WebDBG/api/analyze.js at 3d712ddc09d42a558a73a7d7eb8925d156dc525c · r-Techsupport/WebDBG · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
import fs from 'fs';
import path from 'path';
import { exec } from 'child_process';
import winston from 'winston';
import postProcessResults from './post-process.js'; // Corrected import path

// Configure Winston logger
const logger = winston.createLogger({
    level: 'info',
    format: winston.format.combine(
        winston.format.timestamp(),
        winston.format.json()
    ),
    transports: [
        new winston.transports.Console(),
        new winston.transports.File({ filename: 'app.log' })
    ]
});

// Define the parser
const parser = 'cdb.exe';

// Run the debugger over the dmp file and report errors should failure occur
const processDmpObject = (dmp) => {
    return new Promise((resolve) => {
        logger.info(`Analysis started on ${dmp}`)
        const command = `-z ${dmp} -c "k; !analyze -v ; q"`;

        exec(`${parser} ${command}`, (error, stdout, stderr) => {
            if (error) {
                logger.error(`Error during analysis: ${error.message}`);
                return;
            }
            if (stderr) {
                logger.warn(`Warnings during analysis: ${stderr}`);
            }
            resolve(stdout);
        });
    });
};

// Split the raw content provided by processDmpObject
const processResult = (dmp, rawContent) => {
    // Splitting the content
    let splits = rawContent.split('------------------');
    splits = splits.flatMap(split => split.split('STACK_TEXT:'));

    // Post-Processing
    if (splits.length !== 2 && splits.length !== 3) {
        throw new Error("Abnormal file cannot be post-processed");
    }

    // Pulling dmp info
    const infos = splits[0].split('Bugcheck Analysis');
    const dirtyDmpInfo0 = infos[0].split("Copyright (c) Microsoft Corporation. All rights reserved.");
    const dirtyDmpInfo1 = dirtyDmpInfo0[1].split("Loading Kernel Symbols");
    const dmpInfo = dirtyDmpInfo1[0].trim();

    // Pulling Bugcheck Analysis
    const analysisLines = infos[1].split('\n').filter(line => !line.includes('*') && !line.includes("Debugging Details:"));
    const analysis = analysisLines.join('\n').trim();

    // Extract human name and code, e.g. "MEMORY_MANAGEMENT (1a)"
    // bugcheckHuman => "MEMORY_MANAGEMENT", bugcheck => "1a"
    let bugcheckHuman = null;
    let bugcheck = null;
    const bcMatch = analysis.match(/^\s*([A-Za-z0-9 _-]+?)\s*\(\s*([0-9A-Fa-fx]+)\s*\)/m);
    if (bcMatch) {
        bugcheckHuman = bcMatch[1].trim();
        bugcheck = bcMatch[2].trim();
    } else {
        // fallback: capture any code-like value in parentheses
        const bugcheckOnlyMatch = analysis.match(/\(([0-9A-Fa-fx]+)\)/);
        if (bugcheckOnlyMatch) bugcheck = bugcheckOnlyMatch[1].trim();
    }

    // Arguments like: Arg1: 00000000...
    const argMatches = analysis.match(/Arg\d:\s*([0-9a-fA-Fx]+)/g);
    const args = argMatches ? argMatches.map(arg => arg.split(':')[1].trim()) : [];

    logger.info(`Bugcheck: ${bugcheck} (${bugcheckHuman || 'unknown'}), Args: ${args}`);

    // Output object creation
    const output = {
        dmp: dmp, // Include the dmp file path
        dmpInfo: dmpInfo,
        analysis: analysis,
        bugcheck: bugcheck,
        bugcheckHuman: bugcheckHuman,
        args: args,
        rawContent: rawContent
    };

    return output;
};

// Execute the analysis and processing over the single dmp or a directory of dmps
const Analyze = async (target) => {
    const dmpArray = [];
    const statPath = fs.statSync(target);

    if (!statPath.isDirectory()) {
        const dmp = path.resolve(target);
        const result = await processDmpObject(dmp);
        const processedResult = processResult(dmp, result);
        dmpArray.push(processedResult);
    } else { // Run a job for every dmp file found, this drastically reduces processing time
        const files = fs.readdirSync(target).filter(file => file.endsWith('.dmp'));
        const promises = files.map(async (file) => {
            const dmp = path.resolve(target, file);
            const result = await processDmpObject(dmp);
            // Add dmpName only for zip (directory) case
            const processedResult = processResult(dmp, result);
            processedResult.dmpName = path.basename(dmp);
            return processedResult;
        });
        const results = await Promise.all(promises);
        dmpArray.push(...results);
    }

    // Call the postProcessResults function with the parser
    const postProcessedResults = await postProcessResults(dmpArray, parser);

    return JSON.stringify(postProcessedResults);
};

export default Analyze;