@jshookmcp/jshook 0.2.2 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -661
- package/README.md +15 -6
- package/README.zh.md +19 -4
- package/dist/native/scripts/linux/enum-windows.sh +12 -12
- package/dist/native/scripts/macos/enum-windows.applescript +22 -22
- package/dist/native/scripts/windows/enum-windows-by-class.ps1 +51 -51
- package/dist/native/scripts/windows/enum-windows.ps1 +44 -44
- package/dist/native/scripts/windows/inject-dll.ps1 +21 -21
- package/dist/packages/extension-sdk/src/bridges/shared.js +2 -2
- package/dist/packages/extension-sdk/src/plugin.d.ts +5 -0
- package/dist/packages/extension-sdk/src/plugin.js +119 -33
- package/dist/packages/extension-sdk/src/workflow.d.ts +156 -0
- package/dist/packages/extension-sdk/src/workflow.js +236 -0
- package/dist/src/config/search-defaults.js +161 -0
- package/dist/src/constants.d.ts +3 -0
- package/dist/src/constants.js +4 -1
- package/dist/src/index.d.ts +1 -1
- package/dist/src/index.js +13 -17
- package/dist/src/modules/analyzer/CodeAnalyzer.d.ts +1 -3
- package/dist/src/modules/analyzer/CodeAnalyzer.js +16 -28
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.d.ts +1 -2
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.js +1 -45
- package/dist/src/modules/analyzer/IntelligentAnalyzer.d.ts +1 -37
- package/dist/src/modules/analyzer/IntelligentAnalyzer.js +9 -142
- package/dist/src/modules/analyzer/PatternDetector.js +3 -3
- package/dist/src/modules/analyzer/PatternDetectorAuthPatterns.js +1 -1
- package/dist/src/modules/browser/BrowserDiscovery.d.ts +6 -5
- package/dist/src/modules/browser/BrowserDiscovery.js +3 -3
- package/dist/src/modules/browser/BrowserModeManager.d.ts +1 -1
- package/dist/src/modules/browser/BrowserModeManager.js +11 -10
- package/dist/src/modules/browser/TabRegistry.js +2 -2
- package/dist/src/modules/browser/UnifiedBrowserManager.d.ts +1 -0
- package/dist/src/modules/browser/UnifiedBrowserManager.js +19 -4
- package/dist/src/modules/captcha/AICaptchaDetector.d.ts +14 -23
- package/dist/src/modules/captcha/AICaptchaDetector.js +8 -202
- package/dist/src/modules/captcha/CaptchaDetector.d.ts +31 -17
- package/dist/src/modules/captcha/CaptchaDetector.js +1 -1
- package/dist/src/modules/collector/CodeCache.d.ts +2 -2
- package/dist/src/modules/collector/CodeCollector.d.ts +12 -9
- package/dist/src/modules/collector/CodeCollector.js +5 -6
- package/dist/src/modules/collector/DOMInspector.d.ts +3 -2
- package/dist/src/modules/collector/DOMInspector.js +49 -59
- package/dist/src/modules/collector/PageController.d.ts +17 -4
- package/dist/src/modules/collector/PageController.js +2 -5
- package/dist/src/modules/collector/PageScriptCollectors.js +3 -3
- package/dist/src/modules/crypto/CryptoDetector.d.ts +1 -4
- package/dist/src/modules/crypto/CryptoDetector.js +2 -42
- package/dist/src/modules/crypto/CryptoRules.js +1 -1
- package/dist/src/modules/debugger/BlackboxManager.js +1 -1
- package/dist/src/modules/debugger/DebuggerManager.impl.core.scope.js +1 -1
- package/dist/src/modules/debugger/ScriptManager.impl.extract-function-tree.js +5 -3
- package/dist/src/modules/debugger/WatchExpressionManager.js +1 -1
- package/dist/src/modules/deobfuscator/Deobfuscator.d.ts +1 -4
- package/dist/src/modules/deobfuscator/Deobfuscator.js +4 -39
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.d.ts +0 -3
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.js +2 -8
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.d.ts +2 -3
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.js +5 -57
- package/dist/src/modules/deobfuscator/JScramblerDeobfuscator.js +3 -4
- package/dist/src/modules/deobfuscator/PackerDeobfuscator.js +1 -1
- package/dist/src/modules/deobfuscator/VMDeobfuscator.d.ts +2 -10
- package/dist/src/modules/deobfuscator/VMDeobfuscator.js +3 -128
- package/dist/src/modules/deobfuscator/webcrack.js +15 -2
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.d.ts +5 -8
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.js +10 -102
- package/dist/src/modules/emulator/EnvironmentEmulator.d.ts +1 -5
- package/dist/src/modules/emulator/EnvironmentEmulator.js +7 -91
- package/dist/src/modules/emulator/EnvironmentEmulatorFetch.js +58 -61
- package/dist/src/modules/emulator/templates/chrome-env.d.ts +17 -7
- package/dist/src/modules/emulator/templates/chrome-env.js +14 -7
- package/dist/src/modules/external/ExternalToolRunner.d.ts +1 -1
- package/dist/src/modules/external/ExternalToolRunner.js +26 -23
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.d.ts +13 -0
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.js +42 -0
- package/dist/src/modules/monitor/FetchInterceptor.d.ts +46 -0
- package/dist/src/modules/monitor/FetchInterceptor.js +191 -0
- package/dist/src/modules/monitor/PerformanceMonitor.js +8 -7
- package/dist/src/modules/process/BaseMemoryManager.d.ts +1 -1
- package/dist/src/modules/process/LinuxProcessManager.js +4 -2
- package/dist/src/modules/process/MacProcessManager.js +1 -1
- package/dist/src/modules/process/MemoryManager.d.ts +1 -1
- package/dist/src/modules/process/MemoryManager.js +2 -2
- package/dist/src/modules/process/ProcessManager.impl.js +1 -1
- package/dist/src/modules/process/memory/AuditTrail.js +1 -1
- package/dist/src/modules/process/memory/reader.js +35 -3
- package/dist/src/modules/process/memory/regions.enumerate.js +1 -1
- package/dist/src/modules/process/memory/regions.protection.js +42 -9
- package/dist/src/modules/process/memory/scanner.d.ts +5 -1
- package/dist/src/modules/process/memory/scanner.darwin.js +57 -0
- package/dist/src/modules/process/memory/scanner.js +88 -4
- package/dist/src/modules/process/memory/writer.js +44 -4
- package/dist/src/modules/security/ExecutionSandbox.js +7 -8
- package/dist/src/modules/stealth/FingerprintManager.js +1 -1
- package/dist/src/modules/stealth/StealthScripts.d.ts +4 -2
- package/dist/src/modules/stealth/StealthScripts.js +53 -14
- package/dist/src/modules/stealth/StealthVerifier.d.ts +1 -1
- package/dist/src/modules/stealth/StealthVerifier.js +2 -4
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.d.ts +14 -0
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.js +181 -2
- package/dist/src/modules/trace/TraceDB.js +12 -6
- package/dist/src/modules/trace/TraceRecorder.js +1 -5
- package/dist/src/native/AntiCheatDetector.js +67 -16
- package/dist/src/native/CodeInjector.js +4 -4
- package/dist/src/native/HardwareBreakpoint.js +25 -16
- package/dist/src/native/HeapAnalyzer.js +2 -2
- package/dist/src/native/MemoryController.js +1 -1
- package/dist/src/native/MemoryScanSession.js +2 -2
- package/dist/src/native/MemoryScanner.js +4 -8
- package/dist/src/native/NativeMemoryManager.impl.js +2 -2
- package/dist/src/native/PEAnalyzer.js +14 -15
- package/dist/src/native/PointerChainEngine.js +2 -4
- package/dist/src/native/ScriptLoader.js +4 -9
- package/dist/src/native/Speedhack.js +1 -1
- package/dist/src/native/StructureAnalyzer.js +52 -33
- package/dist/src/native/Win32API.d.ts +1 -0
- package/dist/src/native/Win32API.js +13 -0
- package/dist/src/native/Win32Debug.js +19 -19
- package/dist/src/native/platform/darwin/DarwinAPI.d.ts +2 -0
- package/dist/src/native/platform/darwin/DarwinAPI.js +8 -0
- package/dist/src/native/platform/darwin/DarwinMemoryProvider.js +6 -1
- package/dist/src/server/MCPServer.context.d.ts +2 -1
- package/dist/src/server/MCPServer.d.ts +2 -1
- package/dist/src/server/MCPServer.domain.d.ts +1 -1
- package/dist/src/server/MCPServer.domain.js +81 -16
- package/dist/src/server/MCPServer.js +42 -14
- package/dist/src/server/MCPServer.resources.d.ts +2 -0
- package/dist/src/server/MCPServer.resources.js +91 -0
- package/dist/src/server/MCPServer.search.handlers.call.js +2 -1
- package/dist/src/server/MCPServer.search.helpers.js +2 -2
- package/dist/src/server/MCPServer.tools.js +1 -1
- package/dist/src/server/MCPServer.transport.js +12 -0
- package/dist/src/server/ToolCallContextGuard.d.ts +5 -0
- package/dist/src/server/ToolCallContextGuard.js +85 -0
- package/dist/src/server/ToolRouter.d.ts +26 -10
- package/dist/src/server/ToolRouter.intent.d.ts +26 -0
- package/dist/src/server/ToolRouter.intent.js +77 -0
- package/dist/src/server/ToolRouter.js +103 -284
- package/dist/src/server/ToolRouter.policy.d.ts +22 -0
- package/dist/src/server/ToolRouter.policy.js +163 -0
- package/dist/src/server/ToolRouter.probe.d.ts +17 -0
- package/dist/src/server/ToolRouter.probe.js +103 -0
- package/dist/src/server/ToolRouter.renderer.d.ts +9 -0
- package/dist/src/server/ToolRouter.renderer.js +52 -0
- package/dist/src/server/activation/ActivationController.js +15 -12
- package/dist/src/server/activation/CompoundConditionEngine.js +1 -1
- package/dist/src/server/activation/PredictiveBooster.js +1 -3
- package/dist/src/server/domains/analysis/definitions.js +155 -655
- package/dist/src/server/domains/analysis/handlers.impl.d.ts +8 -8
- package/dist/src/server/domains/analysis/handlers.impl.js +34 -28
- package/dist/src/server/domains/analysis/handlers.web-tools.js +4 -3
- package/dist/src/server/domains/analysis/manifest.js +6 -4
- package/dist/src/server/domains/antidebug/definitions.js +25 -111
- package/dist/src/server/domains/browser/definitions.tools.advanced.js +59 -88
- package/dist/src/server/domains/browser/definitions.tools.behavior.js +120 -227
- package/dist/src/server/domains/browser/definitions.tools.page-core.js +157 -386
- package/dist/src/server/domains/browser/definitions.tools.page-system.js +108 -250
- package/dist/src/server/domains/browser/definitions.tools.runtime.js +61 -174
- package/dist/src/server/domains/browser/definitions.tools.security.js +92 -237
- package/dist/src/server/domains/browser/handlers/camoufox-browser.js +3 -2
- package/dist/src/server/domains/browser/handlers/captcha-solver.js +3 -3
- package/dist/src/server/domains/browser/handlers/dom-query.js +2 -1
- package/dist/src/server/domains/browser/handlers/facade-initializer.d.ts +3 -3
- package/dist/src/server/domains/browser/handlers/facade-initializer.js +3 -3
- package/dist/src/server/domains/browser/handlers/framework-state.js +231 -3
- package/dist/src/server/domains/browser/handlers/indexeddb-dump.js +21 -20
- package/dist/src/server/domains/browser/handlers/script-management.js +1 -1
- package/dist/src/server/domains/browser/handlers/stealth-injection.js +8 -2
- package/dist/src/server/domains/browser/handlers.impl.d.ts +15 -12
- package/dist/src/server/domains/browser/handlers.impl.js +5 -6
- package/dist/src/server/domains/browser/manifest.js +37 -13
- package/dist/src/server/domains/coordination/definitions.js +50 -149
- package/dist/src/server/domains/coordination/index.d.ts +20 -1
- package/dist/src/server/domains/coordination/index.js +133 -0
- package/dist/src/server/domains/coordination/manifest.js +15 -0
- package/dist/src/server/domains/debugger/definitions.tools.advanced.js +72 -189
- package/dist/src/server/domains/debugger/definitions.tools.core.js +114 -288
- package/dist/src/server/domains/debugger/manifest.js +9 -2
- package/dist/src/server/domains/encoding/definitions.js +43 -153
- package/dist/src/server/domains/encoding/handlers.base.js +2 -2
- package/dist/src/server/domains/evidence/definitions.d.ts +2 -0
- package/dist/src/server/domains/evidence/definitions.js +42 -0
- package/dist/src/server/domains/evidence/handlers.d.ts +582 -0
- package/dist/src/server/domains/evidence/handlers.js +60 -0
- package/dist/src/server/domains/evidence/index.d.ts +2 -0
- package/dist/src/server/domains/evidence/index.js +2 -0
- package/dist/src/server/domains/evidence/manifest.d.ts +63 -0
- package/dist/src/server/domains/evidence/manifest.js +78 -0
- package/dist/src/server/domains/graphql/definitions.js +53 -141
- package/dist/src/server/domains/graphql/handlers.impl.core.runtime.replay.js +92 -114
- package/dist/src/server/domains/hooks/ai-handlers.d.ts +0 -7
- package/dist/src/server/domains/hooks/ai-handlers.js +4 -70
- package/dist/src/server/domains/hooks/definitions.js +69 -335
- package/dist/src/server/domains/hooks/manifest.d.ts +1 -1
- package/dist/src/server/domains/hooks/manifest.js +1 -2
- package/dist/src/server/domains/instrumentation/definitions.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/definitions.js +99 -0
- package/dist/src/server/domains/instrumentation/handlers.d.ts +78 -0
- package/dist/src/server/domains/instrumentation/handlers.js +206 -0
- package/dist/src/server/domains/instrumentation/index.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/index.js +2 -0
- package/dist/src/server/domains/instrumentation/manifest.d.ts +63 -0
- package/dist/src/server/domains/instrumentation/manifest.js +114 -0
- package/dist/src/server/domains/macro/definitions.js +16 -43
- package/dist/src/server/domains/maintenance/definitions.js +60 -219
- package/dist/src/server/domains/maintenance/handlers.d.ts +2 -2
- package/dist/src/server/domains/maintenance/handlers.extensions.js +78 -20
- package/dist/src/server/domains/maintenance/handlers.js +2 -2
- package/dist/src/server/domains/memory/definitions.js +387 -559
- package/dist/src/server/domains/memory/handlers/hooks.d.ts +55 -0
- package/dist/src/server/domains/memory/handlers/hooks.js +115 -0
- package/dist/src/server/domains/memory/handlers/integrity.d.ts +77 -0
- package/dist/src/server/domains/memory/handlers/integrity.js +180 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.js +82 -0
- package/dist/src/server/domains/memory/handlers/readwrite.d.ts +41 -0
- package/dist/src/server/domains/memory/handlers/readwrite.js +78 -0
- package/dist/src/server/domains/memory/handlers/scan.d.ts +35 -0
- package/dist/src/server/domains/memory/handlers/scan.js +97 -0
- package/dist/src/server/domains/memory/handlers/session.d.ts +23 -0
- package/dist/src/server/domains/memory/handlers/session.js +49 -0
- package/dist/src/server/domains/memory/handlers/structure.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/structure.js +74 -0
- package/dist/src/server/domains/memory/handlers.impl.d.ts +49 -54
- package/dist/src/server/domains/memory/handlers.impl.js +63 -494
- package/dist/src/server/domains/memory/manifest.js +236 -64
- package/dist/src/server/domains/native-bridge/definitions.js +54 -192
- package/dist/src/server/domains/native-bridge/index.d.ts +1 -0
- package/dist/src/server/domains/native-bridge/index.js +2 -1
- package/dist/src/server/domains/network/auth-extractor.js +1 -1
- package/dist/src/server/domains/network/definitions.js +175 -578
- package/dist/src/server/domains/network/handlers.base.core.d.ts +64 -0
- package/dist/src/server/domains/network/handlers.base.core.js +623 -0
- package/dist/src/server/domains/network/handlers.base.d.ts +2 -124
- package/dist/src/server/domains/network/handlers.base.js +3 -878
- package/dist/src/server/domains/network/handlers.base.performance.d.ts +63 -0
- package/dist/src/server/domains/network/handlers.base.performance.js +193 -0
- package/dist/src/server/domains/network/handlers.base.types.d.ts +42 -0
- package/dist/src/server/domains/network/handlers.base.types.js +89 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.d.ts +1 -1
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.d.ts +21 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.js +186 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.js +1 -1
- package/dist/src/server/domains/network/manifest.js +15 -0
- package/dist/src/server/domains/network/replay.js +1 -4
- package/dist/src/server/domains/platform/definitions.js +121 -112
- package/dist/src/server/domains/platform/handlers/bridge-handlers.d.ts +5 -1
- package/dist/src/server/domains/platform/handlers/bridge-handlers.js +194 -5
- package/dist/src/server/domains/platform/handlers/electron-asar-helpers.js +26 -6
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.js +170 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.js +193 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.d.ts +6 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.js +95 -2
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.js +370 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.js +78 -0
- package/dist/src/server/domains/platform/handlers/miniapp-handlers.d.ts +1 -1
- package/dist/src/server/domains/platform/handlers/miniapp-handlers.js +4 -4
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.js +207 -0
- package/dist/src/server/domains/platform/handlers.d.ts +48 -0
- package/dist/src/server/domains/platform/handlers.js +29 -0
- package/dist/src/server/domains/platform/manifest.js +38 -0
- package/dist/src/server/domains/process/definitions.js +163 -647
- package/dist/src/server/domains/process/handlers.base.d.ts +3 -95
- package/dist/src/server/domains/process/handlers.base.js +7 -462
- package/dist/src/server/domains/process/handlers.base.process.d.ts +61 -0
- package/dist/src/server/domains/process/handlers.base.process.js +417 -0
- package/dist/src/server/domains/process/handlers.base.types.d.ts +57 -0
- package/dist/src/server/domains/process/handlers.base.types.js +50 -0
- package/dist/src/server/domains/process/handlers.impl.core.runtime.inject.js +19 -17
- package/dist/src/server/domains/process/manifest.js +6 -1
- package/dist/src/server/domains/sandbox/definitions.js +11 -33
- package/dist/src/server/domains/sandbox/handlers.js +8 -3
- package/dist/src/server/domains/shared/ResponseBuilder.d.ts +209 -0
- package/dist/src/server/domains/shared/ResponseBuilder.js +48 -0
- package/dist/src/server/domains/shared/modules.d.ts +0 -2
- package/dist/src/server/domains/shared/modules.js +0 -1
- package/dist/src/server/domains/sourcemap/definitions.js +27 -111
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-common.js +7 -2
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-main.js +1 -1
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-parse-base.js +1 -1
- package/dist/src/server/domains/sourcemap/manifest.d.ts +1 -1
- package/dist/src/server/domains/sourcemap/manifest.js +1 -1
- package/dist/src/server/domains/streaming/definitions.js +36 -148
- package/dist/src/server/domains/streaming/handlers.impl.streaming-sse.js +163 -164
- package/dist/src/server/domains/streaming/handlers.impl.streaming-ws.js +1 -1
- package/dist/src/server/domains/trace/TraceSummarizer.d.ts +60 -0
- package/dist/src/server/domains/trace/TraceSummarizer.js +112 -0
- package/dist/src/server/domains/trace/definitions.tools.js +51 -176
- package/dist/src/server/domains/trace/handlers.d.ts +2 -1
- package/dist/src/server/domains/trace/handlers.js +62 -9
- package/dist/src/server/domains/trace/index.d.ts +2 -1
- package/dist/src/server/domains/trace/index.js +2 -1
- package/dist/src/server/domains/trace/manifest.js +18 -4
- package/dist/src/server/domains/transform/definitions.js +50 -210
- package/dist/src/server/domains/transform/handlers.impl.transform-base.js +6 -6
- package/dist/src/server/domains/transform/handlers.impl.transform-crypto.js +18 -19
- package/dist/src/server/domains/transform/manifest.d.ts +1 -1
- package/dist/src/server/domains/transform/manifest.js +1 -1
- package/dist/src/server/domains/wasm/definitions.js +55 -232
- package/dist/src/server/domains/wasm/handlers.js +3 -3
- package/dist/src/server/domains/workflow/definitions.js +144 -414
- package/dist/src/server/domains/workflow/handlers.impl.workflow-account-bundle.js +2 -2
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.d.ts +2 -0
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.js +126 -87
- package/dist/src/server/domains/workflow/handlers.impl.workflow-batch.js +5 -5
- package/dist/src/server/evidence/ReverseEvidenceGraph.d.ts +20 -0
- package/dist/src/server/evidence/ReverseEvidenceGraph.js +208 -0
- package/dist/src/server/evidence/index.d.ts +2 -0
- package/dist/src/server/evidence/index.js +1 -0
- package/dist/src/server/evidence/types.d.ts +22 -0
- package/dist/src/server/evidence/types.js +1 -0
- package/dist/src/server/extensions/ExtensionManager.d.ts +1 -0
- package/dist/src/server/extensions/ExtensionManager.discovery.js +72 -9
- package/dist/src/server/extensions/ExtensionManager.integrity.js +1 -1
- package/dist/src/server/extensions/ExtensionManager.js +193 -40
- package/dist/src/server/extensions/ExtensionManager.roots.d.ts +1 -1
- package/dist/src/server/extensions/ExtensionManager.roots.js +19 -9
- package/dist/src/server/extensions/plugin-config.js +1 -1
- package/dist/src/server/extensions/plugin-env.d.ts +1 -1
- package/dist/src/server/extensions/plugin-env.js +10 -4
- package/dist/src/server/extensions/types.d.ts +17 -0
- package/dist/src/server/extensions/types.js +1 -1
- package/dist/src/server/http/HttpMiddleware.js +1 -1
- package/dist/src/server/instrumentation/EvidenceGraphBridge.d.ts +13 -0
- package/dist/src/server/instrumentation/EvidenceGraphBridge.js +150 -0
- package/dist/src/server/instrumentation/InstrumentationSession.d.ts +60 -0
- package/dist/src/server/instrumentation/InstrumentationSession.js +269 -0
- package/dist/src/server/instrumentation/index.d.ts +2 -0
- package/dist/src/server/instrumentation/index.js +2 -0
- package/dist/src/server/instrumentation/types.d.ts +62 -0
- package/dist/src/server/instrumentation/types.js +7 -0
- package/dist/src/server/macros/MacroConfigLoader.d.ts +6 -5
- package/dist/src/server/macros/MacroConfigLoader.js +61 -59
- package/dist/src/server/macros/MacroRunner.js +6 -2
- package/dist/src/server/macros/builtins/index.d.ts +2 -3
- package/dist/src/server/macros/builtins/index.js +51 -7
- package/dist/src/server/plugins/PluginContract.d.ts +1 -1
- package/dist/src/server/registry/contracts.d.ts +7 -1
- package/dist/src/server/registry/discovery.js +5 -4
- package/dist/src/server/registry/ensure-browser-core.js +0 -3
- package/dist/src/server/registry/index.js +4 -4
- package/dist/src/server/registry/tool-builder.d.ts +46 -0
- package/dist/src/server/registry/tool-builder.js +105 -0
- package/dist/src/server/sandbox/MCPBridge.d.ts +9 -0
- package/dist/src/server/sandbox/MCPBridge.js +22 -0
- package/dist/src/server/sandbox/QuickJSSandbox.d.ts +4 -1
- package/dist/src/server/sandbox/QuickJSSandbox.js +162 -2
- package/dist/src/server/sandbox/types.d.ts +13 -0
- package/dist/src/server/search/AffinityGraph.d.ts +7 -1
- package/dist/src/server/search/AffinityGraph.js +24 -3
- package/dist/src/server/search/EmbeddingWorker.js +5 -3
- package/dist/src/server/search/FeedbackTracker.d.ts +9 -0
- package/dist/src/server/search/FeedbackTracker.js +26 -0
- package/dist/src/server/search/QueryNormalizer.d.ts +6 -0
- package/dist/src/server/search/QueryNormalizer.js +94 -0
- package/dist/src/server/search/ToolSearchEngineImpl.d.ts +2 -3
- package/dist/src/server/search/ToolSearchEngineImpl.js +38 -88
- package/dist/src/server/workflows/WorkflowContract.d.ts +24 -0
- package/dist/src/server/workflows/WorkflowContract.js +12 -0
- package/dist/src/server/workflows/WorkflowEngine.d.ts +1 -0
- package/dist/src/server/workflows/WorkflowEngine.js +136 -3
- package/dist/src/types/config.d.ts +0 -14
- package/dist/src/types/deobfuscator.d.ts +0 -1
- package/dist/src/types/index.d.ts +1 -1
- package/dist/src/utils/DetailedDataManager.js +2 -0
- package/dist/src/utils/RingBuffer.js +5 -5
- package/dist/src/utils/TokenBudgetManager.js +1 -1
- package/dist/src/utils/UnifiedCacheManager.d.ts +1 -1
- package/dist/src/utils/UnifiedCacheManager.js +3 -3
- package/dist/src/utils/artifactRetention.js +2 -2
- package/dist/src/utils/betterSqlite3.d.ts +11 -0
- package/dist/src/utils/betterSqlite3.js +88 -0
- package/dist/src/utils/browserExecutable.js +2 -2
- package/dist/src/utils/cliFastPath.js +17 -6
- package/dist/src/utils/config.js +4 -26
- package/dist/src/utils/environmentDoctor.js +138 -11
- package/dist/src/utils/outputPaths.js +16 -9
- package/dist/src/utils/parallel.js +1 -3
- package/package.json +76 -72
- package/scripts/postinstall.cjs +37 -37
- package/src/native/scripts/linux/enum-windows.sh +12 -12
- package/src/native/scripts/macos/enum-windows.applescript +22 -22
- package/src/native/scripts/windows/enum-windows-by-class.ps1 +51 -51
- package/src/native/scripts/windows/enum-windows.ps1 +44 -44
- package/src/native/scripts/windows/inject-dll.ps1 +21 -21
- package/workflows/.gitkeep +0 -0
- package/dist/src/modules/analyzer/AISummarizer.d.ts +0 -39
- package/dist/src/modules/analyzer/AISummarizer.js +0 -122
- package/dist/src/modules/hook/AIHookGenerator.d.ts +0 -52
- package/dist/src/modules/hook/AIHookGenerator.js +0 -360
- package/dist/src/modules/hook/AIHookGeneratorTemplates.d.ts +0 -9
- package/dist/src/modules/hook/AIHookGeneratorTemplates.js +0 -157
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.js +0 -25
- package/dist/src/server/macros/builtins/unpacker-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/unpacker-flow.js +0 -25
- package/dist/src/services/LLMService.d.ts +0 -37
- package/dist/src/services/LLMService.js +0 -233
- package/dist/src/services/prompts/analysis.d.ts +0 -9
- package/dist/src/services/prompts/analysis.js +0 -158
- package/dist/src/services/prompts/crypto.d.ts +0 -2
- package/dist/src/services/prompts/crypto.js +0 -108
- package/dist/src/services/prompts/deobfuscation.d.ts +0 -6
- package/dist/src/services/prompts/deobfuscation.js +0 -300
- package/dist/src/services/prompts/environment.d.ts +0 -16
- package/dist/src/services/prompts/environment.js +0 -372
- package/dist/src/services/prompts/intelligence.d.ts +0 -4
- package/dist/src/services/prompts/intelligence.js +0 -250
- package/dist/src/services/prompts/taint.d.ts +0 -2
- package/dist/src/services/prompts/taint.js +0 -54
|
@@ -4,11 +4,7 @@ import { resolveArtifactPath } from '../../utils/artifacts.js';
|
|
|
4
4
|
const CDP_EVENTS_BY_DOMAIN = {
|
|
5
5
|
Debugger: ['Debugger.paused', 'Debugger.resumed', 'Debugger.scriptParsed'],
|
|
6
6
|
Runtime: ['Runtime.consoleAPICalled', 'Runtime.exceptionThrown'],
|
|
7
|
-
Network: [
|
|
8
|
-
'Network.requestWillBeSent',
|
|
9
|
-
'Network.responseReceived',
|
|
10
|
-
'Network.loadingFinished',
|
|
11
|
-
],
|
|
7
|
+
Network: ['Network.requestWillBeSent', 'Network.responseReceived', 'Network.loadingFinished'],
|
|
12
8
|
Page: ['Page.navigatedWithinDocument', 'Page.loadEventFired'],
|
|
13
9
|
};
|
|
14
10
|
const DEFAULT_CDP_DOMAINS = ['Debugger', 'Runtime', 'Network', 'Page'];
|
|
@@ -1,27 +1,77 @@
|
|
|
1
1
|
import { createHash } from 'node:crypto';
|
|
2
|
-
import {
|
|
2
|
+
import { promises as fs } from 'node:fs';
|
|
3
3
|
import { logger } from '../utils/logger.js';
|
|
4
|
-
import { openProcessForMemory, CloseHandle, ReadProcessMemory, VirtualQueryEx, PAGE, EnumProcessModules, GetModuleBaseName, GetModuleInformation, } from './Win32API.js';
|
|
4
|
+
import { openProcessForMemory, CloseHandle, ReadProcessMemory, VirtualQueryEx, PAGE, EnumProcessModules, GetModuleBaseName, GetModuleFileNameEx, GetModuleInformation, } from './Win32API.js';
|
|
5
5
|
import { PEAnalyzer } from './PEAnalyzer.js';
|
|
6
6
|
const ANTI_DEBUG_IMPORTS = [
|
|
7
7
|
{
|
|
8
8
|
dll: 'kernel32.dll',
|
|
9
9
|
funcs: [
|
|
10
|
-
{
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
10
|
+
{
|
|
11
|
+
name: 'IsDebuggerPresent',
|
|
12
|
+
mechanism: 'anti_debug_api',
|
|
13
|
+
confidence: 'high',
|
|
14
|
+
bypass: 'Hook IsDebuggerPresent to return 0, or patch PEB.BeingDebugged field',
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
name: 'CheckRemoteDebuggerPresent',
|
|
18
|
+
mechanism: 'anti_debug_api',
|
|
19
|
+
confidence: 'high',
|
|
20
|
+
bypass: 'Hook CheckRemoteDebuggerPresent to set output to FALSE and return TRUE',
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
name: 'OutputDebugStringA',
|
|
24
|
+
mechanism: 'exception_based',
|
|
25
|
+
confidence: 'low',
|
|
26
|
+
bypass: 'May be used for anti-debug timing — monitor for exception handler abuse',
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
name: 'GetTickCount',
|
|
30
|
+
mechanism: 'timing_check',
|
|
31
|
+
confidence: 'low',
|
|
32
|
+
bypass: 'Hook GetTickCount to return consistent delta values',
|
|
33
|
+
},
|
|
34
|
+
{
|
|
35
|
+
name: 'GetTickCount64',
|
|
36
|
+
mechanism: 'timing_check',
|
|
37
|
+
confidence: 'low',
|
|
38
|
+
bypass: 'Hook GetTickCount64 to return consistent delta values',
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
name: 'QueryPerformanceCounter',
|
|
42
|
+
mechanism: 'timing_check',
|
|
43
|
+
confidence: 'medium',
|
|
44
|
+
bypass: 'Hook QPC to filter out debugging time deltas',
|
|
45
|
+
},
|
|
16
46
|
],
|
|
17
47
|
},
|
|
18
48
|
{
|
|
19
49
|
dll: 'ntdll.dll',
|
|
20
50
|
funcs: [
|
|
21
|
-
{
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
51
|
+
{
|
|
52
|
+
name: 'NtQueryInformationProcess',
|
|
53
|
+
mechanism: 'ntquery_debug',
|
|
54
|
+
confidence: 'high',
|
|
55
|
+
bypass: 'Hook NtQueryInformationProcess: return 0 for ProcessDebugPort (7), ProcessDebugObjectHandle (30), ProcessDebugFlags (31)',
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
name: 'NtSetInformationThread',
|
|
59
|
+
mechanism: 'thread_hiding',
|
|
60
|
+
confidence: 'medium',
|
|
61
|
+
bypass: 'Hook NtSetInformationThread: intercept ThreadHideFromDebugger (0x11) calls',
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
name: 'NtClose',
|
|
65
|
+
mechanism: 'exception_based',
|
|
66
|
+
confidence: 'low',
|
|
67
|
+
bypass: 'NtClose with invalid handle detects debugger via exception — hook to suppress',
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
name: 'RtlGetNtGlobalFlags',
|
|
71
|
+
mechanism: 'heap_flags',
|
|
72
|
+
confidence: 'medium',
|
|
73
|
+
bypass: 'Clear NtGlobalFlag (FLG_HEAP_*) in PEB at offset 0xBC (x64)',
|
|
74
|
+
},
|
|
25
75
|
],
|
|
26
76
|
},
|
|
27
77
|
];
|
|
@@ -41,7 +91,7 @@ export class AntiCheatDetector {
|
|
|
41
91
|
for (const knownDll of ANTI_DEBUG_IMPORTS) {
|
|
42
92
|
if (dllLower.includes(knownDll.dll.toLowerCase().replace('.dll', ''))) {
|
|
43
93
|
for (const func of knownDll.funcs) {
|
|
44
|
-
if (imp.functions.some(f => f.name === func.name)) {
|
|
94
|
+
if (imp.functions.some((f) => f.name === func.name)) {
|
|
45
95
|
detections.push({
|
|
46
96
|
mechanism: func.mechanism,
|
|
47
97
|
confidence: func.confidence,
|
|
@@ -127,11 +177,11 @@ export class AntiCheatDetector {
|
|
|
127
177
|
try {
|
|
128
178
|
const modules = this._enumerateModules(hProcess);
|
|
129
179
|
const targets = moduleName
|
|
130
|
-
? modules.filter(m => m.name.toLowerCase().includes(moduleName.toLowerCase()))
|
|
180
|
+
? modules.filter((m) => m.name.toLowerCase().includes(moduleName.toLowerCase()))
|
|
131
181
|
: modules;
|
|
132
182
|
for (const mod of targets) {
|
|
133
183
|
try {
|
|
134
|
-
const diskData =
|
|
184
|
+
const diskData = await fs.readFile(mod.path);
|
|
135
185
|
const sections = await this.peAnalyzer.listSections(pid, mod.base);
|
|
136
186
|
for (const sec of sections) {
|
|
137
187
|
if (!sec.isExecutable)
|
|
@@ -174,11 +224,12 @@ export class AntiCheatDetector {
|
|
|
174
224
|
const hMod = modHandles[i];
|
|
175
225
|
const name = GetModuleBaseName(hProcess, hMod);
|
|
176
226
|
const info = GetModuleInformation(hProcess, hMod);
|
|
227
|
+
const modulePath = GetModuleFileNameEx(hProcess, hMod) ?? name;
|
|
177
228
|
if (info.success) {
|
|
178
229
|
modules.push({
|
|
179
230
|
name,
|
|
180
231
|
base: `0x${info.info.lpBaseOfDll.toString(16)}`,
|
|
181
|
-
path:
|
|
232
|
+
path: modulePath,
|
|
182
233
|
size: info.info.SizeOfImage,
|
|
183
234
|
});
|
|
184
235
|
}
|
|
@@ -36,7 +36,7 @@ export class CodeInjector {
|
|
|
36
36
|
}
|
|
37
37
|
async unpatch(patchId) {
|
|
38
38
|
const patch = this.patches.get(patchId);
|
|
39
|
-
if (!patch
|
|
39
|
+
if (!patch?.isApplied)
|
|
40
40
|
return false;
|
|
41
41
|
const addr = BigInt(patch.address);
|
|
42
42
|
const originalBuf = Buffer.from(patch.originalBytes);
|
|
@@ -54,7 +54,7 @@ export class CodeInjector {
|
|
|
54
54
|
}
|
|
55
55
|
}
|
|
56
56
|
async nopBytes(pid, address, count) {
|
|
57
|
-
const nops =
|
|
57
|
+
const nops = Array.from({ length: count }, () => 0x90);
|
|
58
58
|
return this.patchBytes(pid, address, nops);
|
|
59
59
|
}
|
|
60
60
|
async findCodeCaves(pid, minSize) {
|
|
@@ -80,7 +80,7 @@ export class CodeInjector {
|
|
|
80
80
|
let caveStart = -1;
|
|
81
81
|
for (let i = 0; i < chunk.length; i++) {
|
|
82
82
|
const b = chunk[i];
|
|
83
|
-
if (b === 0x00 || b ===
|
|
83
|
+
if (b === 0x00 || b === 0xcc) {
|
|
84
84
|
if (caveStart === -1)
|
|
85
85
|
caveStart = i;
|
|
86
86
|
}
|
|
@@ -123,7 +123,7 @@ export class CodeInjector {
|
|
|
123
123
|
finally {
|
|
124
124
|
CloseHandle(handle);
|
|
125
125
|
}
|
|
126
|
-
return caves.
|
|
126
|
+
return caves.toSorted((a, b) => b.size - a.size);
|
|
127
127
|
}
|
|
128
128
|
async allocateRemote(pid, size) {
|
|
129
129
|
const handle = openProcessForMemory(pid, true);
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { randomUUID } from 'node:crypto';
|
|
2
|
-
import { BREAKPOINT_HIT_TIMEOUT_MS, BREAKPOINT_TRACE_MAX_HITS
|
|
2
|
+
import { BREAKPOINT_HIT_TIMEOUT_MS, BREAKPOINT_TRACE_MAX_HITS } from '../constants.js';
|
|
3
3
|
import { SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, DebugActiveProcess, DebugActiveProcessStop, DebugSetProcessKillOnExit, WaitForDebugEvent, ContinueDebugEvent, EnumerateProcessThreads, openThreadForDebug, parseContext, writeContext, encodeDR7, CONTEXT_FLAGS, EXCEPTION_CODE, DBG, } from './Win32Debug.js';
|
|
4
4
|
import { CloseHandle } from './Win32API.js';
|
|
5
|
+
const toHex = (v) => `0x${v.toString(16).toUpperCase()}`;
|
|
5
6
|
export class HardwareBreakpointEngine {
|
|
6
7
|
breakpoints = new Map();
|
|
7
8
|
attachedPids = new Set();
|
|
@@ -104,7 +105,7 @@ export class HardwareBreakpointEngine {
|
|
|
104
105
|
const deadline = Date.now() + timeout;
|
|
105
106
|
while (hits.length < max && Date.now() < deadline) {
|
|
106
107
|
const hit = await this.waitForHit(Math.min(1000, deadline - Date.now()));
|
|
107
|
-
if (hit
|
|
108
|
+
if (hit?.breakpointId === bp.id) {
|
|
108
109
|
hits.push(hit);
|
|
109
110
|
}
|
|
110
111
|
}
|
|
@@ -123,10 +124,10 @@ export class HardwareBreakpointEngine {
|
|
|
123
124
|
applyDRToAllThreads(pid, drIndex, address, access, size, enable) {
|
|
124
125
|
const threads = EnumerateProcessThreads(pid);
|
|
125
126
|
const drAccessMap = {
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
127
|
+
execute: 'execute',
|
|
128
|
+
write: 'write',
|
|
129
|
+
readwrite: 'readwrite',
|
|
130
|
+
read: 'read',
|
|
130
131
|
};
|
|
131
132
|
for (const tid of threads) {
|
|
132
133
|
let hThread;
|
|
@@ -172,7 +173,8 @@ export class HardwareBreakpointEngine {
|
|
|
172
173
|
try {
|
|
173
174
|
ResumeThread(hThread);
|
|
174
175
|
}
|
|
175
|
-
catch {
|
|
176
|
+
catch {
|
|
177
|
+
}
|
|
176
178
|
}
|
|
177
179
|
finally {
|
|
178
180
|
CloseHandle(hThread);
|
|
@@ -203,7 +205,6 @@ export class HardwareBreakpointEngine {
|
|
|
203
205
|
bp.lastHit = Date.now();
|
|
204
206
|
ctxBuf.writeBigUInt64LE(0n, 0x68);
|
|
205
207
|
SetThreadContext(hThread, ctxBuf);
|
|
206
|
-
const toHex = (v) => `0x${v.toString(16).toUpperCase()}`;
|
|
207
208
|
return {
|
|
208
209
|
breakpointId: id,
|
|
209
210
|
address: bp.address,
|
|
@@ -213,14 +214,22 @@ export class HardwareBreakpointEngine {
|
|
|
213
214
|
accessType: bp.access,
|
|
214
215
|
timestamp: Date.now(),
|
|
215
216
|
registers: {
|
|
216
|
-
rax: toHex(ctx.rax),
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
217
|
+
rax: toHex(ctx.rax),
|
|
218
|
+
rbx: toHex(ctx.rbx),
|
|
219
|
+
rcx: toHex(ctx.rcx),
|
|
220
|
+
rdx: toHex(ctx.rdx),
|
|
221
|
+
rsi: toHex(ctx.rsi),
|
|
222
|
+
rdi: toHex(ctx.rdi),
|
|
223
|
+
rsp: toHex(ctx.rsp),
|
|
224
|
+
rbp: toHex(ctx.rbp),
|
|
225
|
+
r8: toHex(ctx.r8),
|
|
226
|
+
r9: toHex(ctx.r9),
|
|
227
|
+
r10: toHex(ctx.r10),
|
|
228
|
+
r11: toHex(ctx.r11),
|
|
229
|
+
r12: toHex(ctx.r12),
|
|
230
|
+
r13: toHex(ctx.r13),
|
|
231
|
+
r14: toHex(ctx.r14),
|
|
232
|
+
r15: toHex(ctx.r15),
|
|
224
233
|
rip: toHex(ctx.rip),
|
|
225
234
|
rflags: `0x${ctx.eflags.toString(16).toUpperCase()}`,
|
|
226
235
|
},
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { logger } from '../utils/logger.js';
|
|
2
2
|
import koffi from 'koffi';
|
|
3
|
-
import { openProcessForMemory, CloseHandle, ReadProcessMemory
|
|
3
|
+
import { openProcessForMemory, CloseHandle, ReadProcessMemory } from './Win32API.js';
|
|
4
4
|
import { HEAP_ENUMERATE_MAX_BLOCKS, HEAP_SPRAY_THRESHOLD, HEAP_SPRAY_SIZE_TOLERANCE, HEAP_SUSPICIOUS_BLOCK_SIZE, } from '../constants.js';
|
|
5
5
|
import { LF32, HF32 } from './HeapAnalyzer.types.js';
|
|
6
6
|
import { TH32CS } from './Win32Debug.js';
|
|
@@ -208,7 +208,7 @@ export class HeapAnalyzer {
|
|
|
208
208
|
}
|
|
209
209
|
}
|
|
210
210
|
async _detectPossibleUAF(pid, blocks, heapId, anomalies) {
|
|
211
|
-
const freeBlocks = blocks.filter(b => b.isFree && b.size >= 8);
|
|
211
|
+
const freeBlocks = blocks.filter((b) => b.isFree && b.size >= 8);
|
|
212
212
|
const sampled = freeBlocks.slice(0, 100);
|
|
213
213
|
let hProcess = null;
|
|
214
214
|
try {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { randomUUID } from 'node:crypto';
|
|
2
|
-
import { FREEZE_DEFAULT_INTERVAL_MS, WRITE_HISTORY_MAX
|
|
2
|
+
import { FREEZE_DEFAULT_INTERVAL_MS, WRITE_HISTORY_MAX } from '../constants.js';
|
|
3
3
|
import { openProcessForMemory, CloseHandle, ReadProcessMemory, WriteProcessMemory, VirtualProtectEx, PAGE, } from './Win32API.js';
|
|
4
4
|
import { parsePattern } from './NativeMemoryManager.utils.js';
|
|
5
5
|
export class MemoryController {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { randomUUID } from 'node:crypto';
|
|
2
|
-
import { SCAN_SESSION_MAX_COUNT, SCAN_SESSION_TTL_MS
|
|
2
|
+
import { SCAN_SESSION_MAX_COUNT, SCAN_SESSION_TTL_MS } from '../constants.js';
|
|
3
3
|
import { getDefaultAlignment } from './ScanComparators.js';
|
|
4
4
|
import { formatAddress, parseAddress } from './formatAddress.js';
|
|
5
5
|
export class MemoryScanSessionManager {
|
|
@@ -97,7 +97,7 @@ export class MemoryScanSessionManager {
|
|
|
97
97
|
const session = this.getSession(sessionId);
|
|
98
98
|
const serializable = {
|
|
99
99
|
...session,
|
|
100
|
-
addresses: session.addresses.map(addr => formatAddress(addr)),
|
|
100
|
+
addresses: session.addresses.map((addr) => formatAddress(addr)),
|
|
101
101
|
previousValues: Array.from(session.previousValues.entries()).map(([addr, buf]) => [formatAddress(addr), buf.toString('hex')]),
|
|
102
102
|
};
|
|
103
103
|
return JSON.stringify(serializable);
|
|
@@ -229,9 +229,7 @@ export class MemoryScanner {
|
|
|
229
229
|
}
|
|
230
230
|
for (let i = 0; i <= chunk.length - 8; i += 8) {
|
|
231
231
|
const ptrValue = chunk.readBigUInt64LE(i);
|
|
232
|
-
const diff = ptrValue > targetAddr
|
|
233
|
-
? Number(ptrValue - targetAddr)
|
|
234
|
-
: Number(targetAddr - ptrValue);
|
|
232
|
+
const diff = ptrValue > targetAddr ? Number(ptrValue - targetAddr) : Number(targetAddr - ptrValue);
|
|
235
233
|
if (diff <= 4096) {
|
|
236
234
|
const addr = chunkAddr + BigInt(i);
|
|
237
235
|
const offsetFromTarget = ptrValue >= targetAddr
|
|
@@ -271,8 +269,8 @@ export class MemoryScanner {
|
|
|
271
269
|
if (maxOffset > SCAN_GROUP_MAX_PATTERN_SIZE) {
|
|
272
270
|
throw new Error(`Group pattern too large: ${maxOffset} bytes (max ${SCAN_GROUP_MAX_PATTERN_SIZE})`);
|
|
273
271
|
}
|
|
274
|
-
const compositePattern =
|
|
275
|
-
const compositeMask =
|
|
272
|
+
const compositePattern = Array.from({ length: maxOffset }, () => 0);
|
|
273
|
+
const compositeMask = Array.from({ length: maxOffset }, () => 0);
|
|
276
274
|
for (const entry of pattern) {
|
|
277
275
|
const effectiveType = entry.type === 'pointer' ? 'uint64' : entry.type;
|
|
278
276
|
const { patternBytes, mask } = parsePattern(entry.value, effectiveType);
|
|
@@ -372,9 +370,7 @@ export class MemoryScanner {
|
|
|
372
370
|
if (!regionInfo)
|
|
373
371
|
break;
|
|
374
372
|
const regionSize = regionInfo.size;
|
|
375
|
-
if (regionInfo.isReadable &&
|
|
376
|
-
regionSize > 0 &&
|
|
377
|
-
regionSize <= Number.MAX_SAFE_INTEGER) {
|
|
373
|
+
if (regionInfo.isReadable && regionSize > 0 && regionSize <= Number.MAX_SAFE_INTEGER) {
|
|
378
374
|
let include = true;
|
|
379
375
|
if (filter?.writable && !regionInfo.isWritable)
|
|
380
376
|
include = false;
|
|
@@ -4,7 +4,7 @@ import { promisify } from 'node:util';
|
|
|
4
4
|
import { cpuLimit } from '../utils/concurrency.js';
|
|
5
5
|
import { createPlatformProvider } from './platform/factory.js';
|
|
6
6
|
import { MemoryProtection } from './platform/types.js';
|
|
7
|
-
import { findPatternInBuffer, parsePattern
|
|
7
|
+
import { findPatternInBuffer, parsePattern } from './NativeMemoryManager.utils.js';
|
|
8
8
|
import { checkNativeMemoryAvailability } from './NativeMemoryManager.availability.js';
|
|
9
9
|
const execAsync = promisify(exec);
|
|
10
10
|
const SCAN_CHUNK_SIZE = 16 * 1024 * 1024;
|
|
@@ -374,7 +374,7 @@ export class NativeMemoryManager {
|
|
|
374
374
|
return { success: false, error: 'Debug port check is only supported on Windows' };
|
|
375
375
|
}
|
|
376
376
|
try {
|
|
377
|
-
const { openProcessForMemory, CloseHandle, NtQueryInformationProcess
|
|
377
|
+
const { openProcessForMemory, CloseHandle, NtQueryInformationProcess } = await import('./Win32API.js');
|
|
378
378
|
const handle = openProcessForMemory(pid, false);
|
|
379
379
|
try {
|
|
380
380
|
const { status, debugPort } = NtQueryInformationProcess(handle, 7);
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { promises as fs } from 'node:fs';
|
|
2
2
|
import { logger } from '../utils/logger.js';
|
|
3
|
-
import { openProcessForMemory, CloseHandle, ReadProcessMemory, EnumProcessModules, GetModuleBaseName, GetModuleInformation, } from './Win32API.js';
|
|
3
|
+
import { openProcessForMemory, CloseHandle, ReadProcessMemory, EnumProcessModules, GetModuleBaseName, GetModuleFileNameEx, GetModuleInformation, } from './Win32API.js';
|
|
4
4
|
import { IMAGE_SCN, IMAGE_DIRECTORY_ENTRY } from './PEAnalyzer.types.js';
|
|
5
5
|
const MZ_MAGIC = 0x5a4d;
|
|
6
6
|
const PE_SIGNATURE = 0x00004550;
|
|
@@ -73,7 +73,9 @@ export class PEAnalyzer {
|
|
|
73
73
|
const off = headers.firstSectionOffset + i * SECTION_HEADER_SIZE;
|
|
74
74
|
const secData = ReadProcessMemory(hProcess, base + BigInt(off), SECTION_HEADER_SIZE);
|
|
75
75
|
const nameEnd = secData.indexOf(0);
|
|
76
|
-
const name = secData
|
|
76
|
+
const name = secData
|
|
77
|
+
.subarray(0, nameEnd > 0 && nameEnd <= 8 ? nameEnd : 8)
|
|
78
|
+
.toString('ascii');
|
|
77
79
|
const virtualSize = secData.readUInt32LE(8);
|
|
78
80
|
const virtualAddress = secData.readUInt32LE(12);
|
|
79
81
|
const rawSize = secData.readUInt32LE(16);
|
|
@@ -114,7 +116,7 @@ export class PEAnalyzer {
|
|
|
114
116
|
const nullIdx = nameData.indexOf(0);
|
|
115
117
|
const dllName = nameData.subarray(0, nullIdx > 0 ? nullIdx : 256).toString('ascii');
|
|
116
118
|
const originalFirstThunkRva = desc.readUInt32LE(0) || desc.readUInt32LE(16);
|
|
117
|
-
const functions =
|
|
119
|
+
const functions = this._readThunkArray(hProcess, base, originalFirstThunkRva, headers.isPE32Plus);
|
|
118
120
|
imports.push({ dllName, functions });
|
|
119
121
|
descOffset += IMPORT_DESCRIPTOR_SIZE;
|
|
120
122
|
}
|
|
@@ -147,8 +149,7 @@ export class PEAnalyzer {
|
|
|
147
149
|
const nameBuf = ReadProcessMemory(hProcess, base + BigInt(nameRva), 256);
|
|
148
150
|
const nullIdx = nameBuf.indexOf(0);
|
|
149
151
|
const name = nameBuf.subarray(0, nullIdx > 0 ? nullIdx : 256).toString('ascii');
|
|
150
|
-
const funcRva = ReadProcessMemory(hProcess, base + BigInt(addressOfFunctionsRva + ordIndex * 4), 4)
|
|
151
|
-
.readUInt32LE(0);
|
|
152
|
+
const funcRva = ReadProcessMemory(hProcess, base + BigInt(addressOfFunctionsRva + ordIndex * 4), 4).readUInt32LE(0);
|
|
152
153
|
let forwardedTo = null;
|
|
153
154
|
if (funcRva >= exportDir.rva && funcRva < exportDir.rva + exportDir.size) {
|
|
154
155
|
const fwdBuf = ReadProcessMemory(hProcess, base + BigInt(funcRva), 256);
|
|
@@ -174,11 +175,11 @@ export class PEAnalyzer {
|
|
|
174
175
|
try {
|
|
175
176
|
const modules = this._enumerateModulesInternal(hProcess);
|
|
176
177
|
const targets = moduleName
|
|
177
|
-
? modules.filter(m => m.name.toLowerCase().includes(moduleName.toLowerCase()))
|
|
178
|
+
? modules.filter((m) => m.name.toLowerCase().includes(moduleName.toLowerCase()))
|
|
178
179
|
: modules;
|
|
179
180
|
for (const mod of targets) {
|
|
180
181
|
try {
|
|
181
|
-
const diskData =
|
|
182
|
+
const diskData = await fs.readFile(mod.path);
|
|
182
183
|
const exports = await this.parseExports(pid, mod.base);
|
|
183
184
|
for (const exp of exports) {
|
|
184
185
|
const funcRva = parseInt(exp.rva, 16);
|
|
@@ -271,13 +272,15 @@ export class PEAnalyzer {
|
|
|
271
272
|
const firstSectionOffset = e_lfanew + 4 + 20 + sizeOfOptionalHeader;
|
|
272
273
|
return { numSections, isPE32Plus, firstSectionOffset, dataDirectories };
|
|
273
274
|
}
|
|
274
|
-
|
|
275
|
+
_readThunkArray(hProcess, base, thunkRva, isPE32Plus) {
|
|
275
276
|
const thunkSize = isPE32Plus ? 8 : 4;
|
|
276
277
|
const functions = [];
|
|
277
278
|
const IMAGE_ORDINAL_FLAG = isPE32Plus ? 0x8000000000000000n : 0x80000000n;
|
|
278
279
|
for (let i = 0; i < 2000; i++) {
|
|
279
280
|
const thunkData = ReadProcessMemory(hProcess, base + BigInt(thunkRva + i * thunkSize), thunkSize);
|
|
280
|
-
const thunkValue = isPE32Plus
|
|
281
|
+
const thunkValue = isPE32Plus
|
|
282
|
+
? thunkData.readBigUInt64LE(0)
|
|
283
|
+
: BigInt(thunkData.readUInt32LE(0));
|
|
281
284
|
if (thunkValue === 0n)
|
|
282
285
|
break;
|
|
283
286
|
if ((thunkValue & IMAGE_ORDINAL_FLAG) !== 0n) {
|
|
@@ -312,11 +315,7 @@ export class PEAnalyzer {
|
|
|
312
315
|
const hMod = modHandles[i];
|
|
313
316
|
const name = GetModuleBaseName(hProcess, hMod);
|
|
314
317
|
const info = GetModuleInformation(hProcess, hMod);
|
|
315
|
-
|
|
316
|
-
try {
|
|
317
|
-
modulePath = `C:\\Windows\\System32\\${name}`;
|
|
318
|
-
}
|
|
319
|
-
catch { }
|
|
318
|
+
const modulePath = GetModuleFileNameEx(hProcess, hMod) ?? name;
|
|
320
319
|
if (info.success) {
|
|
321
320
|
modules.push({
|
|
322
321
|
name,
|
|
@@ -156,7 +156,7 @@ export class PointerChainEngine {
|
|
|
156
156
|
scanLevel(handle, targetAddresses, maxOffset, alignment, _filter) {
|
|
157
157
|
const matches = [];
|
|
158
158
|
const chunkSize = POINTER_CHAIN_SCAN_CHUNK_SIZE;
|
|
159
|
-
const targets = Array.from(targetAddresses).
|
|
159
|
+
const targets = Array.from(targetAddresses).toSorted((a, b) => (a < b ? -1 : a > b ? 1 : 0));
|
|
160
160
|
if (targets.length === 0)
|
|
161
161
|
return matches;
|
|
162
162
|
const maxOffsetBig = BigInt(maxOffset);
|
|
@@ -198,9 +198,7 @@ export class PointerChainEngine {
|
|
|
198
198
|
}
|
|
199
199
|
for (let t = lo; t < targets.length && targets[t] <= searchMax; t++) {
|
|
200
200
|
const target = targets[t];
|
|
201
|
-
const diff = ptrValue > target
|
|
202
|
-
? Number(ptrValue - target)
|
|
203
|
-
: Number(target - ptrValue);
|
|
201
|
+
const diff = ptrValue > target ? Number(ptrValue - target) : Number(target - ptrValue);
|
|
204
202
|
if (diff <= maxOffset) {
|
|
205
203
|
const pointerAddr = chunkAddr + BigInt(i);
|
|
206
204
|
const matchOffset = Number(target - ptrValue);
|
|
@@ -1,18 +1,13 @@
|
|
|
1
1
|
import { promises as fs, existsSync } from 'fs';
|
|
2
|
-
import { join,
|
|
2
|
+
import { join, resolve } from 'path';
|
|
3
3
|
import { platform } from 'os';
|
|
4
4
|
import { fileURLToPath } from 'node:url';
|
|
5
5
|
let _scriptsBaseDir = null;
|
|
6
6
|
function tryGetEsmBaseDir() {
|
|
7
7
|
try {
|
|
8
|
-
const
|
|
9
|
-
const
|
|
10
|
-
|
|
11
|
-
return null;
|
|
12
|
-
if (metaPath.startsWith('file://')) {
|
|
13
|
-
return dirname(fileURLToPath(metaPath));
|
|
14
|
-
}
|
|
15
|
-
return metaPath;
|
|
8
|
+
const readImportMetaUrl = new Function('try { return import.meta.url ?? null; } catch { return null; }');
|
|
9
|
+
const metaUrl = readImportMetaUrl();
|
|
10
|
+
return metaUrl ? fileURLToPath(new URL('.', metaUrl)) : null;
|
|
16
11
|
}
|
|
17
12
|
catch {
|
|
18
13
|
return null;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { STRUCT_ANALYZE_DEFAULT_SIZE, STRUCT_VTABLE_MAX_FUNCTIONS, STRUCT_RTTI_MAX_STRING_LEN,
|
|
1
|
+
import { STRUCT_ANALYZE_DEFAULT_SIZE, STRUCT_VTABLE_MAX_FUNCTIONS, STRUCT_RTTI_MAX_STRING_LEN, } from '../constants.js';
|
|
2
2
|
import { createPlatformProvider } from './platform/factory.js';
|
|
3
3
|
import { nativeMemoryManager } from './NativeMemoryManager.impl.js';
|
|
4
4
|
export class StructureAnalyzer {
|
|
@@ -126,7 +126,7 @@ export class StructureAnalyzer {
|
|
|
126
126
|
const signature = colBuf.readUInt32LE(0);
|
|
127
127
|
if (signature !== 1)
|
|
128
128
|
return null;
|
|
129
|
-
const typeDescRVA = colBuf.readUInt32LE(
|
|
129
|
+
const typeDescRVA = colBuf.readUInt32LE(0x0c);
|
|
130
130
|
const classDescRVA = colBuf.readUInt32LE(0x10);
|
|
131
131
|
const objectLocRVA = colBuf.readUInt32LE(0x14);
|
|
132
132
|
const moduleBase = colAddr - BigInt(objectLocRVA);
|
|
@@ -140,7 +140,7 @@ export class StructureAnalyzer {
|
|
|
140
140
|
const classDescAddr = moduleBase + BigInt(classDescRVA);
|
|
141
141
|
const classDescBuf = this.provider.readMemory(handle, classDescAddr, 0x10).data;
|
|
142
142
|
const numBaseClasses = classDescBuf.readUInt32LE(0x08);
|
|
143
|
-
const baseClassArrayRVA = classDescBuf.readUInt32LE(
|
|
143
|
+
const baseClassArrayRVA = classDescBuf.readUInt32LE(0x0c);
|
|
144
144
|
if (numBaseClasses > 0 && numBaseClasses < 20) {
|
|
145
145
|
const baseArrayAddr = moduleBase + BigInt(baseClassArrayRVA);
|
|
146
146
|
const baseArrayBuf = this.provider.readMemory(handle, baseArrayAddr, numBaseClasses * 4).data;
|
|
@@ -280,15 +280,13 @@ export class StructureAnalyzer {
|
|
|
280
280
|
for (let i = offset; i < buf.length && buf[i] === 0; i++)
|
|
281
281
|
zeroLen++;
|
|
282
282
|
const padSize = Math.min(zeroLen, remaining);
|
|
283
|
-
const alignedPad = padSize
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
};
|
|
291
|
-
}
|
|
283
|
+
const alignedPad = padSize & ~7;
|
|
284
|
+
return {
|
|
285
|
+
type: 'padding',
|
|
286
|
+
size: alignedPad,
|
|
287
|
+
value: `0x${'00'.repeat(Math.min(alignedPad, 8))}`,
|
|
288
|
+
confidence: 0.6,
|
|
289
|
+
};
|
|
292
290
|
}
|
|
293
291
|
if (val32u === 0) {
|
|
294
292
|
return {
|
|
@@ -308,7 +306,10 @@ export class StructureAnalyzer {
|
|
|
308
306
|
notes: 'value is 1 — could be boolean',
|
|
309
307
|
};
|
|
310
308
|
}
|
|
311
|
-
if (isFinite(valFloat) &&
|
|
309
|
+
if (isFinite(valFloat) &&
|
|
310
|
+
!isNaN(valFloat) &&
|
|
311
|
+
Math.abs(valFloat) > 1e-10 &&
|
|
312
|
+
Math.abs(valFloat) < 1e8) {
|
|
312
313
|
const intLooksReasonable = val32u > 0 && val32u < 100_000;
|
|
313
314
|
const floatHasDecimals = Math.abs(valFloat - Math.round(valFloat)) > 0.001;
|
|
314
315
|
if (floatHasDecimals || (!intLooksReasonable && Math.abs(valFloat) < 10000)) {
|
|
@@ -317,7 +318,9 @@ export class StructureAnalyzer {
|
|
|
317
318
|
size: 4,
|
|
318
319
|
value: valFloat.toFixed(6),
|
|
319
320
|
confidence: floatHasDecimals ? 0.8 : 0.5,
|
|
320
|
-
notes: floatHasDecimals
|
|
321
|
+
notes: floatHasDecimals
|
|
322
|
+
? 'IEEE 754 float with fractional part'
|
|
323
|
+
: 'could be float or int',
|
|
321
324
|
};
|
|
322
325
|
}
|
|
323
326
|
}
|
|
@@ -376,9 +379,8 @@ export class StructureAnalyzer {
|
|
|
376
379
|
}
|
|
377
380
|
}
|
|
378
381
|
readCString(handle, address, maxLen) {
|
|
379
|
-
const len = maxLen ?? STRUCT_CSTRING_MAX_LEN;
|
|
380
382
|
try {
|
|
381
|
-
const buf = this.provider.readMemory(handle, address,
|
|
383
|
+
const buf = this.provider.readMemory(handle, address, maxLen).data;
|
|
382
384
|
const nullIdx = buf.indexOf(0);
|
|
383
385
|
if (nullIdx < 0)
|
|
384
386
|
return null;
|
|
@@ -403,23 +405,40 @@ export class StructureAnalyzer {
|
|
|
403
405
|
}
|
|
404
406
|
fieldTypeToCType(type, size) {
|
|
405
407
|
switch (type) {
|
|
406
|
-
case 'int8':
|
|
407
|
-
|
|
408
|
-
case '
|
|
409
|
-
|
|
410
|
-
case '
|
|
411
|
-
|
|
412
|
-
case '
|
|
413
|
-
|
|
414
|
-
case '
|
|
415
|
-
|
|
416
|
-
case '
|
|
417
|
-
|
|
418
|
-
case '
|
|
419
|
-
|
|
420
|
-
case '
|
|
421
|
-
|
|
422
|
-
|
|
408
|
+
case 'int8':
|
|
409
|
+
return 'int8_t';
|
|
410
|
+
case 'uint8':
|
|
411
|
+
return 'uint8_t';
|
|
412
|
+
case 'int16':
|
|
413
|
+
return 'int16_t';
|
|
414
|
+
case 'uint16':
|
|
415
|
+
return 'uint16_t';
|
|
416
|
+
case 'int32':
|
|
417
|
+
return 'int32_t';
|
|
418
|
+
case 'uint32':
|
|
419
|
+
return 'uint32_t';
|
|
420
|
+
case 'int64':
|
|
421
|
+
return 'int64_t';
|
|
422
|
+
case 'uint64':
|
|
423
|
+
return 'uint64_t';
|
|
424
|
+
case 'float':
|
|
425
|
+
return 'float';
|
|
426
|
+
case 'double':
|
|
427
|
+
return 'double';
|
|
428
|
+
case 'pointer':
|
|
429
|
+
return 'void*';
|
|
430
|
+
case 'vtable_ptr':
|
|
431
|
+
return 'void**';
|
|
432
|
+
case 'string_ptr':
|
|
433
|
+
return 'char*';
|
|
434
|
+
case 'bool':
|
|
435
|
+
return 'bool';
|
|
436
|
+
case 'padding':
|
|
437
|
+
return `uint8_t[${size}]`;
|
|
438
|
+
case 'unknown':
|
|
439
|
+
return `uint8_t[${size}]`;
|
|
440
|
+
default:
|
|
441
|
+
return `uint8_t[${size}]`;
|
|
423
442
|
}
|
|
424
443
|
}
|
|
425
444
|
async getModuleEntries(pid) {
|
|
@@ -93,6 +93,7 @@ export declare function EnumProcessModules(hProcess: bigint, maxModules?: number
|
|
|
93
93
|
count: number;
|
|
94
94
|
};
|
|
95
95
|
export declare function GetModuleBaseName(hProcess: bigint, hModule: bigint, maxSize?: number): string;
|
|
96
|
+
export declare function GetModuleFileNameEx(hProcess: bigint, hModule: bigint, maxSize?: number): string | null;
|
|
96
97
|
export declare function GetModuleInformation(hProcess: bigint, hModule: bigint): {
|
|
97
98
|
success: boolean;
|
|
98
99
|
info: ModuleInfoType;
|