From 9809602c35206872257cc78df9b637cbfd52a6ed Mon Sep 17 00:00:00 2001
From: hugsy <crazy.hugsy@outlook.com>
Date: Mon, 4 Mar 2024 13:28:51 -0800
Subject: [PATCH 1/5] fix  #27

---
 src/lib/kdmp-parser.h | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/lib/kdmp-parser.h b/src/lib/kdmp-parser.h
index 7bb21cd..6d5d2ae 100644
--- a/src/lib/kdmp-parser.h
+++ b/src/lib/kdmp-parser.h
@@ -585,6 +585,8 @@ class KernelDumpParser {
     uint8_t *Page = nullptr;
     uint64_t MetadataSize = 0;
     uint8_t *Bitmap = nullptr;
+    uint64_t TotalNumberOfPages{};
+    uint64_t CurrentPageCount{};
 
     switch (Type) {
     case DumpType_t::KernelMemoryDump:
@@ -597,10 +599,11 @@ class KernelDumpParser {
     }
 
     case DumpType_t::CompleteMemoryDump: {
-      FirstPageOffset = DmpHdr_->u3.RdmpHeader.Hdr.FirstPageOffset;
+      FirstPageOffset = DmpHdr_->u3.FullRdmpHeader.Hdr.FirstPageOffset;
       Page = (uint8_t *)DmpHdr_ + FirstPageOffset;
       MetadataSize = DmpHdr_->u3.FullRdmpHeader.Hdr.MetadataSize;
       Bitmap = DmpHdr_->u3.FullRdmpHeader.Bitmap.data();
+      TotalNumberOfPages = DmpHdr_->u3.FullRdmpHeader.TotalNumberOfPages;
       break;
     }
 
@@ -626,13 +629,32 @@ class KernelDumpParser {
       uint64_t NumberOfPages;
     };
 
+    // Sanity check
+    if (MetadataSize % sizeof(PfnRange)) {
+      // printf("MetadataSize field is invalid, value=%llx\r\n", MetadataSize);
+      return false;
+    }
+
     for (uint64_t Offset = 0; Offset < MetadataSize;
          Offset += sizeof(PfnRange)) {
+
+      if (Type == DumpType_t::CompleteMemoryDump) {
+        // `CompleteMemoryDump` type seems to be bound by the
+        // `TotalNumberOfPages` field, *not* by `MetadataSize`
+        if (CurrentPageCount == TotalNumberOfPages) // [[unlikely]]
+          break;
+
+        if (CurrentPageCount > TotalNumberOfPages)
+          return false;
+      }
+
       const PfnRange &Entry = (PfnRange &)Bitmap[Offset];
       if (!FileMap_.InBounds(&Entry, sizeof(Entry))) {
         return false;
       }
 
+      CurrentPageCount += Entry.NumberOfPages;
+
       const uint64_t Pfn = Entry.PageFileNumber;
       if (!Pfn) {
         break;

From e1f3e345473d51da74b86176c3b4e88475932dc5 Mon Sep 17 00:00:00 2001
From: hugsy <crazy.hugsy@outlook.com>
Date: Mon, 4 Mar 2024 13:42:06 -0800
Subject: [PATCH 2/5] removed debug print

---
 src/lib/kdmp-parser.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/lib/kdmp-parser.h b/src/lib/kdmp-parser.h
index 6d5d2ae..af582df 100644
--- a/src/lib/kdmp-parser.h
+++ b/src/lib/kdmp-parser.h
@@ -631,7 +631,6 @@ class KernelDumpParser {
 
     // Sanity check
     if (MetadataSize % sizeof(PfnRange)) {
-      // printf("MetadataSize field is invalid, value=%llx\r\n", MetadataSize);
       return false;
     }
 

From cda1d93a39ab98d89c307e86668a169db20d2e0d Mon Sep 17 00:00:00 2001
From: hugsy <crazy.hugsy@outlook.com>
Date: Mon, 4 Mar 2024 13:42:22 -0800
Subject: [PATCH 3/5] `unlikely` is c++20+

---
 src/lib/kdmp-parser.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/kdmp-parser.h b/src/lib/kdmp-parser.h
index af582df..6b4d657 100644
--- a/src/lib/kdmp-parser.h
+++ b/src/lib/kdmp-parser.h
@@ -640,7 +640,7 @@ class KernelDumpParser {
       if (Type == DumpType_t::CompleteMemoryDump) {
         // `CompleteMemoryDump` type seems to be bound by the
         // `TotalNumberOfPages` field, *not* by `MetadataSize`
-        if (CurrentPageCount == TotalNumberOfPages) // [[unlikely]]
+        if (CurrentPageCount == TotalNumberOfPages)
           break;
 
         if (CurrentPageCount > TotalNumberOfPages)

From 5cea1c0be2a1a69489cdf72452d4973cfd3b2e06 Mon Sep 17 00:00:00 2001
From: 0vercl0k <1476421+0vercl0k@users.noreply.github.com>
Date: Mon, 4 Mar 2024 18:04:48 -0800
Subject: [PATCH 4/5] nits

---
 README.md             |  1 +
 src/lib/kdmp-parser.h | 12 +++++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 292812f..27b3883 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@ The library supports loading 64-bit dumps and provides read access to things lik
 Compiled binaries are available in the [releases](https://github.com/0vercl0k/kdmp-parser/releases) section.
 
 Special thanks to:
+- [hugsy](https://github.com/hugsy) for numerous contributions: Python bindings, CI improvements, new dump types, etc.,
 - [yrp604](https://github.com/yrp604) for being knowledgeable about the format,
 - the [rekall](https://github.com/google/rekall) project and their [Python implementation](https://github.com/google/rekall/blob/master/rekall-core/rekall/plugins/overlays/windows/crashdump.py) (most of the structures in [kdmp-parser-structs.h](https://github.com/0vercl0k/kdmp-parser/blob/master/src/kdmp-parser/kdmp-parser-structs.h) have been adapted from it).
 
diff --git a/src/lib/kdmp-parser.h b/src/lib/kdmp-parser.h
index 6b4d657..c9a2be1 100644
--- a/src/lib/kdmp-parser.h
+++ b/src/lib/kdmp-parser.h
@@ -585,8 +585,8 @@ class KernelDumpParser {
     uint8_t *Page = nullptr;
     uint64_t MetadataSize = 0;
     uint8_t *Bitmap = nullptr;
-    uint64_t TotalNumberOfPages{};
-    uint64_t CurrentPageCount{};
+    uint64_t TotalNumberOfPages = 0;
+    uint64_t CurrentPageCount = 0;
 
     switch (Type) {
     case DumpType_t::KernelMemoryDump:
@@ -639,12 +639,14 @@ class KernelDumpParser {
 
       if (Type == DumpType_t::CompleteMemoryDump) {
         // `CompleteMemoryDump` type seems to be bound by the
-        // `TotalNumberOfPages` field, *not* by `MetadataSize`
-        if (CurrentPageCount == TotalNumberOfPages)
+        // `TotalNumberOfPages` field, *not* by `MetadataSize`.
+        if (CurrentPageCount == TotalNumberOfPages) {
           break;
+        }
 
-        if (CurrentPageCount > TotalNumberOfPages)
+        if (CurrentPageCount > TotalNumberOfPages) {
           return false;
+        }
       }
 
       const PfnRange &Entry = (PfnRange &)Bitmap[Offset];

From dc82d16be4620898b769110c0c5c9ba021cbbbd6 Mon Sep 17 00:00:00 2001
From: 0vercl0k <1476421+0vercl0k@users.noreply.github.com>
Date: Mon, 4 Mar 2024 18:07:57 -0800
Subject: [PATCH 5/5] nits

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 27b3883..caa2d54 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,8 @@ The library supports loading 64-bit dumps and provides read access to things lik
 Compiled binaries are available in the [releases](https://github.com/0vercl0k/kdmp-parser/releases) section.
 
 Special thanks to:
-- [hugsy](https://github.com/hugsy) for numerous contributions: Python bindings, CI improvements, new dump types, etc.,
+- [hugsy](https://github.com/hugsy) for numerous contributions: the new Python bindings, CI improvements, new dump types, etc.,
+- [masthoon](https://github.com/masthoon) for the initial version of the Python bindings,
 - [yrp604](https://github.com/yrp604) for being knowledgeable about the format,
 - the [rekall](https://github.com/google/rekall) project and their [Python implementation](https://github.com/google/rekall/blob/master/rekall-core/rekall/plugins/overlays/windows/crashdump.py) (most of the structures in [kdmp-parser-structs.h](https://github.com/0vercl0k/kdmp-parser/blob/master/src/kdmp-parser/kdmp-parser-structs.h) have been adapted from it).