: note: at offset 6 into destination object 'mask' of size 4
53 | uint8_t mask[YR_MAX_ATOM_LENGTH];
| ^~~~
libyara/atoms.c: In function 'yr_atoms_extract_from_string':
libyara/atoms.c:1412:25: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
1412 | item->atom.bytes[i] = string[i];
| ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
./libyara/include/yara/atoms.h:52:11: note: at offset 4 into destination object 'bytes' of size 4
52 | uint8_t bytes[YR_MAX_ATOM_LENGTH];
| ^~~~~
libyara/atoms.c:1413:24: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
1413 | item->atom.mask[i] = 0xFF;
| ~~~~~~~~~~~~~~~~~~~^~~~~~
./libyara/include/yara/atoms.h:53:11: note: at offset 4 into destination object 'mask' of size 4
53 | uint8_t mask[YR_MAX_ATOM_LENGTH];
| ^~~~
libyara/atoms.c:1412:25: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
1412 | item->atom.bytes[i] = string[i];
| ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
./libyara/include/yara/atoms.h:52:11: note: at offset 5 into destination object 'bytes' of size 4
52 | uint8_t bytes[YR_MAX_ATOM_LENGTH];
| ^~~~~
libyara/atoms.c:1413:24: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
1413 | item->atom.mask[i] = 0xFF;
| ~~~~~~~~~~~~~~~~~~~^~~~~~
./libyara/include/yara/atoms.h:53:11: note: at offset 5 into destination object 'mask' of size 4
53 | uint8_t mask[YR_MAX_ATOM_LENGTH];
| ^~~~
libyara/atoms.c:1412:25: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
1412 | item->atom.bytes[i] = string[i];
| ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
./libyara/include/yara/atoms.h:52:11: note: at offset 6 into destination object 'bytes' of size 4
52 | uint8_t bytes[YR_MAX_ATOM_LENGTH];
| ^~~~~
libyara/atoms.c:1413:24: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
1413 | item->atom.mask[i] = 0xFF;
| ~~~~~~~~~~~~~~~~~~~^~~~~~
./libyara/include/yara/atoms.h:53:11: note: at offset 6 into destination object 'mask' of size 4
53 | uint8_t mask[YR_MAX_ATOM_LENGTH];
| ^~~~
CC libyara/la-base64.lo
CC libyara/la-bitmask.lo
CC libyara/la-compiler.lo
CC libyara/la-endian.lo
CC libyara/la-exec.lo
CC libyara/la-exefiles.lo
CC libyara/la-filemap.lo
CC libyara/la-hash.lo
CC libyara/la-hex_grammar.lo
CC libyara/la-hex_lexer.lo
CC libyara/la-lexer.lo
CC libyara/la-libyara.lo
CC libyara/la-mem.lo
CC libyara/la-modules.lo
CC libyara/la-notebook.lo
CC libyara/la-object.lo
libyara/object.c: In function 'yr_object_print_data':
libyara/object.c:1101:14: warning: format '%d' expects argument of type 'int', but argument 2 has ty
pe 'int64_t' {aka 'long long int'} [-Wformat=]
1101 | printf(" = %" PRId64, object->value.i);
| ^~~~~~ ~~~~~~~~~~~~~~~
| |
| int64_t {aka long long int}
In file included from libyara/object.c:42:
./libyara/include/yara/strutils.h:54:20: note: format string is defined here
54 | #define PRId64 "I64d"
CC libyara/la-parser.lo
CC libyara/la-proc.lo
CC libyara/la-re.lo
CC libyara/la-re_grammar.lo
CC libyara/la-re_lexer.lo
CC libyara/la-rules.lo
CC libyara/la-scan.lo
CC libyara/la-scanner.lo
libyara/scanner.c: In function 'yr_scanner_print_profiling_info':
libyara/scanner.c:884:9: warning: unknown conversion type character 'I' in format [-Wformat=]
884 | "%10" PRIu64 " %s:%s: \n",
| ^~~~~
In file included from libyara/scanner.c:40:
./libyara/include/yara/strutils.h:42:17: note: format string is defined here
42 | #define PRIu64 "I64u"
| ^
libyara/scanner.c:884:9: warning: format '%s' expects argument of type 'char *', but argument 2 has
type 'uint64_t' {aka 'long long unsigned int'} [-Wformat=]
884 | "%10" PRIu64 " %s:%s: \n",
| ^~~~~
885 | rpi->cost,
| ~~~~~~~~~
| |
| uint64_t {aka long long unsigned int}
libyara/scanner.c:884:25: note: format string is defined here
884 | "%10" PRIu64 " %s:%s: \n",
| ~^
| |
| char *
| %lld
libyara/scanner.c:884:9: warning: too many arguments for format [-Wformat-extra-args]
884 | "%10" PRIu64 " %s:%s: \n",
| ^~~~~
CC libyara/la-simple_str.lo
CC libyara/la-sizedstr.lo
CC libyara/la-stack.lo
CC libyara/la-stopwatch.lo
CC libyara/la-strutils.lo
CC libyara/la-stream.lo
CC libyara/tlshc/la-tlsh.lo
CC libyara/tlshc/la-tlsh_impl.lo
CC libyara/tlshc/la-tlsh_util.lo
CC libyara/la-threading.lo
CC libyara/proc/la-none.lo
CCLD libyara.la
libtool: warning: undefined symbols not allowed in x86_64-pc-msys shared libraries; building static only
copying selected object files to avoid basename conflicts...
CCLD yara.exe
CC cli/yarac.o
CCLD yarac.exe
make[1]: Leaving directory '/c/users/rancio/downloads/yara-4.4.0'
hillu commented
I just realized that the piece of information needed to solve the puzzle was in a previous post:
CC libyara/proc/la-none.lo
This means that the dummy version of the processor scanning functions got compiled into your YARA library. Probably something to do with configure determining a $host_os that it does not recognize…
In any case, this is a bug in the YARA build script. You'll probably find that the command line yara scanner produced in the same build does not want to scan processes, either.
RRancio commented
i looked at the Makefile and it shows this info:
host_os = msys
hillu commented
oh, this one might be easy. Try applying the patch below to YARA, run ./bootstrap.sh and rebuild.
you should see something like
CC libyara/proc/la-windows.lo
in the build log and ideally, the process scan from within your Go program will work.
diff --git a/configure.ac b/configure.ac
index 4895ae09..08c6a8cb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -63,7 +63,7 @@ AC_ARG_ENABLE([proc-scan],
posix=true
proc_interface=mach
jemalloc_prefix=je_ ;;
- mingw*|cygwin*) CFLAGS="$CFLAGS -DUSE_WINDOWS_PROC"
+ mingw*|msys*|cygwin*) CFLAGS="$CFLAGS -DUSE_WINDOWS_PROC"
proc_interface=windows
jemalloc_prefix= ;;
linux*|netbsd*|dragonfly*|kfreebsd*)RRancio commented
Sorry for the question but, wdym by "Patch below to YARA"? maybe you mean "Path" but i still don't understand, can you provide a example? :V
EDIT: i think i figured out, im building
EDIT2: omg...
CC libyara/la-strutils.lo
CC libyara/la-stream.lo
CC libyara/tlshc/la-tlsh.lo
CC libyara/tlshc/la-tlsh_impl.lo
CC libyara/tlshc/la-tlsh_util.lo
CC libyara/la-threading.lo
CC libyara/proc/la-windows.lo
CCLD libyara.la
RRancio commented
In the end, it worked; the memory does get scanned in case it doesn't interact directly with the process. However, when, for example, I inject a DLL to test that scan and rule, the application crashes:
unexpected fault address 0x2144b
fatal error: fault
[signal 0xc0000005 code=0x0 addr=0x2144b pc=0x7ff60d2341ac]
goroutine 1 [running, locked to thread]:
runtime.throw({0x7ff60d7294bf?, 0x0?})
C:/Program Files/Go/src/runtime/panic.go:1077 +0x65 fp=0xc00027d590 sp=0xc00027d560 pc=0x7ff60d268645
runtime.sigpanic()
C:/Program Files/Go/src/runtime/signal_windows.go:377 +0xd0 fp=0xc00027d5d8 sp=0xc00027d590 pc=0x7ff60d27c5f0
indexbytebody()
C:/Program Files/Go/src/internal/bytealg/indexbyte_amd64.s:48 +0x2c fp=0xc00027d5e0 sp=0xc00027d5d8 pc=0x7ff60d2341ac
runtime.findnull(0xc00004cc00?)
C:/Program Files/Go/src/runtime/string.go:541 +0x7f fp=0xc00027d638 sp=0xc00027d5e0 pc=0x7ff60d281c5f
runtime.gostring(0x1ae705f4040?)
C:/Program Files/Go/src/runtime/string.go:319 +0x1c fp=0xc00027d678 sp=0xc00027d638 pc=0x7ff60d29437c
github.com/hillu/go-yara/v4._Cfunc_GoString(...)
_cgo_gotypes.go:965
github.com/hillu/go-yara/v4.(*Rule).Namespace(0x3e2a0?)
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rule.go:126 +0x37 fp=0xc00027d698 sp=0xc00027d678 pc=0x7ff60d4fcfd7
github.com/hillu/go-yara/v4.(*MatchRules).RuleMatching(0xc000009440, 0x7ff60d6afd00?, 0xc00027d838?)
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rules_callback.go:190 +0x57 fp=0xc00027d7b8 sp=0xc00027d698 pc=0x7ff60d4ff577
github.com/hillu/go-yara/v4.scanCallbackFunc(0x1ae700d57d0, 0x1, 0x1ae705f4040, 0xc000040000?)
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rules_callback.go:129 +0x282 fp=0xc00027d8e0 sp=0xc00027d7b8 pc=0x7ff60d4fefc2
_cgoexp_e4084b5c9b87_scanCallbackFunc(0x5fdcdff8c0)
_cgo_gotypes.go:1978 +0x29 fp=0xc00027d910 sp=0xc00027d8e0 pc=0x7ff60d500129
runtime.cgocallbackg1(0x7ff60d500100, 0xc00027dad0?, 0x0)
C:/Program Files/Go/src/runtime/cgocall.go:329 +0x2c2 fp=0xc00027d9e0 sp=0xc00027d910 pc=0x7ff60d235982
runtime.cgocallbackg(0x7ff60d2729bc?, 0xc000040000?, 0x300000002?)
C:/Program Files/Go/src/runtime/cgocall.go:245 +0x109 fp=0xc00027da70 sp=0xc00027d9e0 pc=0x7ff60d2355e9
runtime.cgocallbackg(0x7ff60d500100, 0x5fdcdff8c0, 0x0)
<autogenerated>:1 +0x2e fp=0xc00027da98 sp=0xc00027da70 pc=0x7ff60d29cd0e
runtime.cgocallback(0xc00027daf8, 0x7ff60d235469, 0x7ff60d533210)
C:/Program Files/Go/src/runtime/asm_amd64.s:1035 +0xec fp=0xc00027dac0 sp=0xc00027da98 pc=0x7ff60d2981cc
runtime.systemstack_switch()
C:/Program Files/Go/src/runtime/asm_amd64.s:474 +0x8 fp=0xc00027dad0 sp=0xc00027dac0 pc=0x7ff60d296408
runtime.cgocall(0x7ff60d533210, 0xc00027db30)
C:/Program Files/Go/src/runtime/cgocall.go:175 +0xa9 fp=0xc00027db08 sp=0xc00027dad0 pc=0x7ff60d235469
github.com/hillu/go-yara/v4._Cfunc_yr_rules_scan_proc(0x1ae700df450, 0x12ec, 0xa, 0x7ff60d532640, 0xc00000bef8, 0x0)
_cgo_gotypes.go:1620 +0x55 fp=0xc00027db30 sp=0xc00027db08 pc=0x7ff60d4fb4f5
github.com/hillu/go-yara/v4.(*Rules).ScanProc.func1(0x7ff60d6d4620?, 0x12ec, 0x7ff60d6b2400?, {0x7ff60d7c28c0?, 0xc000009440?}, 0x7ff60d2fe8ec?, 0x60?)
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rules.go:148 +0x110 fp=0xc00027dba0 sp=0xc00027db30 pc=0x7ff60d4fea50
github.com/hillu/go-yara/v4.(*Rules).ScanProc(0xc00004a290, 0xc00004a028?, 0xc00027dcf0?, 0x1?, {0x7ff60d7c28c0?, 0xc000009440})
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rules.go:148 +0x15f fp=0xc00027dc48 sp=0xc00027dba0 pc=0x7ff60d4fe87f
Anticheat.site/FiveM/checks/scan/checks.FM()
C:/Users/Rancio/Documents/Code/Ocean/FiveM/checks/scan/checks/fm.go:136 +0x198 fp=0xc00027dd98 sp=0xc00027dc48 pc=0x7ff60d5277f8
Anticheat.site/FiveM/checks/scan.StartScan({0xc0000b0100, 0x40}, {0xc00000a0c8, 0x6}, {0xc0000e00a0, 0x9b})
C:/Users/Rancio/Documents/Code/Ocean/FiveM/checks/scan/start.go:58 +0x2af fp=0xc00027def0 sp=0xc00027dd98 pc=0x7ff60d530e2f
main.main()
C:/Users/Rancio/Documents/Code/Ocean/FiveM/client/main.go:29 +0x9f fp=0xc00027df40 sp=0xc00027def0 pc=0x7ff60d5322df
runtime.main()
C:/Program Files/Go/src/runtime/proc.go:267 +0x2b2 fp=0xc00027dfe0 sp=0xc00027df40 pc=0x7ff60d26af32
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00027dfe8 sp=0xc00027dfe0 pc=0x7ff60d298441
goroutine 2 [force gc (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000043fa8 sp=0xc000043f88 pc=0x7ff60d26b34e
runtime.goparkunlock(...)
C:/Program Files/Go/src/runtime/proc.go:404
runtime.forcegchelper()
C:/Program Files/Go/src/runtime/proc.go:322 +0xb8 fp=0xc000043fe0 sp=0xc000043fa8 pc=0x7ff60d26b1d8
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000043fe8 sp=0xc000043fe0 pc=0x7ff60d298441
created by runtime.init.6 in goroutine 1
C:/Program Files/Go/src/runtime/proc.go:310 +0x1a
goroutine 3 [GC sweep wait]:
runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000045f78 sp=0xc000045f58 pc=0x7ff60d26b34e
runtime.goparkunlock(...)
C:/Program Files/Go/src/runtime/proc.go:404
runtime.bgsweep(0x0?)
C:/Program Files/Go/src/runtime/mgcsweep.go:321 +0xdf fp=0xc000045fc8 sp=0xc000045f78 pc=0x7ff60d25593f
runtime.gcenable.func1()
C:/Program Files/Go/src/runtime/mgc.go:200 +0x25 fp=0xc000045fe0 sp=0xc000045fc8 pc=0x7ff60d24ac45
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000045fe8 sp=0xc000045fe0 pc=0x7ff60d298441
created by runtime.gcenable in goroutine 1
C:/Program Files/Go/src/runtime/mgc.go:200 +0x66
goroutine 4 [GC scavenge wait]:
runtime.gopark(0xc000028070?, 0x7ff60d7be278?, 0x0?, 0x0?, 0x0?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000055f70 sp=0xc000055f50 pc=0x7ff60d26b34e
runtime.goparkunlock(...)
C:/Program Files/Go/src/runtime/proc.go:404
runtime.(*scavengerState).park(0x7ff60d9dd2c0)
C:/Program Files/Go/src/runtime/mgcscavenge.go:425 +0x49 fp=0xc000055fa0 sp=0xc000055f70 pc=0x7ff60d253189
runtime.bgscavenge(0x0?)
C:/Program Files/Go/src/runtime/mgcscavenge.go:658 +0x59 fp=0xc000055fc8 sp=0xc000055fa0 pc=0x7ff60d253739
runtime.gcenable.func2()
C:/Program Files/Go/src/runtime/mgc.go:201 +0x25 fp=0xc000055fe0 sp=0xc000055fc8 pc=0x7ff60d24abe5
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000055fe8 sp=0xc000055fe0 pc=0x7ff60d298441
created by runtime.gcenable in goroutine 1
C:/Program Files/Go/src/runtime/mgc.go:201 +0xa5
goroutine 5 [finalizer wait]:
runtime.gopark(0x7ff60d726aa0?, 0x10d26c201?, 0x0?, 0x0?, 0x7ff60d2736c5?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000047e28 sp=0xc000047e08 pc=0x7ff60d26b34e
runtime.runfinq()
C:/Program Files/Go/src/runtime/mfinal.go:193 +0x107 fp=0xc000047fe0 sp=0xc000047e28 pc=0x7ff60d249d07
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000047fe8 sp=0xc000047fe0 pc=0x7ff60d298441
created by runtime.createfing in goroutine 1
C:/Program Files/Go/src/runtime/mfinal.go:163 +0x3d
goroutine 32 [GC worker (idle)]:
runtime.gopark(0x539a92a13a8?, 0x0?, 0xa0?, 0x31?, 0xc0001531a8?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc0001b1f50 sp=0xc0001b1f30 pc=0x7ff60d26b34e
runtime.gcBgMarkWorker()
C:/Program Files/Go/src/runtime/mgc.go:1293 +0xe5 fp=0xc0001b1fe0 sp=0xc0001b1f50 pc=0x7ff60d24c645
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0001b1fe8 sp=0xc0001b1fe0 pc=0x7ff60d298441
created by runtime.gcBgMarkStartWorkers in goroutine 1
C:/Program Files/Go/src/runtime/mgc.go:1217 +0x1c
goroutine 37 [IO wait]:
runtime.gopark(0x0?, 0xc0001c2798?, 0x48?, 0x28?, 0xc0001c27c8?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000241548 sp=0xc000241528 pc=0x7ff60d26b34e
runtime.netpollblock(0xc0002415f0?, 0xd234f06?, 0xf6?)
C:/Program Files/Go/src/runtime/netpoll.go:564 +0xf7 fp=0xc000241580 sp=0xc000241548 pc=0x7ff60d262377
internal/poll.runtime_pollWait(0x1ae6e1e7c38, 0x72)
C:/Program Files/Go/src/runtime/netpoll.go:343 +0x85 fp=0xc0002415a0 sp=0xc000241580 pc=0x7ff60d2924e5
internal/poll.(*pollDesc).wait(0x5?, 0x1113?, 0x0)
C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x27 fp=0xc0002415c8 sp=0xc0002415a0 pc=0x7ff60d2f0e87
internal/poll.execIO(0xc0001c2798, 0x7ff60d7663c8)
C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe6 fp=0xc000241638 sp=0xc0002415c8 pc=0x7ff60d2f15a6
internal/poll.(*FD).Read(0xc0001c2780, {0xc000191500, 0x1500, 0x1500})
C:/Program Files/Go/src/internal/poll/fd_windows.go:436 +0x2b1 fp=0xc0002416e0 sp=0xc000241638 pc=0x7ff60d2f2251
net.(*netFD).Read(0xc0001c2780, {0xc000191500?, 0x7ff60d258c20?, 0x7ff60d9f3640?})
C:/Program Files/Go/src/net/fd_posix.go:55 +0x25 fp=0xc000241728 sp=0xc0002416e0 pc=0x7ff60d397325
net.(*conn).Read(0xc00004a068, {0xc000191500?, 0xc000241838?, 0x7ff60d246188?})
C:/Program Files/Go/src/net/net.go:179 +0x45 fp=0xc000241770 sp=0xc000241728 pc=0x7ff60d3a2405
net.(*TCPConn).Read(0xc000241808?, {0xc000191500?, 0xc00008e720?, 0x18?})
<autogenerated>:1 +0x25 fp=0xc0002417a0 sp=0xc000241770 pc=0x7ff60d3ab625
crypto/tls.(*atLeastReader).Read(0xc00008e720, {0xc000191500?, 0xc00008e720?, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:805 +0x3b fp=0xc0002417e8 sp=0xc0002417a0 pc=0x7ff60d3deb3b
bytes.(*Buffer).ReadFrom(0xc00014e628, {0x7ff60d7c29a0, 0xc00008e720})
C:/Program Files/Go/src/bytes/buffer.go:211 +0x98 fp=0xc000241840 sp=0xc0002417e8 pc=0x7ff60d3098f8
crypto/tls.(*Conn).readFromUntil(0xc00014e380, {0x1ae6e1e8018?, 0xc00004a068}, 0xd0?)
C:/Program Files/Go/src/crypto/tls/conn.go:827 +0xde fp=0xc000241880 sp=0xc000241840 pc=0x7ff60d3ded1e
crypto/tls.(*Conn).readRecordOrCCS(0xc00014e380, 0x0)
C:/Program Files/Go/src/crypto/tls/conn.go:625 +0x250 fp=0xc000241c20 sp=0xc000241880 pc=0x7ff60d3dc2f0
crypto/tls.(*Conn).readRecord(...)
C:/Program Files/Go/src/crypto/tls/conn.go:587
crypto/tls.(*Conn).Read(0xc00014e380, {0xc0001ed000, 0x1000, 0x7ff60d451ba5?})
C:/Program Files/Go/src/crypto/tls/conn.go:1369 +0x158 fp=0xc000241c90 sp=0xc000241c20 pc=0x7ff60d3e25b8
bufio.(*Reader).Read(0xc0002368a0, {0xc00019eac0, 0x9, 0x7ff60d656160?})
C:/Program Files/Go/src/bufio/bufio.go:244 +0x197 fp=0xc000241cc8 sp=0xc000241c90 pc=0x7ff60d40d337
io.ReadAtLeast({0x7ff60d7c2340, 0xc0002368a0}, {0xc00019eac0, 0x9, 0x9}, 0x9)
C:/Program Files/Go/src/io/io.go:335 +0x90 fp=0xc000241d10 sp=0xc000241cc8 pc=0x7ff60d2cab30
io.ReadFull(...)
C:/Program Files/Go/src/io/io.go:354
net/http.http2readFrameHeader({0xc00019eac0, 0x9, 0x2a6c0?}, {0x7ff60d7c2340?, 0xc0002368a0?})
C:/Program Files/Go/src/net/http/h2_bundle.go:1635 +0x65 fp=0xc000241d60 sp=0xc000241d10 pc=0x7ff60d43da45
net/http.(*http2Framer).ReadFrame(0xc00019ea80)
C:/Program Files/Go/src/net/http/h2_bundle.go:1899 +0x85 fp=0xc000241e08 sp=0xc000241d60 pc=0x7ff60d43e0c5
net/http.(*http2clientConnReadLoop).run(0xc000241f98)
C:/Program Files/Go/src/net/http/h2_bundle.go:9276 +0x11f fp=0xc000241f60 sp=0xc000241e08 pc=0x7ff60d44eb3f
net/http.(*http2ClientConn).readLoop(0xc000002000)
C:/Program Files/Go/src/net/http/h2_bundle.go:9171 +0x65 fp=0xc000241fc8 sp=0xc000241f60 pc=0x7ff60d44e0c5
net/http.(*http2Transport).newClientConn.func3()
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0x25 fp=0xc000241fe0 sp=0xc000241fc8 pc=0x7ff60d447885
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000241fe8 sp=0xc000241fe0 pc=0x7ff60d298441
created by net/http.(*http2Transport).newClientConn in goroutine 36
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0xcbe
goroutine 12 [IO wait]:
runtime.gopark(0x0?, 0xc00001bb98?, 0x48?, 0xbc?, 0xc00001bbc8?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc0001b3548 sp=0xc0001b3528 pc=0x7ff60d26b34e
runtime.netpollblock(0xc0001b35e8?, 0xd234f06?, 0xf6?)
C:/Program Files/Go/src/runtime/netpoll.go:564 +0xf7 fp=0xc0001b3580 sp=0xc0001b3548 pc=0x7ff60d262377
internal/poll.runtime_pollWait(0x1ae6e1e7f20, 0x72)
C:/Program Files/Go/src/runtime/netpoll.go:343 +0x85 fp=0xc0001b35a0 sp=0xc0001b3580 pc=0x7ff60d2924e5
internal/poll.(*pollDesc).wait(0x2a01?, 0xa?, 0x0)
C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x27 fp=0xc0001b35c8 sp=0xc0001b35a0 pc=0x7ff60d2f0e87
internal/poll.execIO(0xc00001bb98, 0x7ff60d7663c8)
C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe6 fp=0xc0001b3638 sp=0xc0001b35c8 pc=0x7ff60d2f15a6
internal/poll.(*FD).Read(0xc00001bb80, {0xc0010dc000, 0x6a80, 0x6a80})
C:/Program Files/Go/src/internal/poll/fd_windows.go:436 +0x2b1 fp=0xc0001b36e0 sp=0xc0001b3638 pc=0x7ff60d2f2251
net.(*netFD).Read(0xc00001bb80, {0xc0010dc000?, 0xc0010dc005?, 0x1a?})
C:/Program Files/Go/src/net/fd_posix.go:55 +0x25 fp=0xc0001b3728 sp=0xc0001b36e0 pc=0x7ff60d397325
net.(*conn).Read(0xc00004a0b8, {0xc0010dc000?, 0xc0001b3790?, 0xc00014e8b8?})
C:/Program Files/Go/src/net/net.go:179 +0x45 fp=0xc0001b3770 sp=0xc0001b3728 pc=0x7ff60d3a2405
net.(*TCPConn).Read(0xc0001b3808?, {0xc0010dc000?, 0xc0000091d0?, 0x18?})
<autogenerated>:1 +0x25 fp=0xc0001b37a0 sp=0xc0001b3770 pc=0x7ff60d3ab625
crypto/tls.(*atLeastReader).Read(0xc0000091d0, {0xc0010dc000?, 0xc0000091d0?, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:805 +0x3b fp=0xc0001b37e8 sp=0xc0001b37a0 pc=0x7ff60d3deb3b
bytes.(*Buffer).ReadFrom(0xc00014e9a8, {0x7ff60d7c29a0, 0xc0000091d0})
C:/Program Files/Go/src/bytes/buffer.go:211 +0x98 fp=0xc0001b3840 sp=0xc0001b37e8 pc=0x7ff60d3098f8
crypto/tls.(*Conn).readFromUntil(0xc00014e700, {0x1ae6e1e8018?, 0xc00004a0b8}, 0x6a80?)
C:/Program Files/Go/src/crypto/tls/conn.go:827 +0xde fp=0xc0001b3880 sp=0xc0001b3840 pc=0x7ff60d3ded1e
crypto/tls.(*Conn).readRecordOrCCS(0xc00014e700, 0x0)
C:/Program Files/Go/src/crypto/tls/conn.go:625 +0x250 fp=0xc0001b3c20 sp=0xc0001b3880 pc=0x7ff60d3dc2f0
crypto/tls.(*Conn).readRecord(...)
C:/Program Files/Go/src/crypto/tls/conn.go:587
crypto/tls.(*Conn).Read(0xc00014e700, {0xc0001ad000, 0x1000, 0x7ff60d451ba5?})
C:/Program Files/Go/src/crypto/tls/conn.go:1369 +0x158 fp=0xc0001b3c90 sp=0xc0001b3c20 pc=0x7ff60d3e25b8
bufio.(*Reader).Read(0xc0001a8c00, {0xc00019e660, 0x9, 0x7ff60d656160?})
C:/Program Files/Go/src/bufio/bufio.go:244 +0x197 fp=0xc0001b3cc8 sp=0xc0001b3c90 pc=0x7ff60d40d337
io.ReadAtLeast({0x7ff60d7c2340, 0xc0001a8c00}, {0xc00019e660, 0x9, 0x9}, 0x9)
C:/Program Files/Go/src/io/io.go:335 +0x90 fp=0xc0001b3d10 sp=0xc0001b3cc8 pc=0x7ff60d2cab30
io.ReadFull(...)
C:/Program Files/Go/src/io/io.go:354
net/http.http2readFrameHeader({0xc00019e660, 0x9, 0xc0001a5da0?}, {0x7ff60d7c2340?, 0xc0001a8c00?})
C:/Program Files/Go/src/net/http/h2_bundle.go:1635 +0x65 fp=0xc0001b3d60 sp=0xc0001b3d10 pc=0x7ff60d43da45
net/http.(*http2Framer).ReadFrame(0xc00019e620)
C:/Program Files/Go/src/net/http/h2_bundle.go:1899 +0x85 fp=0xc0001b3e08 sp=0xc0001b3d60 pc=0x7ff60d43e0c5
net/http.(*http2clientConnReadLoop).run(0xc0001b3f98)
C:/Program Files/Go/src/net/http/h2_bundle.go:9276 +0x11f fp=0xc0001b3f60 sp=0xc0001b3e08 pc=0x7ff60d44eb3f
net/http.(*http2ClientConn).readLoop(0xc000002180)
C:/Program Files/Go/src/net/http/h2_bundle.go:9171 +0x65 fp=0xc0001b3fc8 sp=0xc0001b3f60 pc=0x7ff60d44e0c5
net/http.(*http2Transport).newClientConn.func3()
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0x25 fp=0xc0001b3fe0 sp=0xc0001b3fc8 pc=0x7ff60d447885
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0001b3fe8 sp=0xc0001b3fe0 pc=0x7ff60d298441
created by net/http.(*http2Transport).newClientConn in goroutine 11
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0xcbe
goroutine 29 [IO wait]:
runtime.gopark(0x0?, 0xc0001c2518?, 0xc8?, 0x25?, 0xc0001c2548?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000053548 sp=0xc000053528 pc=0x7ff60d26b34e
runtime.netpollblock(0xc0000535e8?, 0xd234f06?, 0xf6?)
C:/Program Files/Go/src/runtime/netpoll.go:564 +0xf7 fp=0xc000053580 sp=0xc000053548 pc=0x7ff60d262377
internal/poll.runtime_pollWait(0x1ae6e1e7d30, 0x72)
C:/Program Files/Go/src/runtime/netpoll.go:343 +0x85 fp=0xc0000535a0 sp=0xc000053580 pc=0x7ff60d2924e5
internal/poll.(*pollDesc).wait(0x1487d0400549901?, 0xa?, 0x0)
C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x27 fp=0xc0000535c8 sp=0xc0000535a0 pc=0x7ff60d2f0e87
internal/poll.execIO(0xc0001c2518, 0x7ff60d7663c8)
C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe6 fp=0xc000053638 sp=0xc0000535c8 pc=0x7ff60d2f15a6
internal/poll.(*FD).Read(0xc0001c2500, {0xc00021c000, 0xd80, 0xd80})
C:/Program Files/Go/src/internal/poll/fd_windows.go:436 +0x2b1 fp=0xc0000536e0 sp=0xc000053638 pc=0x7ff60d2f2251
net.(*netFD).Read(0xc0001c2500, {0xc00021c000?, 0xc00021c005?, 0x1a?})
C:/Program Files/Go/src/net/fd_posix.go:55 +0x25 fp=0xc000053728 sp=0xc0000536e0 pc=0x7ff60d397325
net.(*conn).Read(0xc0000ce0c0, {0xc00021c000?, 0x2a?, 0xc0000c4fb8?})
C:/Program Files/Go/src/net/net.go:179 +0x45 fp=0xc000053770 sp=0xc000053728 pc=0x7ff60d3a2405
net.(*TCPConn).Read(0xc000053808?, {0xc00021c000?, 0xc0000089c0?, 0x18?})
<autogenerated>:1 +0x25 fp=0xc0000537a0 sp=0xc000053770 pc=0x7ff60d3ab625
crypto/tls.(*atLeastReader).Read(0xc0000089c0, {0xc00021c000?, 0xc0000089c0?, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:805 +0x3b fp=0xc0000537e8 sp=0xc0000537a0 pc=0x7ff60d3deb3b
bytes.(*Buffer).ReadFrom(0xc0000c50a8, {0x7ff60d7c29a0, 0xc0000089c0})
C:/Program Files/Go/src/bytes/buffer.go:211 +0x98 fp=0xc000053840 sp=0xc0000537e8 pc=0x7ff60d3098f8
crypto/tls.(*Conn).readFromUntil(0xc0000c4e00, {0x1ae6e1e8018?, 0xc0000ce0c0}, 0xd80?)
C:/Program Files/Go/src/crypto/tls/conn.go:827 +0xde fp=0xc000053880 sp=0xc000053840 pc=0x7ff60d3ded1e
crypto/tls.(*Conn).readRecordOrCCS(0xc0000c4e00, 0x0)
C:/Program Files/Go/src/crypto/tls/conn.go:625 +0x250 fp=0xc000053c20 sp=0xc000053880 pc=0x7ff60d3dc2f0
crypto/tls.(*Conn).readRecord(...)
C:/Program Files/Go/src/crypto/tls/conn.go:587
crypto/tls.(*Conn).Read(0xc0000c4e00, {0xc00023b000, 0x1000, 0x7ff60d451ba5?})
C:/Program Files/Go/src/crypto/tls/conn.go:1369 +0x158 fp=0xc000053c90 sp=0xc000053c20 pc=0x7ff60d3e25b8
bufio.(*Reader).Read(0xc000236b40, {0xc00020eac0, 0x9, 0x7ff60d656160?})
C:/Program Files/Go/src/bufio/bufio.go:244 +0x197 fp=0xc000053cc8 sp=0xc000053c90 pc=0x7ff60d40d337
io.ReadAtLeast({0x7ff60d7c2340, 0xc000236b40}, {0xc00020eac0, 0x9, 0x9}, 0x9)
C:/Program Files/Go/src/io/io.go:335 +0x90 fp=0xc000053d10 sp=0xc000053cc8 pc=0x7ff60d2cab30
io.ReadFull(...)
C:/Program Files/Go/src/io/io.go:354
net/http.http2readFrameHeader({0xc00020eac0, 0x9, 0xc0001a5200?}, {0x7ff60d7c2340?, 0xc000236b40?})
C:/Program Files/Go/src/net/http/h2_bundle.go:1635 +0x65 fp=0xc000053d60 sp=0xc000053d10 pc=0x7ff60d43da45
net/http.(*http2Framer).ReadFrame(0xc00020ea80)
C:/Program Files/Go/src/net/http/h2_bundle.go:1899 +0x85 fp=0xc000053e08 sp=0xc000053d60 pc=0x7ff60d43e0c5
net/http.(*http2clientConnReadLoop).run(0xc000053f98)
C:/Program Files/Go/src/net/http/h2_bundle.go:9276 +0x11f fp=0xc000053f60 sp=0xc000053e08 pc=0x7ff60d44eb3f
net/http.(*http2ClientConn).readLoop(0xc0000d4480)
C:/Program Files/Go/src/net/http/h2_bundle.go:9171 +0x65 fp=0xc000053fc8 sp=0xc000053f60 pc=0x7ff60d44e0c5
net/http.(*http2Transport).newClientConn.func3()
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0x25 fp=0xc000053fe0 sp=0xc000053fc8 pc=0x7ff60d447885
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000053fe8 sp=0xc000053fe0 pc=0x7ff60d298441
created by net/http.(*http2Transport).newClientConn in goroutine 28
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0xcbe
goroutine 25 [IO wait]:
runtime.gopark(0x0?, 0xc0000be518?, 0xc8?, 0xe5?, 0xc0000be548?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc0001af548 sp=0xc0001af528 pc=0x7ff60d26b34e
runtime.netpollblock(0x0?, 0xd234f06?, 0xf6?)
C:/Program Files/Go/src/runtime/netpoll.go:564 +0xf7 fp=0xc0001af580 sp=0xc0001af548 pc=0x7ff60d262377
internal/poll.runtime_pollWait(0x1ae6e1e7e28, 0x72)
C:/Program Files/Go/src/runtime/netpoll.go:343 +0x85 fp=0xc0001af5a0 sp=0xc0001af580 pc=0x7ff60d2924e5
internal/poll.(*pollDesc).wait(0xc000084680?, 0xc0001af610?, 0x0)
C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x27 fp=0xc0001af5c8 sp=0xc0001af5a0 pc=0x7ff60d2f0e87
internal/poll.execIO(0xc0000be518, 0x7ff60d7663c8)
C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe6 fp=0xc0001af638 sp=0xc0001af5c8 pc=0x7ff60d2f15a6
internal/poll.(*FD).Read(0xc0000be500, {0xc0000fc000, 0x1500, 0x1500})
C:/Program Files/Go/src/internal/poll/fd_windows.go:436 +0x2b1 fp=0xc0001af6e0 sp=0xc0001af638 pc=0x7ff60d2f2251
net.(*netFD).Read(0xc0000be500, {0xc0000fc000?, 0xc0001af7d0?, 0x7ff60d2d6674?})
C:/Program Files/Go/src/net/fd_posix.go:55 +0x25 fp=0xc0001af728 sp=0xc0001af6e0 pc=0x7ff60d397325
net.(*conn).Read(0xc0000ce068, {0xc0000fc000?, 0xc0001af7f8?, 0x7ff60d3caf86?})
C:/Program Files/Go/src/net/net.go:179 +0x45 fp=0xc0001af770 sp=0xc0001af728 pc=0x7ff60d3a2405
net.(*TCPConn).Read(0xc0001af808?, {0xc0000fc000?, 0xc00008e9a8?, 0x18?})
<autogenerated>:1 +0x25 fp=0xc0001af7a0 sp=0xc0001af770 pc=0x7ff60d3ab625
crypto/tls.(*atLeastReader).Read(0xc00008e9a8, {0xc0000fc000?, 0xc00008e9a8?, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:805 +0x3b fp=0xc0001af7e8 sp=0xc0001af7a0 pc=0x7ff60d3deb3b
bytes.(*Buffer).ReadFrom(0xc0000c4628, {0x7ff60d7c29a0, 0xc00008e9a8})
C:/Program Files/Go/src/bytes/buffer.go:211 +0x98 fp=0xc0001af840 sp=0xc0001af7e8 pc=0x7ff60d3098f8
crypto/tls.(*Conn).readFromUntil(0xc0000c4380, {0x1ae6e1e8018?, 0xc0000ce068}, 0xc0000be5e8?)
C:/Program Files/Go/src/crypto/tls/conn.go:827 +0xde fp=0xc0001af880 sp=0xc0001af840 pc=0x7ff60d3ded1e
crypto/tls.(*Conn).readRecordOrCCS(0xc0000c4380, 0x0)
C:/Program Files/Go/src/crypto/tls/conn.go:625 +0x250 fp=0xc0001afc20 sp=0xc0001af880 pc=0x7ff60d3dc2f0
crypto/tls.(*Conn).readRecord(...)
C:/Program Files/Go/src/crypto/tls/conn.go:587
crypto/tls.(*Conn).Read(0xc0000c4380, {0xc000219000, 0x1000, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:1369 +0x158 fp=0xc0001afc90 sp=0xc0001afc20 pc=0x7ff60d3e25b8
bufio.(*Reader).Read(0xc0002166c0, {0xc00020e580, 0x9, 0x7ff60d472ace?})
C:/Program Files/Go/src/bufio/bufio.go:244 +0x197 fp=0xc0001afcc8 sp=0xc0001afc90 pc=0x7ff60d40d337
io.ReadAtLeast({0x7ff60d7c2340, 0xc0002166c0}, {0xc00020e580, 0x9, 0x9}, 0x9)
C:/Program Files/Go/src/io/io.go:335 +0x90 fp=0xc0001afd10 sp=0xc0001afcc8 pc=0x7ff60d2cab30
io.ReadFull(...)
C:/Program Files/Go/src/io/io.go:354
net/http.http2readFrameHeader({0xc00020e580, 0x9, 0x7ff60d4530b2?}, {0x7ff60d7c2340?, 0xc0002166c0?})
C:/Program Files/Go/src/net/http/h2_bundle.go:1635 +0x65 fp=0xc0001afd60 sp=0xc0001afd10 pc=0x7ff60d43da45
net/http.(*http2Framer).ReadFrame(0xc00020e540)
C:/Program Files/Go/src/net/http/h2_bundle.go:1899 +0x85 fp=0xc0001afe08 sp=0xc0001afd60 pc=0x7ff60d43e0c5
net/http.(*http2clientConnReadLoop).run(0xc0001aff98)
C:/Program Files/Go/src/net/http/h2_bundle.go:9276 +0x11f fp=0xc0001aff60 sp=0xc0001afe08 pc=0x7ff60d44eb3f
net/http.(*http2ClientConn).readLoop(0xc0000d4180)
C:/Program Files/Go/src/net/http/h2_bundle.go:9171 +0x65 fp=0xc0001affc8 sp=0xc0001aff60 pc=0x7ff60d44e0c5
net/http.(*http2Transport).newClientConn.func3()
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0x25 fp=0xc0001affe0 sp=0xc0001affc8 pc=0x7ff60d447885
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0001affe8 sp=0xc0001affe0 pc=0x7ff60d298441
created by net/http.(*http2Transport).newClientConn in goroutine 24
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0xcbe
goroutine 33 [GC worker (idle)]:
runtime.gopark(0x539a92a13a8?, 0x0?, 0x0?, 0x0?, 0x0?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000243f50 sp=0xc000243f30 pc=0x7ff60d26b34e
runtime.gcBgMarkWorker()
C:/Program Files/Go/src/runtime/mgc.go:1293 +0xe5 fp=0xc000243fe0 sp=0xc000243f50 pc=0x7ff60d24c645
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000243fe8 sp=0xc000243fe0 pc=0x7ff60d298441
created by runtime.gcBgMarkStartWorkers in goroutine 1
C:/Program Files/Go/src/runtime/mgc.go:1217 +0x1c
In fact, it's not just with ScanProc, the same issue occurs when I use ScanFile:
unexpected fault address 0x40002064b
fatal error: fault
[signal 0xc0000005 code=0x0 addr=0x40002064b pc=0x7ff6a9c541ac]
goroutine 105 [running, locked to thread]:
runtime.throw({0x7ff6aa14819f?, 0x0?})
C:/Program Files/Go/src/runtime/panic.go:1077 +0x65 fp=0xc00020f648 sp=0xc00020f618 pc=0x7ff6a9c88645
runtime.sigpanic()
C:/Program Files/Go/src/runtime/signal_windows.go:377 +0xd0 fp=0xc00020f690 sp=0xc00020f648 pc=0x7ff6a9c9c5f0
indexbytebody()
C:/Program Files/Go/src/internal/bytealg/indexbyte_amd64.s:48 +0x2c fp=0xc00020f698 sp=0xc00020f690 pc=0x7ff6a9c541ac
runtime.findnull(0xc00004c800?)
C:/Program Files/Go/src/runtime/string.go:541 +0x7f fp=0xc00020f6f0 sp=0xc00020f698 pc=0x7ff6a9ca1c5f
runtime.gostring(0x22cf20fc078?)
C:/Program Files/Go/src/runtime/string.go:319 +0x1c fp=0xc00020f730 sp=0xc00020f6f0 pc=0x7ff6a9cb437c
github.com/hillu/go-yara/v4._Cfunc_GoString(...)
_cgo_gotypes.go:965
github.com/hillu/go-yara/v4.(*Rule).Namespace(0x7ff6a9c66ceb?)
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rule.go:126 +0x37 fp=0xc00020f750 sp=0xc00020f730 pc=0x7ff6a9f1ce37
github.com/hillu/go-yara/v4.(*MatchRules).RuleMatching(0xc00008aee8, 0x7ff6aa0cebc0?, 0xc00020f8f0?)
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rules_callback.go:190 +0x57 fp=0xc00020f870 sp=0xc00020f750 pc=0x7ff6a9f1efd7
github.com/hillu/go-yara/v4.scanCallbackFunc(0x22cf1bec540, 0x1, 0x22cf20fc078, 0xc0001d4680?)
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rules_callback.go:129 +0x282 fp=0xc00020f998 sp=0xc00020f870 pc=0x7ff6a9f1ea22
_cgoexp_e4084b5c9b87_scanCallbackFunc(0x47003ff3c0)
_cgo_gotypes.go:1978 +0x29 fp=0xc00020f9c8 sp=0xc00020f998 pc=0x7ff6a9f1fb89
runtime.cgocallbackg1(0x7ff6a9f1fb60, 0xc00020fb88?, 0x0)
C:/Program Files/Go/src/runtime/cgocall.go:329 +0x2c2 fp=0xc00020fa98 sp=0xc00020f9c8 pc=0x7ff6a9c55982
runtime.cgocallbackg(0x7ff6a9c929bc?, 0xc0001d4680?, 0x300000002?)
C:/Program Files/Go/src/runtime/cgocall.go:245 +0x109 fp=0xc00020fb28 sp=0xc00020fa98 pc=0x7ff6a9c555e9
runtime.cgocallbackg(0x7ff6a9f1fb60, 0x47003ff3c0, 0x0)
<autogenerated>:1 +0x2e fp=0xc00020fb50 sp=0xc00020fb28 pc=0x7ff6a9cbcd0e
runtime.cgocallback(0xc00020fbb0, 0x7ff6a9c55469, 0x7ff6a9f52150)
C:/Program Files/Go/src/runtime/asm_amd64.s:1035 +0xec fp=0xc00020fb78 sp=0xc00020fb50 pc=0x7ff6a9cb81cc
runtime.systemstack_switch()
C:/Program Files/Go/src/runtime/asm_amd64.s:474 +0x8 fp=0xc00020fb88 sp=0xc00020fb78 pc=0x7ff6a9cb6408
runtime.cgocall(0x7ff6a9f52150, 0xc00020fbe8)
C:/Program Files/Go/src/runtime/cgocall.go:175 +0xa9 fp=0xc00020fbc0 sp=0xc00020fb88 pc=0x7ff6a9c55469
github.com/hillu/go-yara/v4._Cfunc_yr_rules_scan_file(0x22cf1bede90, 0x22cca821910, 0x9, 0x7ff6a9f51680, 0xc0003201d8, 0x0)
_cgo_gotypes.go:1565 +0x55 fp=0xc00020fbe8 sp=0xc00020fbc0 pc=0x7ff6a9f1b375
github.com/hillu/go-yara/v4.(*Rules).ScanFile.func2(0x7ff6aa0f3480?, 0xc000b050e0?, 0x7ff6aa0d12c0?, {0x7ff6aa1e1400?, 0xc00008aee8?}, 0x7ff6a9c5e365?, 0xc00008aee8?)
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rules.go:114 +0x111 fp=0xc00020fc68 sp=0xc00020fbe8 pc=0x7ff6a9f1e451
github.com/hillu/go-yara/v4.(*Rules).ScanFile(0xc00066c080, {0xc0018d5820?, 0x7ff6aa147ec8?}, 0x4?, 0x0?, {0x7ff6aa1e1400?, 0xc00008aee8})
C:/Users/Rancio/go/pkg/mod/github.com/hillu/go-yara/v4@v4.3.2/rules.go:114 +0x1a6 fp=0xc00020fd28 sp=0xc00020fc68 pc=0x7ff6a9f1e266
Anticheat.site/FiveM/checks/scan/checks.Y()
C:/Users/Rancio/Documents/Code/Ocean/FiveM/checks/scan/checks/y.go:59 +0x3d2 fp=0xc00020ffe0 sp=0xc00020fd28 pc=0x7ff6a9f4ecf2
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00020ffe8 sp=0xc00020ffe0 pc=0x7ff6a9cb8441
created by Anticheat.site/FiveM/checks/scan.StartScan in goroutine 1
C:/Users/Rancio/Documents/Code/Ocean/FiveM/checks/scan/start.go:104 +0x5a5
goroutine 1 [runnable]:
runtime.asyncPreempt2()
C:/Program Files/Go/src/runtime/preempt.go:307 +0x39 fp=0xc0004f7840 sp=0xc0004f7820 pc=0x7ff6a9c89a59
runtime.asyncPreempt()
C:/Program Files/Go/src/runtime/preempt_amd64.s:53 +0xdb fp=0xc0004f79c8 sp=0xc0004f7840 pc=0x7ff6a9cb99db
fmt.(*pp).doPrintf(0xc000500000, {0x7ff6aa14878b, 0x6}, {0xc0004f7be0?, 0x1, 0x1})
C:/Program Files/Go/src/fmt/print.go:1056 +0xf6c fp=0xc0004f7ac0 sp=0xc0004f79c8 pc=0x7ff6a9d2566c
fmt.Sprintf({0x7ff6aa14878b, 0x6}, {0xc0004f7be0, 0x1, 0x1})
C:/Program Files/Go/src/fmt/print.go:239 +0x53 fp=0xc0004f7b18 sp=0xc0004f7ac0 pc=0x7ff6a9d1ed53
Anticheat.site/FiveM/checks/scan/checks.SectionSize()
C:/Users/Rancio/Documents/Code/Ocean/FiveM/checks/scan/checks/sec.go:33 +0x37d fp=0xc0004f7d70 sp=0xc0004f7b18 pc=0x7ff6a9f4bbbd
Anticheat.site/FiveM/checks/scan/checks.S()
C:/Users/Rancio/Documents/Code/Ocean/FiveM/checks/scan/checks/sec.go:16 +0x32 fp=0xc0004f7d98 sp=0xc0004f7d70 pc=0x7ff6a9f4b832
Anticheat.site/FiveM/checks/scan.StartScan({0xc0000b0000, 0x40}, {0xc00000a0c8, 0x6}, {0xc0000960a0, 0x9b})
C:/Users/Rancio/Documents/Code/Ocean/FiveM/checks/scan/start.go:105 +0x5aa fp=0xc0004f7ef0 sp=0xc0004f7d98 pc=0x7ff6a9f5016a
main.main()
C:/Users/Rancio/Documents/Code/Ocean/FiveM/client/main.go:29 +0x9f fp=0xc0004f7f40 sp=0xc0004f7ef0 pc=0x7ff6a9f5131f
runtime.main()
C:/Program Files/Go/src/runtime/proc.go:267 +0x2b2 fp=0xc0004f7fe0 sp=0xc0004f7f40 pc=0x7ff6a9c8af32
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0004f7fe8 sp=0xc0004f7fe0 pc=0x7ff6a9cb8441
goroutine 2 [force gc (idle), 1 minutes]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000043fa8 sp=0xc000043f88 pc=0x7ff6a9c8b34e
runtime.goparkunlock(...)
C:/Program Files/Go/src/runtime/proc.go:404
runtime.forcegchelper()
C:/Program Files/Go/src/runtime/proc.go:322 +0xb8 fp=0xc000043fe0 sp=0xc000043fa8 pc=0x7ff6a9c8b1d8
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000043fe8 sp=0xc000043fe0 pc=0x7ff6a9cb8441
created by runtime.init.6 in goroutine 1
C:/Program Files/Go/src/runtime/proc.go:310 +0x1a
goroutine 3 [GC sweep wait]:
runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000045f78 sp=0xc000045f58 pc=0x7ff6a9c8b34e
runtime.goparkunlock(...)
C:/Program Files/Go/src/runtime/proc.go:404
runtime.bgsweep(0x0?)
C:/Program Files/Go/src/runtime/mgcsweep.go:321 +0xdf fp=0xc000045fc8 sp=0xc000045f78 pc=0x7ff6a9c7593f
runtime.gcenable.func1()
C:/Program Files/Go/src/runtime/mgc.go:200 +0x25 fp=0xc000045fe0 sp=0xc000045fc8 pc=0x7ff6a9c6ac45
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000045fe8 sp=0xc000045fe0 pc=0x7ff6a9cb8441
created by runtime.gcenable in goroutine 1
C:/Program Files/Go/src/runtime/mgc.go:200 +0x66
goroutine 4 [GC scavenge wait]:
runtime.gopark(0x366884?, 0x2b1fe8?, 0x0?, 0x0?, 0x0?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000055f70 sp=0xc000055f50 pc=0x7ff6a9c8b34e
runtime.goparkunlock(...)
C:/Program Files/Go/src/runtime/proc.go:404
runtime.(*scavengerState).park(0x7ff6aa3fc2c0)
C:/Program Files/Go/src/runtime/mgcscavenge.go:425 +0x49 fp=0xc000055fa0 sp=0xc000055f70 pc=0x7ff6a9c73189
runtime.bgscavenge(0x0?)
C:/Program Files/Go/src/runtime/mgcscavenge.go:658 +0x59 fp=0xc000055fc8 sp=0xc000055fa0 pc=0x7ff6a9c73739
runtime.gcenable.func2()
C:/Program Files/Go/src/runtime/mgc.go:201 +0x25 fp=0xc000055fe0 sp=0xc000055fc8 pc=0x7ff6a9c6abe5
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000055fe8 sp=0xc000055fe0 pc=0x7ff6a9cb8441
created by runtime.gcenable in goroutine 1
C:/Program Files/Go/src/runtime/mgc.go:201 +0xa5
goroutine 5 [finalizer wait]:
runtime.gopark(0x0?, 0x7ff6aa185670?, 0x0?, 0x60?, 0x1000000010?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000047e28 sp=0xc000047e08 pc=0x7ff6a9c8b34e
runtime.runfinq()
C:/Program Files/Go/src/runtime/mfinal.go:193 +0x107 fp=0xc000047fe0 sp=0xc000047e28 pc=0x7ff6a9c69d07
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000047fe8 sp=0xc000047fe0 pc=0x7ff6a9cb8441
created by runtime.createfing in goroutine 1
C:/Program Files/Go/src/runtime/mfinal.go:163 +0x3d
goroutine 16 [GC worker (idle)]:
runtime.gopark(0x58b13652ab8?, 0xc0001b1fd0?, 0x2b?, 0x82?, 0xc0001b1fb0?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc0001b1f50 sp=0xc0001b1f30 pc=0x7ff6a9c8b34e
runtime.gcBgMarkWorker()
C:/Program Files/Go/src/runtime/mgc.go:1293 +0xe5 fp=0xc0001b1fe0 sp=0xc0001b1f50 pc=0x7ff6a9c6c645
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0001b1fe8 sp=0xc0001b1fe0 pc=0x7ff6a9cb8441
created by runtime.gcBgMarkStartWorkers in goroutine 1
C:/Program Files/Go/src/runtime/mgc.go:1217 +0x1c
goroutine 12 [IO wait]:
runtime.gopark(0x0?, 0xc00001bb98?, 0x48?, 0xbc?, 0xc00001bbc8?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000203548 sp=0xc000203528 pc=0x7ff6a9c8b34e
runtime.netpollblock(0xc0002035e8?, 0xa9c54f06?, 0xf6?)
C:/Program Files/Go/src/runtime/netpoll.go:564 +0xf7 fp=0xc000203580 sp=0xc000203548 pc=0x7ff6a9c82377
internal/poll.runtime_pollWait(0x22cca7e7f20, 0x72)
C:/Program Files/Go/src/runtime/netpoll.go:343 +0x85 fp=0xc0002035a0 sp=0xc000203580 pc=0x7ff6a9cb24e5
internal/poll.(*pollDesc).wait(0x1f01?, 0xa?, 0x0)
C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x27 fp=0xc0002035c8 sp=0xc0002035a0 pc=0x7ff6a9d10e87
internal/poll.execIO(0xc00001bb98, 0x7ff6aa1850a8)
C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe6 fp=0xc000203638 sp=0xc0002035c8 pc=0x7ff6a9d115a6
internal/poll.(*FD).Read(0xc00001bb80, {0xc0003da000, 0xa000, 0xa000})
C:/Program Files/Go/src/internal/poll/fd_windows.go:436 +0x2b1 fp=0xc0002036e0 sp=0xc000203638 pc=0x7ff6a9d12251
net.(*netFD).Read(0xc00001bb80, {0xc0003da000?, 0xc0003def63?, 0x1a?})
C:/Program Files/Go/src/net/fd_posix.go:55 +0x25 fp=0xc000203728 sp=0xc0002036e0 pc=0x7ff6a9db7325
net.(*conn).Read(0xc00004a0b0, {0xc0003da000?, 0x7ff6a9dfad37?, 0xc00014e8b8?})
C:/Program Files/Go/src/net/net.go:179 +0x45 fp=0xc000203770 sp=0xc000203728 pc=0x7ff6a9dc2405
net.(*TCPConn).Read(0xc000203808?, {0xc0003da000?, 0xc0011fa240?, 0x18?})
<autogenerated>:1 +0x25 fp=0xc0002037a0 sp=0xc000203770 pc=0x7ff6a9dcb625
crypto/tls.(*atLeastReader).Read(0xc0011fa240, {0xc0003da000?, 0xc0011fa240?, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:805 +0x3b fp=0xc0002037e8 sp=0xc0002037a0 pc=0x7ff6a9dfeb3b
bytes.(*Buffer).ReadFrom(0xc00014e9a8, {0x7ff6aa1e14e0, 0xc0011fa240})
C:/Program Files/Go/src/bytes/buffer.go:211 +0x98 fp=0xc000203840 sp=0xc0002037e8 pc=0x7ff6a9d298f8
crypto/tls.(*Conn).readFromUntil(0xc00014e700, {0x22cca7e8018?, 0xc00004a0b0}, 0x50a2?)
C:/Program Files/Go/src/crypto/tls/conn.go:827 +0xde fp=0xc000203880 sp=0xc000203840 pc=0x7ff6a9dfed1e
crypto/tls.(*Conn).readRecordOrCCS(0xc00014e700, 0x0)
C:/Program Files/Go/src/crypto/tls/conn.go:625 +0x250 fp=0xc000203c20 sp=0xc000203880 pc=0x7ff6a9dfc2f0
crypto/tls.(*Conn).readRecord(...)
C:/Program Files/Go/src/crypto/tls/conn.go:587
crypto/tls.(*Conn).Read(0xc00014e700, {0xc0001ad000, 0x1000, 0x7ff6a9e71ba5?})
C:/Program Files/Go/src/crypto/tls/conn.go:1369 +0x158 fp=0xc000203c90 sp=0xc000203c20 pc=0x7ff6a9e025b8
bufio.(*Reader).Read(0xc0001a8c00, {0xc00019e660, 0x9, 0x7ff6aa075110?})
C:/Program Files/Go/src/bufio/bufio.go:244 +0x197 fp=0xc000203cc8 sp=0xc000203c90 pc=0x7ff6a9e2d337
io.ReadAtLeast({0x7ff6aa1e0e80, 0xc0001a8c00}, {0xc00019e660, 0x9, 0x9}, 0x9)
C:/Program Files/Go/src/io/io.go:335 +0x90 fp=0xc000203d10 sp=0xc000203cc8 pc=0x7ff6a9ceab30
io.ReadFull(...)
C:/Program Files/Go/src/io/io.go:354
net/http.http2readFrameHeader({0xc00019e660, 0x9, 0xc0001a48d0?}, {0x7ff6aa1e0e80?, 0xc0001a8c00?})
C:/Program Files/Go/src/net/http/h2_bundle.go:1635 +0x65 fp=0xc000203d60 sp=0xc000203d10 pc=0x7ff6a9e5da45
net/http.(*http2Framer).ReadFrame(0xc00019e620)
C:/Program Files/Go/src/net/http/h2_bundle.go:1899 +0x85 fp=0xc000203e08 sp=0xc000203d60 pc=0x7ff6a9e5e0c5
net/http.(*http2clientConnReadLoop).run(0xc000203f98)
C:/Program Files/Go/src/net/http/h2_bundle.go:9276 +0x11f fp=0xc000203f60 sp=0xc000203e08 pc=0x7ff6a9e6eb3f
net/http.(*http2ClientConn).readLoop(0xc000002180)
C:/Program Files/Go/src/net/http/h2_bundle.go:9171 +0x65 fp=0xc000203fc8 sp=0xc000203f60 pc=0x7ff6a9e6e0c5
net/http.(*http2Transport).newClientConn.func3()
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0x25 fp=0xc000203fe0 sp=0xc000203fc8 pc=0x7ff6a9e67885
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000203fe8 sp=0xc000203fe0 pc=0x7ff6a9cb8441
created by net/http.(*http2Transport).newClientConn in goroutine 11
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0xcbe
goroutine 50 [GC worker (idle)]:
runtime.gopark(0x58b13652ab8?, 0xc000057fd0?, 0x2b?, 0x82?, 0xc000057fb0?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000057f50 sp=0xc000057f30 pc=0x7ff6a9c8b34e
runtime.gcBgMarkWorker()
C:/Program Files/Go/src/runtime/mgc.go:1293 +0xe5 fp=0xc000057fe0 sp=0xc000057f50 pc=0x7ff6a9c6c645
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000057fe8 sp=0xc000057fe0 pc=0x7ff6a9cb8441
created by runtime.gcBgMarkStartWorkers in goroutine 1
C:/Program Files/Go/src/runtime/mgc.go:1217 +0x1c
goroutine 23 [IO wait, 1 minutes]:
runtime.gopark(0x0?, 0xc0000ca018?, 0xc8?, 0xa0?, 0xc0000ca048?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc0001af548 sp=0xc0001af528 pc=0x7ff6a9c8b34e
runtime.netpollblock(0x0?, 0xa9c54f06?, 0xf6?)
C:/Program Files/Go/src/runtime/netpoll.go:564 +0xf7 fp=0xc0001af580 sp=0xc0001af548 pc=0x7ff6a9c82377
internal/poll.runtime_pollWait(0x22cca7e7e28, 0x72)
C:/Program Files/Go/src/runtime/netpoll.go:343 +0x85 fp=0xc0001af5a0 sp=0xc0001af580 pc=0x7ff6a9cb24e5
internal/poll.(*pollDesc).wait(0xc000084340?, 0xc0001af610?, 0x0)
C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x27 fp=0xc0001af5c8 sp=0xc0001af5a0 pc=0x7ff6a9d10e87
internal/poll.execIO(0xc0000ca018, 0x7ff6aa1850a8)
C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe6 fp=0xc0001af638 sp=0xc0001af5c8 pc=0x7ff6a9d115a6
internal/poll.(*FD).Read(0xc0000ca000, {0xc0000d2000, 0x1500, 0x1500})
C:/Program Files/Go/src/internal/poll/fd_windows.go:436 +0x2b1 fp=0xc0001af6e0 sp=0xc0001af638 pc=0x7ff6a9d12251
net.(*netFD).Read(0xc0000ca000, {0xc0000d2000?, 0xc0001af7d0?, 0x7ff6a9cf6674?})
C:/Program Files/Go/src/net/fd_posix.go:55 +0x25 fp=0xc0001af728 sp=0xc0001af6e0 pc=0x7ff6a9db7325
net.(*conn).Read(0xc00004a120, {0xc0000d2000?, 0xc0001af7f8?, 0x7ff6a9deaf86?})
C:/Program Files/Go/src/net/net.go:179 +0x45 fp=0xc0001af770 sp=0xc0001af728 pc=0x7ff6a9dc2405
net.(*TCPConn).Read(0xc0001af808?, {0xc0000d2000?, 0xc00008a9d8?, 0x18?})
<autogenerated>:1 +0x25 fp=0xc0001af7a0 sp=0xc0001af770 pc=0x7ff6a9dcb625
crypto/tls.(*atLeastReader).Read(0xc00008a9d8, {0xc0000d2000?, 0xc00008a9d8?, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:805 +0x3b fp=0xc0001af7e8 sp=0xc0001af7a0 pc=0x7ff6a9dfeb3b
bytes.(*Buffer).ReadFrom(0xc00014f7a8, {0x7ff6aa1e14e0, 0xc00008a9d8})
C:/Program Files/Go/src/bytes/buffer.go:211 +0x98 fp=0xc0001af840 sp=0xc0001af7e8 pc=0x7ff6a9d298f8
crypto/tls.(*Conn).readFromUntil(0xc00014f500, {0x22cca7e8018?, 0xc00004a120}, 0xc0000ca0e8?)
C:/Program Files/Go/src/crypto/tls/conn.go:827 +0xde fp=0xc0001af880 sp=0xc0001af840 pc=0x7ff6a9dfed1e
crypto/tls.(*Conn).readRecordOrCCS(0xc00014f500, 0x0)
C:/Program Files/Go/src/crypto/tls/conn.go:625 +0x250 fp=0xc0001afc20 sp=0xc0001af880 pc=0x7ff6a9dfc2f0
crypto/tls.(*Conn).readRecord(...)
C:/Program Files/Go/src/crypto/tls/conn.go:587
crypto/tls.(*Conn).Read(0xc00014f500, {0xc0000fd000, 0x1000, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:1369 +0x158 fp=0xc0001afc90 sp=0xc0001afc20 pc=0x7ff6a9e025b8
bufio.(*Reader).Read(0xc000089d40, {0xc0000e8580, 0x9, 0x7ff6a9e92ace?})
C:/Program Files/Go/src/bufio/bufio.go:244 +0x197 fp=0xc0001afcc8 sp=0xc0001afc90 pc=0x7ff6a9e2d337
io.ReadAtLeast({0x7ff6aa1e0e80, 0xc000089d40}, {0xc0000e8580, 0x9, 0x9}, 0x9)
C:/Program Files/Go/src/io/io.go:335 +0x90 fp=0xc0001afd10 sp=0xc0001afcc8 pc=0x7ff6a9ceab30
io.ReadFull(...)
C:/Program Files/Go/src/io/io.go:354
net/http.http2readFrameHeader({0xc0000e8580, 0x9, 0x7ff6a9e730b2?}, {0x7ff6aa1e0e80?, 0xc000089d40?})
C:/Program Files/Go/src/net/http/h2_bundle.go:1635 +0x65 fp=0xc0001afd60 sp=0xc0001afd10 pc=0x7ff6a9e5da45
net/http.(*http2Framer).ReadFrame(0xc0000e8540)
C:/Program Files/Go/src/net/http/h2_bundle.go:1899 +0x85 fp=0xc0001afe08 sp=0xc0001afd60 pc=0x7ff6a9e5e0c5
net/http.(*http2clientConnReadLoop).run(0xc0001aff98)
C:/Program Files/Go/src/net/http/h2_bundle.go:9276 +0x11f fp=0xc0001aff60 sp=0xc0001afe08 pc=0x7ff6a9e6eb3f
net/http.(*http2ClientConn).readLoop(0xc0000fa000)
C:/Program Files/Go/src/net/http/h2_bundle.go:9171 +0x65 fp=0xc0001affc8 sp=0xc0001aff60 pc=0x7ff6a9e6e0c5
net/http.(*http2Transport).newClientConn.func3()
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0x25 fp=0xc0001affe0 sp=0xc0001affc8 pc=0x7ff6a9e67885
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0001affe8 sp=0xc0001affe0 pc=0x7ff6a9cb8441
created by net/http.(*http2Transport).newClientConn in goroutine 22
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0xcbe
goroutine 31 [IO wait, 1 minutes]:
runtime.gopark(0x0?, 0xc0000ca518?, 0xc8?, 0xa5?, 0xc0000ca548?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000207548 sp=0xc000207528 pc=0x7ff6a9c8b34e
runtime.netpollblock(0xc0002075e8?, 0xa9c54f06?, 0xf6?)
C:/Program Files/Go/src/runtime/netpoll.go:564 +0xf7 fp=0xc000207580 sp=0xc000207548 pc=0x7ff6a9c82377
internal/poll.runtime_pollWait(0x22cca7e7d30, 0x72)
C:/Program Files/Go/src/runtime/netpoll.go:343 +0x85 fp=0xc0002075a0 sp=0xc000207580 pc=0x7ff6a9cb24e5
internal/poll.(*pollDesc).wait(0x2285c48063c0501?, 0xa?, 0x0)
C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x27 fp=0xc0002075c8 sp=0xc0002075a0 pc=0x7ff6a9d10e87
internal/poll.execIO(0xc0000ca518, 0x7ff6aa1850a8)
C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe6 fp=0xc000207638 sp=0xc0002075c8 pc=0x7ff6a9d115a6
internal/poll.(*FD).Read(0xc0000ca500, {0xc000216000, 0xd80, 0xd80})
C:/Program Files/Go/src/internal/poll/fd_windows.go:436 +0x2b1 fp=0xc0002076e0 sp=0xc000207638 pc=0x7ff6a9d12251
net.(*netFD).Read(0xc0000ca500, {0xc000216000?, 0xc000216154?, 0x1a?})
C:/Program Files/Go/src/net/fd_posix.go:55 +0x25 fp=0xc000207728 sp=0xc0002076e0 pc=0x7ff6a9db7325
net.(*conn).Read(0xc0000aa0c0, {0xc000216000?, 0xc000207838?, 0xc0000ee8b8?})
C:/Program Files/Go/src/net/net.go:179 +0x45 fp=0xc000207770 sp=0xc000207728 pc=0x7ff6a9dc2405
net.(*TCPConn).Read(0xc000207808?, {0xc000216000?, 0xc00008aa50?, 0x18?})
<autogenerated>:1 +0x25 fp=0xc0002077a0 sp=0xc000207770 pc=0x7ff6a9dcb625
crypto/tls.(*atLeastReader).Read(0xc00008aa50, {0xc000216000?, 0xc00008aa50?, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:805 +0x3b fp=0xc0002077e8 sp=0xc0002077a0 pc=0x7ff6a9dfeb3b
bytes.(*Buffer).ReadFrom(0xc0000ee9a8, {0x7ff6aa1e14e0, 0xc00008aa50})
C:/Program Files/Go/src/bytes/buffer.go:211 +0x98 fp=0xc000207840 sp=0xc0002077e8 pc=0x7ff6a9d298f8
crypto/tls.(*Conn).readFromUntil(0xc0000ee700, {0x22cca7e8018?, 0xc0000aa0c0}, 0xc31?)
C:/Program Files/Go/src/crypto/tls/conn.go:827 +0xde fp=0xc000207880 sp=0xc000207840 pc=0x7ff6a9dfed1e
crypto/tls.(*Conn).readRecordOrCCS(0xc0000ee700, 0x0)
C:/Program Files/Go/src/crypto/tls/conn.go:625 +0x250 fp=0xc000207c20 sp=0xc000207880 pc=0x7ff6a9dfc2f0
crypto/tls.(*Conn).readRecord(...)
C:/Program Files/Go/src/crypto/tls/conn.go:587
crypto/tls.(*Conn).Read(0xc0000ee700, {0xc000233000, 0x1000, 0x7ff6a9e71ba5?})
C:/Program Files/Go/src/crypto/tls/conn.go:1369 +0x158 fp=0xc000207c90 sp=0xc000207c20 pc=0x7ff6a9e025b8
bufio.(*Reader).Read(0xc000230480, {0xc0000e8ac0, 0x9, 0x7ff6aa075110?})
C:/Program Files/Go/src/bufio/bufio.go:244 +0x197 fp=0xc000207cc8 sp=0xc000207c90 pc=0x7ff6a9e2d337
io.ReadAtLeast({0x7ff6aa1e0e80, 0xc000230480}, {0xc0000e8ac0, 0x9, 0x9}, 0x9)
C:/Program Files/Go/src/io/io.go:335 +0x90 fp=0xc000207d10 sp=0xc000207cc8 pc=0x7ff6a9ceab30
io.ReadFull(...)
C:/Program Files/Go/src/io/io.go:354
net/http.http2readFrameHeader({0xc0000e8ac0, 0x9, 0xc00022aa50?}, {0x7ff6aa1e0e80?, 0xc000230480?})
C:/Program Files/Go/src/net/http/h2_bundle.go:1635 +0x65 fp=0xc000207d60 sp=0xc000207d10 pc=0x7ff6a9e5da45
net/http.(*http2Framer).ReadFrame(0xc0000e8a80)
C:/Program Files/Go/src/net/http/h2_bundle.go:1899 +0x85 fp=0xc000207e08 sp=0xc000207d60 pc=0x7ff6a9e5e0c5
net/http.(*http2clientConnReadLoop).run(0xc000207f98)
C:/Program Files/Go/src/net/http/h2_bundle.go:9276 +0x11f fp=0xc000207f60 sp=0xc000207e08 pc=0x7ff6a9e6eb3f
net/http.(*http2ClientConn).readLoop(0xc0000fa300)
C:/Program Files/Go/src/net/http/h2_bundle.go:9171 +0x65 fp=0xc000207fc8 sp=0xc000207f60 pc=0x7ff6a9e6e0c5
net/http.(*http2Transport).newClientConn.func3()
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0x25 fp=0xc000207fe0 sp=0xc000207fc8 pc=0x7ff6a9e67885
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000207fe8 sp=0xc000207fe0 pc=0x7ff6a9cb8441
created by net/http.(*http2Transport).newClientConn in goroutine 30
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0xcbe
goroutine 56 [IO wait, 1 minutes]:
runtime.gopark(0x0?, 0xc0000cac98?, 0x48?, 0xad?, 0xc0000cacc8?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc0001b3548 sp=0xc0001b3528 pc=0x7ff6a9c8b34e
runtime.netpollblock(0xc0001b35f0?, 0xa9c54f06?, 0xf6?)
C:/Program Files/Go/src/runtime/netpoll.go:564 +0xf7 fp=0xc0001b3580 sp=0xc0001b3548 pc=0x7ff6a9c82377
internal/poll.runtime_pollWait(0x22cca7e7c38, 0x72)
C:/Program Files/Go/src/runtime/netpoll.go:343 +0x85 fp=0xc0001b35a0 sp=0xc0001b3580 pc=0x7ff6a9cb24e5
internal/poll.(*pollDesc).wait(0x0?, 0x1113?, 0x0)
C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x27 fp=0xc0001b35c8 sp=0xc0001b35a0 pc=0x7ff6a9d10e87
internal/poll.execIO(0xc0000cac98, 0x7ff6aa1850a8)
C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe6 fp=0xc0001b3638 sp=0xc0001b35c8 pc=0x7ff6a9d115a6
internal/poll.(*FD).Read(0xc0000cac80, {0xc0000d3500, 0x1500, 0x1500})
C:/Program Files/Go/src/internal/poll/fd_windows.go:436 +0x2b1 fp=0xc0001b36e0 sp=0xc0001b3638 pc=0x7ff6a9d12251
net.(*netFD).Read(0xc0000cac80, {0xc0000d3500?, 0x7ff6a9c78c20?, 0x7ff6aa412640?})
C:/Program Files/Go/src/net/fd_posix.go:55 +0x25 fp=0xc0001b3728 sp=0xc0001b36e0 pc=0x7ff6a9db7325
net.(*conn).Read(0xc00004a000, {0xc0000d3500?, 0x7ff6a9c72585?, 0x22cca7a1c40?})
C:/Program Files/Go/src/net/net.go:179 +0x45 fp=0xc0001b3770 sp=0xc0001b3728 pc=0x7ff6a9dc2405
net.(*TCPConn).Read(0xc0001b3808?, {0xc0000d3500?, 0xc0000082d0?, 0x18?})
<autogenerated>:1 +0x25 fp=0xc0001b37a0 sp=0xc0001b3770 pc=0x7ff6a9dcb625
crypto/tls.(*atLeastReader).Read(0xc0000082d0, {0xc0000d3500?, 0xc0000082d0?, 0x0?})
C:/Program Files/Go/src/crypto/tls/conn.go:805 +0x3b fp=0xc0001b37e8 sp=0xc0001b37a0 pc=0x7ff6a9dfeb3b
bytes.(*Buffer).ReadFrom(0xc0000ef428, {0x7ff6aa1e14e0, 0xc0000082d0})
C:/Program Files/Go/src/bytes/buffer.go:211 +0x98 fp=0xc0001b3840 sp=0xc0001b37e8 pc=0x7ff6a9d298f8
crypto/tls.(*Conn).readFromUntil(0xc0000ef180, {0x22cca7e8018?, 0xc00004a000}, 0x0?)
C:/Program Files/Go/src/crypto/tls/conn.go:827 +0xde fp=0xc0001b3880 sp=0xc0001b3840 pc=0x7ff6a9dfed1e
crypto/tls.(*Conn).readRecordOrCCS(0xc0000ef180, 0x0)
C:/Program Files/Go/src/crypto/tls/conn.go:625 +0x250 fp=0xc0001b3c20 sp=0xc0001b3880 pc=0x7ff6a9dfc2f0
crypto/tls.(*Conn).readRecord(...)
C:/Program Files/Go/src/crypto/tls/conn.go:587
crypto/tls.(*Conn).Read(0xc0000ef180, {0xc0000c3000, 0x1000, 0x7ff6a9e71ba5?})
C:/Program Files/Go/src/crypto/tls/conn.go:1369 +0x158 fp=0xc0001b3c90 sp=0xc0001b3c20 pc=0x7ff6a9e025b8
bufio.(*Reader).Read(0xc000230ba0, {0xc0000e8c80, 0x9, 0x7ff6aa075110?})
C:/Program Files/Go/src/bufio/bufio.go:244 +0x197 fp=0xc0001b3cc8 sp=0xc0001b3c90 pc=0x7ff6a9e2d337
io.ReadAtLeast({0x7ff6aa1e0e80, 0xc000230ba0}, {0xc0000e8c80, 0x9, 0x9}, 0x9)
C:/Program Files/Go/src/io/io.go:335 +0x90 fp=0xc0001b3d10 sp=0xc0001b3cc8 pc=0x7ff6a9ceab30
io.ReadFull(...)
C:/Program Files/Go/src/io/io.go:354
net/http.http2readFrameHeader({0xc0000e8c80, 0x9, 0x1a42a0?}, {0x7ff6aa1e0e80?, 0xc000230ba0?})
C:/Program Files/Go/src/net/http/h2_bundle.go:1635 +0x65 fp=0xc0001b3d60 sp=0xc0001b3d10 pc=0x7ff6a9e5da45
net/http.(*http2Framer).ReadFrame(0xc0000e8c40)
C:/Program Files/Go/src/net/http/h2_bundle.go:1899 +0x85 fp=0xc0001b3e08 sp=0xc0001b3d60 pc=0x7ff6a9e5e0c5
net/http.(*http2clientConnReadLoop).run(0xc0001b3f98)
C:/Program Files/Go/src/net/http/h2_bundle.go:9276 +0x11f fp=0xc0001b3f60 sp=0xc0001b3e08 pc=0x7ff6a9e6eb3f
net/http.(*http2ClientConn).readLoop(0xc0000fa180)
C:/Program Files/Go/src/net/http/h2_bundle.go:9171 +0x65 fp=0xc0001b3fc8 sp=0xc0001b3f60 pc=0x7ff6a9e6e0c5
net/http.(*http2Transport).newClientConn.func3()
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0x25 fp=0xc0001b3fe0 sp=0xc0001b3fc8 pc=0x7ff6a9e67885
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0001b3fe8 sp=0xc0001b3fe0 pc=0x7ff6a9cb8441
created by net/http.(*http2Transport).newClientConn in goroutine 55
C:/Program Files/Go/src/net/http/h2_bundle.go:7843 +0xcbe
goroutine 78 [chan send]:
runtime.gopark(0xc000230e40?, 0xc00005a540?, 0x98?, 0x3c?, 0xc000177c88?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc0005d3c38 sp=0xc0005d3c18 pc=0x7ff6a9c8b34e
runtime.chansend(0xc0001a81e0, 0xc0005d3d78, 0x1, 0xc00004a101?)
C:/Program Files/Go/src/runtime/chan.go:259 +0x3a5 fp=0xc0005d3ca8 sp=0xc0005d3c38 pc=0x7ff6a9c56b85
runtime.chansend1(0xc00012cd00?, 0x6b6e6843666c45?)
C:/Program Files/Go/src/runtime/chan.go:145 +0x17 fp=0xc0005d3cd8 sp=0xc0005d3ca8 pc=0x7ff6a9c567d7
github.com/0xrawsec/golang-evtx/evtx.(*File).Events.func1()
C:/Users/Rancio/go/pkg/mod/github.com/0xrawsec/golang-evtx@v1.2.9/evtx/evtx.go:380 +0x2df fp=0xc0005d3fe0 sp=0xc0005d3cd8 pc=0x7ff6a9f0afff
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0005d3fe8 sp=0xc0005d3fe0 pc=0x7ff6a9cb8441
created by github.com/0xrawsec/golang-evtx/evtx.(*File).Events in goroutine 1
C:/Users/Rancio/go/pkg/mod/github.com/0xrawsec/golang-evtx@v1.2.9/evtx/evtx.go:371 +0xb1
goroutine 80 [chan send]:
runtime.gopark(0xc000088060?, 0xc00005a660?, 0x0?, 0x60?, 0xc000211f20?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000211ed0 sp=0xc000211eb0 pc=0x7ff6a9c8b34e
runtime.chansend(0xc000086f60, 0xc000211fa8, 0x1, 0x0?)
C:/Program Files/Go/src/runtime/chan.go:259 +0x3a5 fp=0xc000211f40 sp=0xc000211ed0 pc=0x7ff6a9c56b85
runtime.chansend1(0xc0001a8000?, 0x0?)
C:/Program Files/Go/src/runtime/chan.go:145 +0x17 fp=0xc000211f70 sp=0xc000211f40 pc=0x7ff6a9c567d7
github.com/0xrawsec/golang-utils/datastructs.(*SortedSlice).ReversedIter.func1()
C:/Users/Rancio/go/pkg/mod/github.com/0xrawsec/golang-utils@v1.3.0/datastructs/sortedslice.go:116 +0x9e fp=0xc000211fe0 sp=0xc000211f70 pc=0x7ff6a9f069fe
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000211fe8 sp=0xc000211fe0 pc=0x7ff6a9cb8441
created by github.com/0xrawsec/golang-utils/datastructs.(*SortedSlice).ReversedIter in goroutine 79
C:/Users/Rancio/go/pkg/mod/github.com/0xrawsec/golang-utils@v1.3.0/datastructs/sortedslice.go:112 +0x11e
goroutine 79 [chan send]:
runtime.gopark(0xc00005a660?, 0xc000088060?, 0x30?, 0x0?, 0xc000213d98?)
C:/Program Files/Go/src/runtime/proc.go:398 +0xce fp=0xc000213d40 sp=0xc000213d20 pc=0x7ff6a9c8b34e
runtime.chansend(0xc000086f00, 0xc000213f48, 0x1, 0xc00004a101?)
C:/Program Files/Go/src/runtime/chan.go:259 +0x3a5 fp=0xc000213db0 sp=0xc000213d40 pc=0x7ff6a9c56b85
runtime.chansend1(0xc0011fa408?, 0x0?)
C:/Program Files/Go/src/runtime/chan.go:145 +0x17 fp=0xc000213de0 sp=0xc000213db0 pc=0x7ff6a9c567d7
github.com/0xrawsec/golang-evtx/evtx.(*File).Chunks.func1()
C:/Users/Rancio/go/pkg/mod/github.com/0xrawsec/golang-evtx@v1.2.9/evtx/evtx.go:259 +0x22b fp=0xc000213fe0 sp=0xc000213de0 pc=0x7ff6a9f0ab2b
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000213fe8 sp=0xc000213fe0 pc=0x7ff6a9cb8441
created by github.com/0xrawsec/golang-evtx/evtx.(*File).Chunks in goroutine 78
C:/Users/Rancio/go/pkg/mod/github.com/0xrawsec/golang-evtx@v1.2.9/evtx/evtx.go:245 +0x139
To be honest, I believe that between the times I tried to fix the errors unsuccessfully and the bad build practices, I may have broken something in Golang in general. I'm going to reinstall the language and its apps to test it out, and I'll let you know if it worked.
RRancio commented
After the Golang and Yara reinstalation with no issues, the process scan works perfectly, thank you so much for your patience and effort to help me
te quiero hillu
hillu commented
Glad that it works now. The underlying issue has been fixed in YARA's master branch and will be part of the next proper release.