@cheatron/native 1.1.0 → 1.2.1

package/README.md

@@ -9,11 +9,13 @@ Ergonomic Win32 process and memory management API for Cheatron, powered by [Bun]
 
 - **Process Management**: Open processes by PID, access the current process, and query memory information.
 - **Memory Operations**: Read and write memory buffers from/to target processes.
-- **Thread Management**: Create local/remote threads, get/set thread context, suspend/resume, and track exit codes.
-- **Module Helper**: Easy access to loaded modules (`kernel32.dll`, `msvcrt.dll`, etc.) and function addresses.
-- **Low-level FFI**: Direct access to `Kernel32Impl` and `MsvcrtImpl` for advanced Win32 API calls.
+- **Thread Management**: Create local/remote threads (supports `CREATE_SUSPENDED` flags), get/set thread context, suspend/resume, and track exit codes.
+- **Module Helper**: Easy access to loaded modules, complete `MODULEINFO` retrieval, module dimension sizing, and function addresses.
+- **High-Performance Pattern Scanning**: Memory scanning powered by chunked processing and an assembly-injected `memmem` for wildcard-free patterns. Supports full process scan via `VirtualQuery`, module-scoped scan, or arbitrary range scan.
+- **Assembly Generation**: Test x86 assembly scripts and integrate safely with `@cheatron/keystone`.
+- **Low-level FFI**: Direct access to `Kernel32Impl`, `psapi`, and `MsvcrtImpl` (includes `memcmp` and `memmem`) for advanced Win32 API calls.
 - **Safe Handles**: Automatic handle cleanup using `FinalizationRegistry`.
-- **Integrated Logging**: Scoped logging powered by `@cheatron/log`.
+- **Integrated Logging**: Centralized, shared static logging powered by `@cheatron/log`.
 
 ## Installation
 
@@ -72,6 +74,17 @@ Enumerate and interact with loaded DLLs.
 - `Module.get(name: string): Module`
 - `Module.kernel32 / Module.crt`: Pre-defined instances.
 - `getProcAddress(name: string): bigint`
+- Retrieve memory size via `MODULEINFO` querying.
+
+### Scanner & Pattern
+
+High-performance memory pattern matching — no wildcards uses an **assembly-injected `memmem`** (faster than any JS-side byte loop), wildcard patterns use chunked byte comparison. Scanning is generator-based so it yields immediately on first match without loading all results into memory.
+
+- `new Pattern("55 8B EC ?? 56")` — Create signatures with wildcard support.
+- `process.findPattern(sig)` — **Full process scan** via `VirtualQuery` (all committed readable regions).
+- `process.findPatternFromModules(sig, ['kernel32.dll'])` — Module-scoped scan.
+- `process.findPatternInRange(sig, start, size)` — Arbitrary range scan.
+- All of the above have `findAll*` variants that return every match.
 
 ## Advanced FFI
 

package/dist/{src/handle.d.ts → handle.d.ts}

@@ -1,4 +1,8 @@
 import { WaitReturn, type HANDLE } from '@cheatron/native-bindings';
+/**
+ * Handle management registry for automatic cleanup
+ */
+export declare const handleRegistry: FinalizationRegistry<HANDLE>;
 /**
  * Base class for Win32 handles
  */

package/dist/handle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handle.d.ts","sourceRoot":"","sources":["../src/handle.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,UAAU,EACV,KAAK,MAAM,EACZ,MAAM,2BAA2B,CAAC;AAKnC;;GAEG;AACH,eAAO,MAAM,cAAc,8BAIzB,CAAC;AAEH;;GAEG;AACH,qBAAa,MAAM;IACjB,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC;gBAEd,MAAM,EAAE,MAAM,EAAE,SAAS,GAAE,OAAc;IAOrD;;OAEG;IACH,OAAO,IAAI,OAAO;IAIlB;;OAEG;IACH,KAAK;IASL;;;OAGG;IACH,IAAI,CAAC,SAAS,GAAE,MAAiB,GAAG,UAAU;IAS9C;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,CAEnB;CACF"}

package/dist/{src/handle.js → handle.js}

@@ -4,7 +4,7 @@ const handleLog = log.child('Handle');
 /**
  * Handle management registry for automatic cleanup
  */
-const registry = new FinalizationRegistry((handle) => {
+export const handleRegistry = new FinalizationRegistry((handle) => {
     if (handle) {
         Kernel32Impl.CloseHandle(handle);
     }
@@ -17,7 +17,7 @@ export class Handle {
     constructor(handle, autoClose = true) {
         this._handle = handle;
         if (autoClose && handle) {
-            registry.register(this, handle, this);
+            handleRegistry.register(this, handle, this);
         }
     }
     /**
@@ -33,7 +33,7 @@ export class Handle {
         if (this.isValid()) {
             const h = this._handle;
             this._handle = null;
-            registry.unregister(this);
+            handleRegistry.unregister(this);
             Kernel32Impl.CloseHandle(h);
         }
     }

package/dist/handle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handle.js","sourceRoot":"","sources":["../src/handle.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,QAAQ,EACR,UAAU,GAEX,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,oBAAoB,CAAS,CAAC,MAAM,EAAE,EAAE;IACxE,IAAI,MAAM,EAAE,CAAC;QACX,YAAY,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,OAAO,MAAM;IACP,OAAO,CAAS;IAE1B,YAAY,MAAc,EAAE,YAAqB,IAAI;QACnD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,SAAS,IAAI,MAAM,EAAE,CAAC;YACxB,cAAc,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,OAAO,KAAK,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;YACnB,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC;YACvB,IAAI,CAAC,OAAO,GAAG,IAAK,CAAC;YACrB,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAChC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,IAAI,CAAC,YAAoB,QAAQ;QAC/B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACzD,SAAS,CAAC,KAAK,CAAC,0CAA0C,SAAS,KAAK,CAAC,CAAC;QAC1E,OAAO,YAAY,CAAC,mBAAmB,CACrC,IAAI,CAAC,OAAO,EACZ,SAAS,CACI,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;CACF"}

package/dist/{src/index.d.ts → index.d.ts}

@@ -1,8 +1,13 @@
 export { log } from './logger';
+export * from '@cheatron/native-bindings';
+export type * from '@cheatron/native-bindings';
+export * from './handle';
+export * from './pattern';
+export * from './scan-result';
+export * from './scanner';
 export * from './thread';
 export * from './process';
 export * from './module';
-export * from './handle';
-export * from '@cheatron/native-bindings';
-export type * from '@cheatron/native-bindings';
+export * from './native-fn';
+export * from './msvcrt-ext';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,cAAc,2BAA2B,CAAC;AAC1C,mBAAmB,2BAA2B,CAAC;AAE/C,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,WAAW,CAAC;AAC1B,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC"}

package/dist/{src/index.js → index.js}

@@ -1,7 +1,12 @@
 export { log } from './logger';
+export * from '@cheatron/native-bindings';
+export * from './handle';
+export * from './pattern';
+export * from './scan-result';
+export * from './scanner';
 export * from './thread';
 export * from './process';
 export * from './module';
-export * from './handle';
-export * from '@cheatron/native-bindings';
+export * from './native-fn';
+export * from './msvcrt-ext';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,cAAc,2BAA2B,CAAC;AAG1C,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,WAAW,CAAC;AAC1B,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC"}

package/dist/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,GAAG,uCAA4B,CAAC"}

package/dist/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,MAAM,CAAC,MAAM,GAAG,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC"}

package/dist/module.d.ts

@@ -0,0 +1,38 @@
+import { type HMODULE, type INT_PTR, type ModuleInfo } from '@cheatron/native-bindings';
+import { Handle } from './handle';
+import { Pattern } from './pattern';
+import { ScanResult } from './scan-result';
+export declare const STATIC_MODULES: Record<string, string>;
+/**
+ * Represents a loaded module
+ */
+export declare class Module extends Handle {
+    protected _name: string;
+    readonly base: bigint;
+    readonly size: number;
+    readonly entryPoint: bigint;
+    readonly end: bigint;
+    readonly info: ModuleInfo;
+    static readonly ntdll: Module;
+    static readonly kernel32: Module;
+    static readonly kernelbase: Module;
+    static readonly crt: Module;
+    private static _staticCache;
+    constructor(handle: HMODULE, name: string);
+    /**
+     * Gets a module handle for the specified module name
+     * Automatically detects if the name is ANSI or Unicode
+     * @param name Module name (e.g., 'kernel32.dll')
+     */
+    static get(name: string): Module;
+    getProcAddress(procName: string): INT_PTR;
+    get name(): string;
+    /**
+     * Finds pattern matches within this module.
+     * Configure limit and protect filter on the Pattern object.
+     * @returns ScanResult with each entry tagged with this module
+     */
+    findPattern(signature: string | Pattern): ScanResult;
+    toString(): string;
+}
+//# sourceMappingURL=module.d.ts.map

package/dist/module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"module.d.ts","sourceRoot":"","sources":["../src/module.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,UAAU,EAChB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAElC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAI3C,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAKjD,CAAC;AAEF;;GAEG;AACH,qBAAa,MAAO,SAAQ,MAAM;IAChC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC;IAExB,SAAgB,IAAI,EAAE,MAAM,CAAC;IAC7B,SAAgB,IAAI,EAAE,MAAM,CAAC;IAC7B,SAAgB,UAAU,EAAE,MAAM,CAAC;IACnC,SAAgB,GAAG,EAAE,MAAM,CAAC;IAC5B,SAAgB,IAAI,EAAE,UAAU,CAAC;IAGjC,gBAAwB,KAAK,EAAE,MAAM,CAAC;IACtC,gBAAwB,QAAQ,EAAE,MAAM,CAAC;IACzC,gBAAwB,UAAU,EAAE,MAAM,CAAC;IAC3C,gBAAwB,GAAG,EAAE,MAAM,CAAC;IAEpC,OAAO,CAAC,MAAM,CAAC,YAAY,CAA8B;gBAE7C,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM;IAyBzC;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IA2BhC,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAazC,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED;;;;OAIG;IACH,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,GAAG,UAAU;IAW3C,QAAQ,IAAI,MAAM;CAG5B"}

package/dist/module.js

@@ -0,0 +1,106 @@
+import { ffi, Kernel32Impl, PsapiImpl, MODULEINFO, MODULEINFO_SIZE, } from '@cheatron/native-bindings';
+import { Handle } from './handle';
+import { log } from './logger';
+import { Pattern } from './pattern';
+import { ScanResult } from './scan-result';
+const moduleLog = log.child('Module');
+export const STATIC_MODULES = {
+    ntdll: 'ntdll.dll',
+    kernel32: 'kernel32.dll',
+    kernelbase: 'kernelbase.dll',
+    crt: 'msvcrt.dll',
+};
+/**
+ * Represents a loaded module
+ */
+export class Module extends Handle {
+    _name;
+    base;
+    size;
+    entryPoint;
+    end;
+    info;
+    static _staticCache = {};
+    constructor(handle, name) {
+        // Module handles from GetModuleHandle should not be closed with CloseHandle
+        super(handle, false);
+        this._name = name;
+        const processHandle = Kernel32Impl.GetCurrentProcess();
+        const moduleInfoBuffer = Buffer.alloc(MODULEINFO_SIZE);
+        const success = PsapiImpl.GetModuleInformation(processHandle, handle, moduleInfoBuffer, MODULEINFO_SIZE);
+        if (!success) {
+            throw new Error(`Failed to get module information for ${name}`);
+        }
+        this.info = ffi.decode(moduleInfoBuffer, MODULEINFO);
+        this.base = BigInt(this.info.lpBaseOfDll);
+        this.size = this.info.SizeOfImage;
+        this.entryPoint = BigInt(this.info.EntryPoint);
+        this.end = this.base + BigInt(this.size);
+    }
+    /**
+     * Gets a module handle for the specified module name
+     * Automatically detects if the name is ANSI or Unicode
+     * @param name Module name (e.g., 'kernel32.dll')
+     */
+    static get(name) {
+        const lowerName = name.toLowerCase();
+        // Fast path for static core modules to prevent redundant handle requests
+        for (const key of Object.keys(STATIC_MODULES)) {
+            if (lowerName === STATIC_MODULES[key]?.toLowerCase() &&
+                this._staticCache[key]) {
+                return this._staticCache[key];
+            }
+        }
+        moduleLog.debug(`Getting module handle for: ${name}`);
+        // Simple ASCII check: any char > 127 means we should use Unicode API
+        const isUnicode = Array.from(name).some((char) => char.charCodeAt(0) > 127);
+        const handle = isUnicode
+            ? Kernel32Impl.GetModuleHandleW(name)
+            : Kernel32Impl.GetModuleHandleA(name);
+        if (!handle) {
+            throw new Error(`Failed to get module handle for ${name}`);
+        }
+        return new Module(handle, name);
+    }
+    getProcAddress(procName) {
+        if (!this.isValid())
+            throw new Error('Module handle is closed');
+        const address = Kernel32Impl.GetProcAddress(this._handle, procName);
+        if (!address) {
+            throw new Error(`Failed to get proc address for ${procName}`);
+        }
+        return address;
+    }
+    get name() {
+        return this._name;
+    }
+    /**
+     * Finds pattern matches within this module.
+     * Configure limit and protect filter on the Pattern object.
+     * @returns ScanResult with each entry tagged with this module
+     */
+    findPattern(signature) {
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const { CurrentProcess } = require('./process');
+        return CurrentProcess.current().findPatternInRange(signature, this.base, this.size, this);
+    }
+    toString() {
+        return `Module(${this.name})[0x${this.base.toString(16)}-0x${this.end.toString(16)}]`;
+    }
+}
+// Initialize dynamic static getters for modules
+for (const [propName, dllName] of Object.entries(STATIC_MODULES)) {
+    Object.defineProperty(Module, propName, {
+        get() {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const self = Module;
+            if (!self._staticCache[propName]) {
+                self._staticCache[propName] = Module.get(dllName);
+            }
+            return self._staticCache[propName];
+        },
+        enumerable: true,
+        configurable: true,
+    });
+}
+//# sourceMappingURL=module.js.map

package/dist/module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"module.js","sourceRoot":"","sources":["../src/module.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,GAAG,EACH,YAAY,EACZ,SAAS,EACT,UAAU,EACV,eAAe,GAKhB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AAEtC,MAAM,CAAC,MAAM,cAAc,GAA2B;IACpD,KAAK,EAAE,WAAW;IAClB,QAAQ,EAAE,cAAc;IACxB,UAAU,EAAE,gBAAgB;IAC5B,GAAG,EAAE,YAAY;CAClB,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,MAAO,SAAQ,MAAM;IACtB,KAAK,CAAS;IAER,IAAI,CAAS;IACb,IAAI,CAAS;IACb,UAAU,CAAS;IACnB,GAAG,CAAS;IACZ,IAAI,CAAa;IAQzB,MAAM,CAAC,YAAY,GAA2B,EAAE,CAAC;IAEzD,YAAY,MAAe,EAAE,IAAY;QACvC,4EAA4E;QAC5E,KAAK,CAAC,MAA2B,EAAE,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAElB,MAAM,aAAa,GAAG,YAAY,CAAC,iBAAiB,EAAE,CAAC;QACvD,MAAM,gBAAgB,GAAG,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACvD,MAAM,OAAO,GAAG,SAAS,CAAC,oBAAoB,CAC5C,aAAa,EACb,MAAM,EACN,gBAAgB,EAChB,eAAe,CAChB,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,wCAAwC,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;QAClC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,IAAY;QACrB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAErC,yEAAyE;QACzE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YAC9C,IACE,SAAS,KAAK,cAAc,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE;gBAChD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EACtB,CAAC;gBACD,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,SAAS,CAAC,KAAK,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAC;QAEtD,qEAAqE;QACrE,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,SAAS;YACtB,CAAC,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC;YACrC,CAAC,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAExC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAI,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,cAAc,CAAC,QAAgB;QAC7B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAEhE,MAAM,OAAO,GAAG,YAAY,CAAC,cAAc,CACzC,IAAI,CAAC,OAAkB,EACvB,QAAQ,CACT,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACH,WAAW,CAAC,SAA2B;QACrC,iEAAiE;QACjE,MAAM,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QAChD,OAAO,cAAc,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAChD,SAAS,EACT,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,IAAI,EACT,IAAI,CACL,CAAC;IACJ,CAAC;IAEQ,QAAQ;QACf,OAAO,UAAU,IAAI,CAAC,IAAI,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,CAAC;IACxF,CAAC;;AAGH,gDAAgD;AAChD,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;IACjE,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE;QACtC,GAAG;YACD,8DAA8D;YAC9D,MAAM,IAAI,GAAG,MAAa,CAAC;YAC3B,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACpD,CAAC;YACD,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QACD,UAAU,EAAE,IAAI;QAChB,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;AACL,CAAC"}

package/dist/msvcrt-ext.d.ts

@@ -0,0 +1,20 @@
+import { MsvcrtImpl } from '@cheatron/native-bindings';
+import type { LPVOID, SIZE_T } from '@cheatron/native-bindings';
+type MemmemFn = (haystack: LPVOID, haystackLen: SIZE_T, needle: LPVOID, needleLen: SIZE_T) => LPVOID;
+/**
+ * memmem - Find the first occurrence of a byte sequence in memory.
+ */
+export declare function memmem(haystack: LPVOID, haystackLen: SIZE_T, needle: LPVOID, needleLen: SIZE_T): LPVOID;
+/**
+ * Extended MSVCRT interface including custom assembly functions
+ */
+export interface MSVCRTExt {
+    memmem: MemmemFn;
+}
+/**
+ * Extended MsvcrtImpl with custom functions typed in.
+ * Uses a Proxy to provide lazy memmem access without patching the base object.
+ */
+export declare const MsvcrtExtImpl: typeof MsvcrtImpl & MSVCRTExt;
+export {};
+//# sourceMappingURL=msvcrt-ext.d.ts.map

package/dist/msvcrt-ext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"msvcrt-ext.d.ts","sourceRoot":"","sources":["../src/msvcrt-ext.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAO,MAAM,2BAA2B,CAAC;AAC5D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AA4FhE,KAAK,QAAQ,GAAG,CACd,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,KACd,MAAM,CAAC;AAsCZ;;GAEG;AACH,wBAAgB,MAAM,CACpB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GAChB,MAAM,CAGR;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,QAAQ,CAAC;CAClB;AAED;;;GAGG;AACH,eAAO,MAAM,aAAa,EAOpB,OAAO,UAAU,GAAG,SAAS,CAAC"}

package/dist/msvcrt-ext.js

@@ -0,0 +1,120 @@
+import { MsvcrtImpl, Def } from '@cheatron/native-bindings';
+import { nativeFn } from './native-fn';
+import { log } from './logger';
+const extLog = log.child('MsvcrtExt');
+/**
+ * x86-64 assembly implementation of memmem.
+ * Finds the first occurrence of a needle in a haystack.
+ */
+const MEMMEM_ASM = [
+    // Prologue — save nonvolatile registers
+    'push rbx',
+    'push rsi',
+    'push rdi',
+    'push r12',
+    'push r13',
+    'push r14',
+    // Save args to nonvolatile regs
+    'mov rsi, rcx', // rsi = haystack
+    'mov r12, rdx', // r12 = haystackLen
+    'mov rdi, r8', // rdi = needle
+    'mov r13, r9', // r13 = needleLen
+    // needleLen == 0? return haystack
+    'test r13, r13',
+    'jz _ret_hs',
+    // needleLen > haystackLen? return NULL
+    'cmp r13, r12',
+    'ja _ret_null',
+    // r14 = outer limit = haystackLen - needleLen + 1
+    'mov r14, r12',
+    'sub r14, r13',
+    'inc r14',
+    // rbx = i (outer)
+    'xor rbx, rbx',
+    '_outer:',
+    'cmp rbx, r14',
+    'jae _ret_null',
+    // rcx = j (inner)
+    'xor rcx, rcx',
+    '_inner:',
+    'cmp rcx, r13',
+    'jae _found',
+    // Compare haystack[i+j] vs needle[j]
+    'mov rax, rbx',
+    'add rax, rcx',
+    'movzx eax, byte ptr [rsi + rax]',
+    'movzx edx, byte ptr [rdi + rcx]',
+    'cmp al, dl',
+    'jne _next',
+    'inc rcx',
+    'jmp _inner',
+    '_next:',
+    'inc rbx',
+    'jmp _outer',
+    // Found match
+    '_found:',
+    'lea rax, [rsi + rbx]',
+    'jmp _done',
+    // Return haystack (needleLen == 0)
+    '_ret_hs:',
+    'mov rax, rsi',
+    'jmp _done',
+    // Return NULL
+    '_ret_null:',
+    'xor eax, eax',
+    '_done:',
+    'pop r14',
+    'pop r13',
+    'pop r12',
+    'pop rdi',
+    'pop rsi',
+    'pop rbx',
+    'ret',
+].join('\n');
+/* eslint-enable no-unused-vars */
+let _memmemFn = null;
+/**
+ * Ensures that the custom memmem assembly function is injected and returns it.
+ */
+function ensureMemmem() {
+    if (_memmemFn)
+        return _memmemFn;
+    // Check if it's already registered in the shared nativeFn instance
+    const existing = nativeFn.getFunction('memmem');
+    if (existing) {
+        _memmemFn = existing;
+        return _memmemFn;
+    }
+    /**
+     * Inject the assembly function
+     */
+    const memmemAddr = nativeFn.add({
+        memmem: [Def.voidPtr, [Def.voidPtr, Def.uint64, Def.voidPtr, Def.uint64]],
+    }, MEMMEM_ASM);
+    _memmemFn = nativeFn.getFunction('memmem');
+    if (!_memmemFn) {
+        throw new Error('Failed to retrieve memmem function after injection');
+    }
+    extLog.info(`memmem injected at 0x${memmemAddr.toString(16).toUpperCase()}`);
+    return _memmemFn;
+}
+/**
+ * memmem - Find the first occurrence of a byte sequence in memory.
+ */
+export function memmem(haystack, haystackLen, needle, needleLen) {
+    const fn = _memmemFn ?? ensureMemmem();
+    return fn(haystack, haystackLen, needle, needleLen);
+}
+/**
+ * Extended MsvcrtImpl with custom functions typed in.
+ * Uses a Proxy to provide lazy memmem access without patching the base object.
+ */
+export const MsvcrtExtImpl = new Proxy(MsvcrtImpl, {
+    get(target, prop, receiver) {
+        if (prop === 'memmem') {
+            return memmem;
+        }
+        return Reflect.get(target, prop, receiver);
+    },
+});
+//# sourceMappingURL=msvcrt-ext.js.map

package/dist/msvcrt-ext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"msvcrt-ext.js","sourceRoot":"","sources":["../src/msvcrt-ext.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,2BAA2B,CAAC;AAE5D,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;AAEtC;;;GAGG;AACH,MAAM,UAAU,GAAG;IACjB,wCAAwC;IACxC,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IAEV,gCAAgC;IAChC,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,oBAAoB;IACpC,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,kBAAkB;IAEjC,kCAAkC;IAClC,eAAe;IACf,YAAY;IAEZ,uCAAuC;IACvC,cAAc;IACd,cAAc;IAEd,kDAAkD;IAClD,cAAc;IACd,cAAc;IACd,SAAS;IAET,kBAAkB;IAClB,cAAc;IAEd,SAAS;IACT,cAAc;IACd,eAAe;IAEf,kBAAkB;IAClB,cAAc;IAEd,SAAS;IACT,cAAc;IACd,YAAY;IAEZ,qCAAqC;IACrC,cAAc;IACd,cAAc;IACd,iCAAiC;IACjC,iCAAiC;IACjC,YAAY;IACZ,WAAW;IAEX,SAAS;IACT,YAAY;IAEZ,QAAQ;IACR,SAAS;IACT,YAAY;IAEZ,cAAc;IACd,SAAS;IACT,sBAAsB;IACtB,WAAW;IAEX,mCAAmC;IACnC,UAAU;IACV,cAAc;IACd,WAAW;IAEX,cAAc;IACd,YAAY;IACZ,cAAc;IAEd,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,KAAK;CACN,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AASb,kCAAkC;AAElC,IAAI,SAAS,GAAoB,IAAI,CAAC;AAEtC;;GAEG;AACH,SAAS,YAAY;IACnB,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,mEAAmE;IACnE,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,QAAQ,EAAE,CAAC;QACb,SAAS,GAAG,QAAoB,CAAC;QACjC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAC7B;QACE,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;KAC1E,EACD,UAAU,CACX,CAAC;IAEF,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAa,CAAC;IAEvD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,wBAAwB,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAC7E,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,MAAM,CACpB,QAAgB,EAChB,WAAmB,EACnB,MAAc,EACd,SAAiB;IAEjB,MAAM,EAAE,GAAG,SAAS,IAAI,YAAY,EAAE,CAAC;IACvC,OAAO,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AACtD,CAAC;AASD;;;GAGG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,KAAK,CAAC,UAAU,EAAE;IACjD,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAkC,CAAC"}

package/dist/native-fn.d.ts

@@ -0,0 +1,73 @@
+/** Function signature: [returnType, [paramTypes...]] */
+export type FnSig = [string, string[]];
+/** Function definition: { name: [returnType, [paramTypes...]] } */
+export type FnDef = Record<string, FnSig>;
+/** Tracks a single registered native function */
+interface FunctionEntry {
+    name: string;
+    address: bigint;
+    size: number;
+    sig: FnSig;
+    callable: (...args: unknown[]) => unknown;
+}
+export declare const ALIGN = 16;
+/**
+ * Rounds a number up to the nearest multiple of 16.
+ */
+export declare function addressAlign16(n: number): number;
+export declare const codeAlign16: typeof addressAlign16;
+export declare const stackAlign16: typeof addressAlign16;
+/**
+ * Dynamically creates callable native functions from assembly or bytecode.
+ *
+ * Functions are written into a single VirtualAlloc'd executable page and
+ * exposed as callable methods on the instance via koffi.
+ */
+export declare class NativeFunctionCreator {
+    private page;
+    private pageAddr;
+    private offset;
+    private capacity;
+    private ks;
+    private functions;
+    [key: string]: any;
+    constructor(capacity?: number);
+    /**
+     * Add a native function from assembly source code.
+     * @param def Function definition { name: [returnType, [paramTypes...]] }
+     * @param asmSource x86-64 assembly instructions
+     * @returns Address of the function
+     */
+    add(def: FnDef, asmSource: string): bigint;
+    /**
+     * Add a native function from raw bytecode.
+     * @param def Function definition { name: [returnType, [paramTypes...]] }
+     * @param bytes Raw machine code bytes
+     * @returns Address of the function
+     */
+    addBytes(def: FnDef, bytes: number[]): bigint;
+    /**
+     * Get the address of a registered function by name.
+     */
+    getAddress(name: string): bigint | undefined;
+    /**
+     * Get the callable function by name.
+     */
+    getFunction(name: string): ((...args: unknown[]) => unknown) | undefined;
+    /**
+     * Get info about all registered functions.
+     */
+    list(): FunctionEntry[];
+    /**
+     * Get remaining capacity in bytes.
+     */
+    get remaining(): number;
+    /**
+     * Free the executable memory page.
+     */
+    destroy(): void;
+    private _writeAndBind;
+}
+export declare const nativeFn: NativeFunctionCreator;
+export {};
+//# sourceMappingURL=native-fn.d.ts.map

package/dist/native-fn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"native-fn.d.ts","sourceRoot":"","sources":["../src/native-fn.ts"],"names":[],"mappings":"AA0CA,wDAAwD;AACxD,MAAM,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;AAEvC,mEAAmE;AACnE,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAE1C,iDAAiD;AACjD,UAAU,aAAa;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,KAAK,CAAC;IAEX,QAAQ,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC;CAC3C;AAED,eAAO,MAAM,KAAK,KAAK,CAAC;AAExB;;GAEG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,eAAO,MAAM,WAAW,uBAAiB,CAAC;AAC1C,eAAO,MAAM,YAAY,uBAAiB,CAAC;AAE3C;;;;;GAKG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,EAAE,CAAc;IACxB,OAAO,CAAC,SAAS,CAAyC;IAE1D,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;gBAEP,QAAQ,GAAE,MAAa;IA+BnC;;;;;OAKG;IACH,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM;IAgB1C;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM;IAc7C;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAI5C;;OAEG;IAEH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,GAAG,SAAS;IAIxE;;OAEG;IACH,IAAI,IAAI,aAAa,EAAE;IAIvB;;OAEG;IACH,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED;;OAEG;IACH,OAAO,IAAI,IAAI;IA+Bf,OAAO,CAAC,aAAa;CA4DtB;AAOD,eAAO,MAAM,QAAQ,EAAE,qBAmBtB,CAAC"}