Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

telescope : Error: TypeError: Cannot read properties of undefined (reading 'add') [at telescope (line 520 col 43)] #5

Closed
soiax opened this issue Oct 31, 2024 · 15 comments
Closed

telescope : Error: TypeError: Cannot read properties of undefined (reading 'add') [at telescope (line 520 col 43)] #5

soiax opened this issue Oct 31, 2024 · 15 comments

Comments

@soiax
Copy link

soiax commented Oct 31, 2024

Hi,

On latest windbg, with a foxit pdf reader TTD recording, only happens with TTD:

0:000> !telescope @ecx
Populating the VA space with modules..
Populating the VA space with TEBs & thread stacks..
Populating the VA space with the PEB..
Populating the VA space with TTD.Data.Heap..
Error: TypeError: Cannot read properties of undefined (reading 'add') [at telescope (line 520 col 43)]
@0vercl0k
Copy link
Owner

0vercl0k commented Nov 3, 2024

Thanks for the report - I am catching up on Github issues / PR so it might take a week or two before I get to this one but I'll get there :)

Cheers

@0vercl0k
Copy link
Owner

0vercl0k commented Nov 5, 2024

Hmmm I cannot reproduce the issue; could you open the TTD trace and run the following command: dx -r1 @$cursession.TTD.Data.Heap()[0].Address and let me know what you see?

Cheers

@soiax
Copy link
Author

soiax commented Nov 5, 2024

This :

0:000> !telescope @edx
Populating the VA space with modules..
Populating the VA space with TEBs & thread stacks..
Populating the VA space with the PEB..
Populating the VA space with TTD.Data.Heap..
Error: TypeError: Cannot read properties of undefined (reading 'add') [at telescope (line 520 col 43)]
0:000> dx -r1 @$cursession.TTD.Data.Heap()[0].Address
Error: Unspecified error (0x80004005)
0:000> dx -r1 @$cursession.TTD.Data.Heap()[0]
Error: Unspecified error (0x80004005)
0:000> dx -r1 @$cursession.TTD.Data.Heap()
@$cursession.TTD.Data.Heap()                
    [0x0]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x1]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x2]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x3]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x4]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x5]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]

If i load it with .scriptdebug it's:

0:000> !telescope @edx
Populating the VA space with modules..
Populating the VA space with TEBs & thread stacks..
Populating the VA space with the PEB..
Populating the VA space with TTD.Data.Heap..
>>> ****** SCRIPT BREAK telescope [Exception (first chance) 'TypeError: Cannot read properties of undefined (reading 'compareTo')'] ******
           Location: line = 1, column = 52
           Text: 

>>> Debug [telescope 1:52] >g
Error: TypeError: Cannot read properties of undefined (reading 'compareTo') [at telescope (line 241 col 25)]

@0vercl0k
Copy link
Owner

0vercl0k commented Nov 5, 2024 via email

@0vercl0k
Copy link
Owner

0vercl0k commented Nov 7, 2024

I can reproduce on a Wow64 trace:

0:000> dx @$cursession.TTD.Data.Heap()
@$cursession.TTD.Data.Heap()                
    [0x0]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x1]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x2]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x3]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x4]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
...

0:000> dx @$cursession.TTD.Data.Heap()[0]
Error: Unspecified error (0x80004005)

Will take a look in more details - hopefully I can do something about it.. 🤞🏽

Cheers

@0vercl0k
Copy link
Owner

0vercl0k commented Nov 8, 2024

Okay I looked into this tonight - I think the bug is in the HeapAnalysis.js file that is shipped with WinDbg (C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\TTD\Analyzers\HeapAnalysis.js).

The bug is here:

                return (c.Flags === undefined) || ((c.Flags & exemptedFlagMask) == 0);

The issue is Flags is a 64-bit number but being AND'd with a regular JavaScript integer so there's an implicit conversion which triggers the following exception: Error: 64 bit value loses precision on conversion to number.

You can patch the file by replacing the above line with the below:

                return (c.Flags === undefined) || ((c.Flags.convertToNumber() & exemptedFlagMask) == 0);

You can save the file in a different path, then .scriptunload C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\TTD\Analyzers\HeapAnalysis.js, scriptload c:\foo\PatchedHeapAnalysis.js then !telescope should work:

0:000> !telescope @esp
Populating the VA space with modules..
Populating the VA space with TEBs & thread stacks..
Populating the VA space with the PEB..
Populating the VA space with TTD.Data.Heap..
Populating the VA space with VirtualAllocated regions..
Populating the VA space with MappedViewOfFile regions..
0x00affa60|+0x0000: 0x00000000 (Unknown)
0x00affa64|+0x0004: 0x00affa70 (Stack) -> 0x0001003f (Unknown)
0x00affa68|+0x0008: 0x77550000 (ntdll.dll) -> 0x00905a4d (Unknown)
0x00affa6c|+0x000c: 0x00000000 (Unknown)
0x00affa70|+0x0010: 0x0001003f (Unknown)
0x00affa74|+0x0014: 0x00000000 (Unknown)
0x00affa78|+0x0018: 0x00000000 (Unknown)
0x00affa7c|+0x001c: 0x00000000 (Unknown)
0x00affa80|+0x0020: 0x00000000 (Unknown)
0x00affa84|+0x0024: 0x00000000 (Unknown)
@$telescope(@esp)

I'll try to get this bug reported to MSFT :)

Cheers

@soiax
Copy link
Author

soiax commented Nov 8, 2024

Yeah that fixes it :)

But for some addresses there is a similar conversion error :


0:000> !telescope @ecx
Populating the VA space with modules..
Populating the VA space with TEBs & thread stacks..
Populating the VA space with the PEB..
Populating the VA space with TTD.Data.Heap..
Populating the VA space with VirtualAllocated regions..
Populating the VA space with MappedViewOfFile regions..
Error: Error: 64 bit value loses precision on conversion to number [at telescope (line 572 col 29)]

@soiax
Copy link
Author

soiax commented Nov 8, 2024

Sometimes it kills the whole enghost.exe btw. So probably windbg bug again.

@0vercl0k
Copy link
Owner

0vercl0k commented Nov 8, 2024 via email

@0vercl0k
Copy link
Owner

If you replace the below:

    const OrderedHits = Hits.sort(
        p => p.Size
    );

By:

    const OrderedHits = Hits.sort(
        p => p.Size.convertToNumber()
    );

Does it fix your issue above?

Sorry for the delayed answer!

Cheers

@soiax
Copy link
Author

soiax commented Nov 17, 2024

Yes it fixes it.
Thanks

@0vercl0k
Copy link
Owner

0vercl0k commented Nov 17, 2024 via email

0vercl0k added a commit that referenced this issue Nov 24, 2024
@0vercl0k
turn all constants as Int64 & use compareTo instead of default comp…
b15349e 
…araison operator (fix #5)
@0vercl0k
Copy link
Owner

Sorry for the delay on this - @soiax are you able to try out #6 to make sure it also works on your trace? Will merge once I get your 👍🏽

Cheers

@soiax
Copy link
Author

soiax commented Nov 28, 2024

It works :)
With the heapanalysis.js patch, i see no errors.

I reported the windbg errors to MS here :
microsoftfeedback/WinDbg-Feedback#247

Thanks :)

@0vercl0k
Copy link
Owner

Amazing idea! I emailed but I have gotten no answer / ack, so probably best to use their GitHub, I subscribed to the issue :)

Let's merge this then.

Thanks for the report again!

Cheers

@0vercl0k 0vercl0k mentioned this issue Dec 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0vercl0k @soiax