@cheatron/native-mock 1.0.0

package/dist/os/kernel.d.ts

@@ -0,0 +1,18 @@
+import { SimulatedProcess } from './process';
+import { HandleObject } from './handles';
+import * as D from 'win32-def';
+export declare class Kernel {
+    static instance: Kernel;
+    private processes;
+    private nextPid;
+    currentProcess: SimulatedProcess;
+    constructor();
+    private createSystemProcess;
+    createProcess(name: string): SimulatedProcess;
+    getProcess(pid: number): SimulatedProcess | undefined;
+    OpenProcess(dwDesiredAccess: number, bInheritHandle: boolean, dwProcessId: number): D.HANDLE;
+    CloseHandle(hObject: D.HANDLE): boolean;
+    getObjectFromHandle(handle: D.HANDLE): HandleObject | undefined;
+}
+export declare const kernel: Kernel;
+//# sourceMappingURL=kernel.d.ts.map

package/dist/os/kernel.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../../src/os/kernel.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,KAAK,CAAC,MAAM,WAAW,CAAC;AAE/B,qBAAa,MAAM;IACjB,OAAc,QAAQ,EAAE,MAAM,CAAC;IAE/B,OAAO,CAAC,SAAS,CAA4C;IAC7D,OAAO,CAAC,OAAO,CAAa;IAGrB,cAAc,EAAE,gBAAgB,CAAC;;IAaxC,OAAO,CAAC,mBAAmB;IAKpB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB;IAQ7C,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAMrD,WAAW,CAChB,eAAe,EAAE,MAAM,EACvB,cAAc,EAAE,OAAO,EACvB,WAAW,EAAE,MAAM,GAClB,CAAC,CAAC,MAAM;IAeJ,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,GAAG,OAAO;IAKvC,mBAAmB,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,GAAG,YAAY,GAAG,SAAS;CAGvE;AAGD,eAAO,MAAM,MAAM,QAAe,CAAC"}

package/dist/os/kernel.js

@@ -0,0 +1,50 @@
+import { SimulatedProcess } from './process';
+export class Kernel {
+    static instance;
+    processes = new Map();
+    nextPid = 4; // System processes start low
+    // The process that is "executing" the API calls (e.g. the test runner or the cheat tool)
+    currentProcess;
+    constructor() {
+        Kernel.instance = this;
+        // Bootstrapping: Create a "System" process and "Current" process
+        this.createSystemProcess();
+        // The "Current Process" is the one running the tests/code.
+        // We simulate it as a process so it can have a Handle Table.
+        this.currentProcess = new SimulatedProcess(9999, 'CurrentTestRunner.exe');
+        this.processes.set(this.currentProcess.id, this.currentProcess);
+    }
+    createSystemProcess() {
+        const sys = new SimulatedProcess(4, 'System');
+        this.processes.set(4, sys);
+    }
+    createProcess(name) {
+        const pid = this.nextPid;
+        this.nextPid += 4;
+        const proc = new SimulatedProcess(pid, name);
+        this.processes.set(pid, proc);
+        return proc;
+    }
+    getProcess(pid) {
+        return this.processes.get(pid);
+    }
+    // --- Syscalls (Simulated) ---
+    OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId) {
+        const targetProc = this.processes.get(dwProcessId);
+        if (!targetProc) {
+            return 0n; // NULL
+        }
+        // Create a handle in the CURRENT process's handle table pointing to the TARGET process
+        const handle = this.currentProcess.handles.createHandle(targetProc, 'Process', dwDesiredAccess);
+        return handle;
+    }
+    CloseHandle(hObject) {
+        return this.currentProcess.handles.closeHandle(hObject);
+    }
+    // Helper to dereference a handle from the current process context
+    getObjectFromHandle(handle) {
+        return this.currentProcess.handles.getObject(handle);
+    }
+}
+// Global kernel instance
+export const kernel = new Kernel();

package/dist/os/memory.d.ts

@@ -0,0 +1,24 @@
+import { type MemoryBasicInformation } from '../constants';
+export declare class MemoryManager {
+    private pages;
+    constructor();
+    /**
+     * Aligns an address down to the nearest page boundary.
+     */
+    private alignDown;
+    /**
+     * Aligns an address up to the nearest page boundary.
+     */
+    private alignUp;
+    /**
+     * Allocates memory.
+     * Simplification: Always allocates MEM_PRIVATE, MEM_COMMIT | MEM_RESERVE.
+     */
+    allocate(address: number, // If 0, find free space
+    size: number, _allocationType?: number, protect?: number): number;
+    free(address: number, _size?: number, _freeType?: number): boolean;
+    read(address: number, size: number): Buffer;
+    write(address: number, data: Buffer): number;
+    query(address: number): MemoryBasicInformation;
+}
+//# sourceMappingURL=memory.d.ts.map

package/dist/os/memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../src/os/memory.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,sBAAsB,EAI5B,MAAM,cAAc,CAAC;AAYtB,qBAAa,aAAa;IACxB,OAAO,CAAC,KAAK,CAA2B;;IAIxC;;OAEG;IACH,OAAO,CAAC,SAAS;IAIjB;;OAEG;IACH,OAAO,CAAC,OAAO;IAIf;;;OAGG;IACH,QAAQ,CACN,OAAO,EAAE,MAAM,EAAE,wBAAwB;IACzC,IAAI,EAAE,MAAM,EACZ,eAAe,GAAE,MAAiD,EAClE,OAAO,GAAE,MAAmC,GAC3C,MAAM;IA+CT,IAAI,CACF,OAAO,EAAE,MAAM,EACf,KAAK,GAAE,MAAU,EACjB,SAAS,GAAE,MAAe,GACzB,OAAO;IASV,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM;IAiC3C,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM;IAwC5C,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG,sBAAsB;CA0B/C"}

package/dist/os/memory.js

@@ -0,0 +1,147 @@
+import { MemoryProtection, MemoryState, MemoryType, } from '../constants';
+const PAGE_SIZE = 4096;
+export class MemoryManager {
+    pages = new Map();
+    constructor() { }
+    /**
+     * Aligns an address down to the nearest page boundary.
+     */
+    alignDown(address) {
+        return Math.floor(address / PAGE_SIZE) * PAGE_SIZE;
+    }
+    /**
+     * Aligns an address up to the nearest page boundary.
+     */
+    alignUp(address) {
+        return Math.ceil(address / PAGE_SIZE) * PAGE_SIZE;
+    }
+    /**
+     * Allocates memory.
+     * Simplification: Always allocates MEM_PRIVATE, MEM_COMMIT | MEM_RESERVE.
+     */
+    allocate(address, // If 0, find free space
+    size, _allocationType = MemoryState.COMMIT | MemoryState.RESERVE, protect = MemoryProtection.READWRITE) {
+        const numPages = Math.ceil(size / PAGE_SIZE);
+        // Simple allocator: if address is 0, find a gap
+        // Start searching from 0x10000 (64KB) to avoid null pointer issues
+        let startAddress = address > 0 ? this.alignDown(address) : 0x10000;
+        if (address === 0) {
+            // Find a specialized gap
+            // This is a naive implementation; performance might key for huge allocations
+            while (true) {
+                let collision = false;
+                for (let i = 0; i < numPages; i++) {
+                    if (this.pages.has(startAddress + i * PAGE_SIZE)) {
+                        collision = true;
+                        break;
+                    }
+                }
+                if (!collision)
+                    break;
+                startAddress += PAGE_SIZE;
+            }
+        }
+        else {
+            // Verify requested range is free
+            for (let i = 0; i < numPages; i++) {
+                const _addr = startAddress + i * PAGE_SIZE;
+                // Should check for collisions or if re-allocation is allowed
+            }
+        }
+        for (let i = 0; i < numPages; i++) {
+            const pageAddr = startAddress + i * PAGE_SIZE;
+            const page = this.pages.get(pageAddr) || {
+                address: pageAddr,
+                data: Buffer.alloc(PAGE_SIZE),
+                state: MemoryState.FREE,
+                protect: MemoryProtection.NOACCESS,
+                type: MemoryType.PRIVATE,
+            };
+            page.state = MemoryState.COMMIT;
+            page.protect = protect;
+            this.pages.set(pageAddr, page);
+        }
+        return startAddress;
+    }
+    free(address, _size = 0, _freeType = 0x8000 /* MEM_RELEASE */) {
+        const startAddress = this.alignDown(address);
+        if (this.pages.has(startAddress)) {
+            this.pages.delete(startAddress);
+            return true;
+        }
+        return false;
+    }
+    read(address, size) {
+        const result = Buffer.alloc(size);
+        let bytesRead = 0;
+        let currentAddr = address;
+        while (bytesRead < size) {
+            const pageAddr = this.alignDown(currentAddr);
+            const offsetInPage = currentAddr - pageAddr;
+            const bytesToRead = Math.min(PAGE_SIZE - offsetInPage, size - bytesRead);
+            const page = this.pages.get(pageAddr);
+            if (page &&
+                page.state & MemoryState.COMMIT &&
+                !(page.protect & MemoryProtection.NOACCESS)) {
+                page.data.copy(result, bytesRead, offsetInPage, offsetInPage + bytesToRead);
+            }
+            else {
+                // Unmapped or inaccessible
+            }
+            bytesRead += bytesToRead;
+            currentAddr += bytesToRead;
+        }
+        return result;
+    }
+    write(address, data) {
+        let bytesWritten = 0;
+        let currentAddr = address;
+        const size = data.length;
+        while (bytesWritten < size) {
+            const pageAddr = this.alignDown(currentAddr);
+            const offsetInPage = currentAddr - pageAddr;
+            const bytesToWrite = Math.min(PAGE_SIZE - offsetInPage, size - bytesWritten);
+            const page = this.pages.get(pageAddr);
+            if (page && page.state & MemoryState.COMMIT) {
+                // Check write permissions
+                if (page.protect &
+                    (MemoryProtection.READWRITE | MemoryProtection.EXECUTE_READWRITE)) {
+                    data.copy(page.data, offsetInPage, bytesWritten, bytesWritten + bytesToWrite);
+                }
+                else {
+                    break;
+                }
+            }
+            else {
+                break;
+            }
+            bytesWritten += bytesToWrite;
+            currentAddr += bytesToWrite;
+        }
+        return bytesWritten;
+    }
+    query(address) {
+        const pageAddr = this.alignDown(address);
+        const page = this.pages.get(pageAddr);
+        if (!page) {
+            return {
+                BaseAddress: BigInt(pageAddr),
+                AllocationBase: BigInt(pageAddr),
+                AllocationProtect: MemoryProtection.NOACCESS,
+                RegionSize: BigInt(PAGE_SIZE),
+                State: MemoryState.FREE,
+                Protect: MemoryProtection.NOACCESS,
+                Type: MemoryType.PRIVATE,
+            };
+        }
+        return {
+            BaseAddress: BigInt(page.address),
+            AllocationBase: BigInt(page.address),
+            AllocationProtect: page.protect,
+            RegionSize: BigInt(PAGE_SIZE),
+            State: page.state,
+            Protect: page.protect,
+            Type: page.type,
+        };
+    }
+}

package/dist/os/process.d.ts

@@ -0,0 +1,17 @@
+import { MemoryManager } from './memory';
+import { HandleTable } from './handles';
+import { SimulatedThread } from './thread';
+export declare class SimulatedProcess {
+    id: number;
+    name: string;
+    memory: MemoryManager;
+    handles: HandleTable;
+    threads: Map<number, SimulatedThread>;
+    exitCode: number | null;
+    private nextThreadId;
+    constructor(pid: number, name: string);
+    createThread(): SimulatedThread;
+    getThread(tid: number): SimulatedThread | undefined;
+    terminate(exitCode?: number): void;
+}
+//# sourceMappingURL=process.d.ts.map

package/dist/os/process.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"process.d.ts","sourceRoot":"","sources":["../../src/os/process.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3C,qBAAa,gBAAgB;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,aAAa,CAAC;IACtB,OAAO,EAAE,WAAW,CAAC;IACrB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACtC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAQ;IAEtC,OAAO,CAAC,YAAY,CAAgB;gBAExB,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;IAQrC,YAAY,IAAI,eAAe;IAO/B,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAInD,SAAS,CAAC,QAAQ,GAAE,MAAU;CAO/B"}

package/dist/os/process.js

@@ -0,0 +1,35 @@
+import { MemoryManager } from './memory';
+import { HandleTable } from './handles';
+import { SimulatedThread } from './thread';
+export class SimulatedProcess {
+    id;
+    name;
+    memory;
+    handles;
+    threads;
+    exitCode = null;
+    nextThreadId = 1000;
+    constructor(pid, name) {
+        this.id = pid;
+        this.name = name;
+        this.memory = new MemoryManager();
+        this.handles = new HandleTable();
+        this.threads = new Map();
+    }
+    createThread() {
+        const tid = this.nextThreadId++;
+        const thread = new SimulatedThread(tid, this.id);
+        this.threads.set(tid, thread);
+        return thread;
+    }
+    getThread(tid) {
+        return this.threads.get(tid);
+    }
+    terminate(exitCode = 0) {
+        this.exitCode = exitCode;
+        // Cleanup threads
+        this.threads.clear();
+        // Cleanup handles?
+        // In a real OS, handles are closed.
+    }
+}

package/dist/os/thread.d.ts

@@ -0,0 +1,40 @@
+export declare enum ThreadState {
+    INITIALIZED = 0,
+    READY = 1,
+    RUNNING = 2,
+    WAITING = 3,
+    TERMINATED = 4
+}
+export interface ThreadContext {
+    Rip: bigint;
+    Rax: bigint;
+    Rbx: bigint;
+    Rcx: bigint;
+    Rdx: bigint;
+    Rsi: bigint;
+    Rdi: bigint;
+    Rbp: bigint;
+    Rsp: bigint;
+    R8: bigint;
+    R9: bigint;
+    R10: bigint;
+    R11: bigint;
+    R12: bigint;
+    R13: bigint;
+    R14: bigint;
+    R15: bigint;
+    EFlags: number;
+}
+export declare class SimulatedThread {
+    id: number;
+    state: ThreadState;
+    suspendCount: number;
+    context: ThreadContext;
+    ownerProcessId: number;
+    constructor(tid: number, ownerPid: number);
+    suspend(): number;
+    resume(): number;
+    getContext(_flags: number): ThreadContext;
+    setContext(ctx: Partial<ThreadContext>): void;
+}
+//# sourceMappingURL=thread.d.ts.map

package/dist/os/thread.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"thread.d.ts","sourceRoot":"","sources":["../../src/os/thread.ts"],"names":[],"mappings":"AAAA,oBAAY,WAAW;IACrB,WAAW,IAAA;IACX,KAAK,IAAA;IACL,OAAO,IAAA;IACP,OAAO,IAAA;IACP,UAAU,IAAA;CACX;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,eAAe;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,WAAW,CAAC;IACnB,YAAY,EAAE,MAAM,CAAK;IACzB,OAAO,EAAE,aAAa,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;gBAElB,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IA4BzC,OAAO,IAAI,MAAM;IAQjB,MAAM,IAAI,MAAM;IAUhB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa;IAKzC,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,IAAI;CAG9C"}

package/dist/os/thread.js

@@ -0,0 +1,64 @@
+export var ThreadState;
+(function (ThreadState) {
+    ThreadState[ThreadState["INITIALIZED"] = 0] = "INITIALIZED";
+    ThreadState[ThreadState["READY"] = 1] = "READY";
+    ThreadState[ThreadState["RUNNING"] = 2] = "RUNNING";
+    ThreadState[ThreadState["WAITING"] = 3] = "WAITING";
+    ThreadState[ThreadState["TERMINATED"] = 4] = "TERMINATED";
+})(ThreadState || (ThreadState = {}));
+export class SimulatedThread {
+    id;
+    state;
+    suspendCount = 0;
+    context;
+    ownerProcessId;
+    constructor(tid, ownerPid) {
+        this.id = tid;
+        this.ownerProcessId = ownerPid;
+        this.state = ThreadState.INITIALIZED;
+        // Initialize context with some reasonable defaults
+        this.context = {
+            Rip: 0x7ff700001000n, // Dummy entry point
+            Rax: 0n,
+            Rbx: 0n,
+            Rcx: 0n,
+            Rdx: 0n,
+            Rsi: 0n,
+            Rdi: 0n,
+            Rbp: 0n,
+            Rsp: 0x000000e0000n, // Dummy stack
+            R8: 0n,
+            R9: 0n,
+            R10: 0n,
+            R11: 0n,
+            R12: 0n,
+            R13: 0n,
+            R14: 0n,
+            R15: 0n,
+            EFlags: 0x202, // IF bit set
+        };
+    }
+    suspend() {
+        this.suspendCount++;
+        if (this.state === ThreadState.RUNNING) {
+            this.state = ThreadState.WAITING; // Simplification
+        }
+        return this.suspendCount - 1; // Return previous count
+    }
+    resume() {
+        if (this.suspendCount > 0) {
+            this.suspendCount--;
+            if (this.suspendCount === 0) {
+                this.state = ThreadState.READY; // Ready to run
+            }
+        }
+        return this.suspendCount;
+    }
+    getContext(_flags) {
+        // Should respect flags (CONTEXT_FULL, etc.), but for mock we return full.
+        return { ...this.context };
+    }
+    setContext(ctx) {
+        Object.assign(this.context, ctx);
+    }
+}

package/dist/process.d.ts

@@ -0,0 +1,30 @@
+import * as D from 'win32-def';
+import { type MemoryBasicInformation } from './constants';
+/**
+ * Represents a remote process
+ */
+export declare class Process {
+    protected _handle: D.HANDLE | null;
+    protected _pid: number;
+    constructor(handle: D.HANDLE | null, autoClose?: boolean, pid?: number);
+    static open(pid: number, access?: number): Process;
+    static current(): CurrentProcess;
+    get handle(): D.HANDLE | null;
+    get pid(): number;
+    isValid(): boolean;
+    close(): void;
+    read(address: number | bigint, size: number): Buffer;
+    write(address: number | bigint, buffer: Buffer): void;
+    query(address: number | bigint): MemoryBasicInformation;
+}
+/**
+ * Represents the current process (singleton)
+ */
+export declare class CurrentProcess extends Process {
+    constructor();
+    close(): void;
+    query(address: number | bigint): MemoryBasicInformation;
+}
+export declare const currentProcess: CurrentProcess;
+export declare const currentProcessId: number;
+//# sourceMappingURL=process.d.ts.map

package/dist/process.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"process.d.ts","sourceRoot":"","sources":["../src/process.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,WAAW,CAAC;AAC/B,OAAO,EAIL,KAAK,sBAAsB,EAC5B,MAAM,aAAa,CAAC;AAerB;;GAEG;AACH,qBAAa,OAAO;IAClB,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,GAAG,IAAI,CAAC;IACnC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC;gBAGrB,MAAM,EAAE,CAAC,CAAC,MAAM,GAAG,IAAI,EACvB,SAAS,GAAE,OAAc,EACzB,GAAG,GAAE,MAAU;IASjB,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,MAAiC,GAAG,OAAO;IAU5E,MAAM,CAAC,OAAO,IAAI,cAAc;IAIhC,IAAI,MAAM,oBAET;IACD,IAAI,GAAG,WAEN;IAED,OAAO,IAAI,OAAO;IAIlB,KAAK;IAUL,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM;IAyBpD,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAsBrD,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,sBAAsB;CAkBxD;AAED;;GAEG;AACH,qBAAa,cAAe,SAAQ,OAAO;;IAMhC,KAAK;IAIL,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,sBAAsB;CAQjE;AAGD,eAAO,MAAM,cAAc,gBAAuB,CAAC;AACnD,eAAO,MAAM,gBAAgB,QAAqB,CAAC"}

package/dist/process.js

@@ -0,0 +1,124 @@
+import { Kernel32Impl as Kernel32 } from './kernel32';
+import { ProcessAccess, MEMORY_BASIC_INFORMATION, MBI_SIZE, } from './constants';
+import koffi from 'koffi';
+import { log } from './logger';
+/**
+ * Handle management registry for automatic cleanup
+ */
+const registry = new FinalizationRegistry((handle) => {
+    if (handle) {
+        log.trace('Process', 'Closing orphaned handle via GC');
+        Kernel32.CloseHandle(handle);
+    }
+});
+/**
+ * Represents a remote process
+ */
+export class Process {
+    _handle;
+    _pid;
+    constructor(handle, autoClose = true, pid = 0) {
+        this._handle = handle;
+        this._pid = pid;
+        if (autoClose && handle) {
+            registry.register(this, handle, this);
+        }
+    }
+    static open(pid, access = ProcessAccess.ALL_ACCESS) {
+        log.debug('Process', `Opening process ${pid}`, { access });
+        const handle = Kernel32.OpenProcess(access, 0, pid);
+        if (!handle) {
+            log.error('Process', `Failed to open process ${pid}`);
+            throw new Error(`Failed to open process ${pid}`);
+        }
+        return new Process(handle, true, pid);
+    }
+    static current() {
+        return currentProcess;
+    }
+    get handle() {
+        return this._handle;
+    }
+    get pid() {
+        return this._pid;
+    }
+    isValid() {
+        return this._handle !== null && this._handle !== undefined;
+    }
+    close() {
+        if (this.isValid()) {
+            log.debug('Process', `Closing process handle ${this._pid}`);
+            const h = this._handle;
+            this._handle = null;
+            registry.unregister(this);
+            Kernel32.CloseHandle(h);
+        }
+    }
+    read(address, size) {
+        if (!this.isValid())
+            throw new Error('Process handle is closed');
+        const buffer = Buffer.alloc(size);
+        const success = Kernel32.ReadProcessMemory(this._handle, address, buffer, size, null);
+        if (!success) {
+            const errCode = Kernel32.GetLastError
+                ? Kernel32.GetLastError()
+                : 'unknown';
+            log.error('Process', `ReadProcessMemory failed at ${address}`, {
+                size,
+                errCode,
+            });
+            throw new Error('ReadProcessMemory failed');
+        }
+        return buffer;
+    }
+    write(address, buffer) {
+        if (!this.isValid())
+            throw new Error('Process handle is closed');
+        const success = Kernel32.WriteProcessMemory(this._handle, address, buffer, buffer.length, null);
+        if (!success) {
+            const errCode = Kernel32.GetLastError
+                ? Kernel32.GetLastError()
+                : 'unknown';
+            log.error('Process', `WriteProcessMemory failed at ${address}`, {
+                size: buffer.length,
+                errCode,
+            });
+            throw new Error('WriteProcessMemory failed');
+        }
+    }
+    query(address) {
+        if (!this.isValid())
+            throw new Error('Process handle is closed');
+        const buffer = Buffer.alloc(MBI_SIZE);
+        const result = Kernel32.VirtualQueryEx(this._handle, address, buffer, MBI_SIZE);
+        if (!result) {
+            log.error('Process', `VirtualQueryEx failed at ${address}`);
+            throw new Error('VirtualQueryEx failed');
+        }
+        const info = koffi.decode(buffer, MEMORY_BASIC_INFORMATION);
+        return info;
+    }
+}
+/**
+ * Represents the current process (singleton)
+ */
+export class CurrentProcess extends Process {
+    constructor() {
+        // Current process uses a pseudo-handle that doesn't need closing
+        super(Kernel32.GetCurrentProcess(), false, Kernel32.GetCurrentProcessId());
+    }
+    close() {
+        this._handle = null;
+    }
+    query(address) {
+        const buffer = Buffer.alloc(MBI_SIZE);
+        const result = Kernel32.VirtualQuery(address, buffer, MBI_SIZE);
+        if (!result)
+            throw new Error('VirtualQuery failed');
+        const info = koffi.decode(buffer, MEMORY_BASIC_INFORMATION);
+        return info;
+    }
+}
+// Export a pre-initialized instance of the current process
+export const currentProcess = new CurrentProcess();
+export const currentProcessId = currentProcess.pid;

package/dist/thread.d.ts

@@ -0,0 +1,28 @@
+import * as D from 'win32-def';
+import { type ThreadContext } from './constants';
+/**
+ * Represents a thread handle
+ */
+export declare class Thread {
+    protected _handle: D.HANDLE | null;
+    constructor(handle: D.HANDLE | null, autoClose?: boolean);
+    static open(threadId: number, access?: number): Thread;
+    static current(): CurrentThread;
+    static currentId(): number;
+    isValid(): boolean;
+    close(): void;
+    suspend(): number;
+    resume(): number;
+    getContext(flags?: number): ThreadContext;
+    setContext(ctx: ThreadContext): void;
+    get handle(): D.HANDLE | null;
+}
+/**
+ * Represents the current thread (singleton)
+ */
+export declare class CurrentThread extends Thread {
+    constructor();
+    close(): void;
+}
+export declare const currentThread: CurrentThread;
+//# sourceMappingURL=thread.d.ts.map

package/dist/thread.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"thread.d.ts","sourceRoot":"","sources":["../src/thread.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,WAAW,CAAC;AAC/B,OAAO,EAKL,KAAK,aAAa,EACnB,MAAM,aAAa,CAAC;AAerB;;GAEG;AACH,qBAAa,MAAM;IACjB,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,GAAG,IAAI,CAAC;gBAEvB,MAAM,EAAE,CAAC,CAAC,MAAM,GAAG,IAAI,EAAE,SAAS,GAAE,OAAc;IAO9D,MAAM,CAAC,IAAI,CACT,QAAQ,EAAE,MAAM,EAChB,MAAM,GAAE,MAAgC,GACvC,MAAM;IAUT,MAAM,CAAC,OAAO,IAAI,aAAa;IAI/B,MAAM,CAAC,SAAS,IAAI,MAAM;IAI1B,OAAO,IAAI,OAAO;IAIlB,KAAK;IAUL,OAAO,IAAI,MAAM;IAUjB,MAAM,IAAI,MAAM;IAUhB,UAAU,CAAC,KAAK,GAAE,MAA0B,GAAG,aAAa;IAgB5D,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,IAAI;IAapC,IAAI,MAAM,oBAET;CACF;AAED;;GAEG;AACH,qBAAa,aAAc,SAAQ,MAAM;;IAM9B,KAAK;CAGf;AAGD,eAAO,MAAM,aAAa,eAAsB,CAAC"}