@jshookmcp/jshook 0.2.3 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -5
- package/README.zh.md +18 -3
- package/dist/packages/extension-sdk/src/bridges/shared.js +2 -2
- package/dist/packages/extension-sdk/src/plugin.d.ts +5 -0
- package/dist/packages/extension-sdk/src/plugin.js +119 -33
- package/dist/packages/extension-sdk/src/workflow.d.ts +156 -0
- package/dist/packages/extension-sdk/src/workflow.js +236 -0
- package/dist/src/config/search-defaults.js +161 -0
- package/dist/src/constants.d.ts +3 -0
- package/dist/src/constants.js +4 -1
- package/dist/src/index.d.ts +1 -1
- package/dist/src/index.js +13 -17
- package/dist/src/modules/analyzer/CodeAnalyzer.d.ts +1 -3
- package/dist/src/modules/analyzer/CodeAnalyzer.js +16 -28
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.d.ts +1 -2
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.js +1 -45
- package/dist/src/modules/analyzer/IntelligentAnalyzer.d.ts +1 -37
- package/dist/src/modules/analyzer/IntelligentAnalyzer.js +9 -142
- package/dist/src/modules/analyzer/PatternDetector.js +3 -3
- package/dist/src/modules/analyzer/PatternDetectorAuthPatterns.js +1 -1
- package/dist/src/modules/browser/BrowserDiscovery.js +2 -2
- package/dist/src/modules/browser/BrowserModeManager.js +11 -10
- package/dist/src/modules/browser/TabRegistry.js +2 -2
- package/dist/src/modules/browser/UnifiedBrowserManager.d.ts +1 -0
- package/dist/src/modules/browser/UnifiedBrowserManager.js +18 -3
- package/dist/src/modules/captcha/AICaptchaDetector.d.ts +1 -10
- package/dist/src/modules/captcha/AICaptchaDetector.js +7 -201
- package/dist/src/modules/collector/CodeCollector.js +4 -5
- package/dist/src/modules/collector/DOMInspector.js +48 -58
- package/dist/src/modules/collector/PageController.d.ts +17 -4
- package/dist/src/modules/collector/PageController.js +2 -5
- package/dist/src/modules/collector/PageScriptCollectors.js +3 -3
- package/dist/src/modules/crypto/CryptoDetector.d.ts +1 -4
- package/dist/src/modules/crypto/CryptoDetector.js +2 -42
- package/dist/src/modules/crypto/CryptoRules.js +1 -1
- package/dist/src/modules/debugger/BlackboxManager.js +1 -1
- package/dist/src/modules/debugger/DebuggerManager.impl.core.scope.js +1 -1
- package/dist/src/modules/debugger/ScriptManager.impl.extract-function-tree.js +4 -2
- package/dist/src/modules/debugger/WatchExpressionManager.js +1 -1
- package/dist/src/modules/deobfuscator/Deobfuscator.d.ts +1 -4
- package/dist/src/modules/deobfuscator/Deobfuscator.js +4 -39
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.d.ts +0 -3
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.js +2 -8
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.d.ts +1 -2
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.js +3 -55
- package/dist/src/modules/deobfuscator/JScramblerDeobfuscator.js +3 -4
- package/dist/src/modules/deobfuscator/VMDeobfuscator.d.ts +2 -10
- package/dist/src/modules/deobfuscator/VMDeobfuscator.js +3 -128
- package/dist/src/modules/deobfuscator/webcrack.js +15 -2
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.d.ts +5 -8
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.js +10 -102
- package/dist/src/modules/emulator/EnvironmentEmulator.d.ts +1 -5
- package/dist/src/modules/emulator/EnvironmentEmulator.js +7 -91
- package/dist/src/modules/emulator/EnvironmentEmulatorFetch.js +58 -61
- package/dist/src/modules/emulator/templates/chrome-env.d.ts +17 -7
- package/dist/src/modules/emulator/templates/chrome-env.js +14 -7
- package/dist/src/modules/external/ExternalToolRunner.js +25 -22
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.compose.js +5 -5
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.network.js +311 -311
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.runtime.js +410 -410
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.storage.js +122 -122
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.d.ts +13 -0
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.js +42 -0
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.dynamic.js +194 -194
- package/dist/src/modules/monitor/FetchInterceptor.d.ts +46 -0
- package/dist/src/modules/monitor/FetchInterceptor.js +191 -0
- package/dist/src/modules/monitor/PerformanceMonitor.js +8 -7
- package/dist/src/modules/monitor/PlaywrightNetworkMonitor.js +62 -62
- package/dist/src/modules/process/BaseMemoryManager.d.ts +1 -1
- package/dist/src/modules/process/LinuxProcessManager.js +2 -0
- package/dist/src/modules/process/MacProcessManager.js +25 -25
- package/dist/src/modules/process/MemoryManager.d.ts +1 -1
- package/dist/src/modules/process/MemoryManager.js +2 -2
- package/dist/src/modules/process/memory/AuditTrail.js +1 -1
- package/dist/src/modules/process/memory/availability.js +49 -49
- package/dist/src/modules/process/memory/injector.js +185 -185
- package/dist/src/modules/process/memory/reader.js +85 -53
- package/dist/src/modules/process/memory/regions.dump.js +51 -51
- package/dist/src/modules/process/memory/regions.enumerate.js +108 -108
- package/dist/src/modules/process/memory/regions.modules.js +80 -80
- package/dist/src/modules/process/memory/regions.protection.js +148 -115
- package/dist/src/modules/process/memory/scanner.d.ts +5 -1
- package/dist/src/modules/process/memory/scanner.darwin.js +98 -41
- package/dist/src/modules/process/memory/scanner.js +88 -4
- package/dist/src/modules/process/memory/scanner.windows.js +124 -124
- package/dist/src/modules/process/memory/writer.js +98 -58
- package/dist/src/modules/security/ExecutionSandbox.js +51 -52
- package/dist/src/modules/stealth/FingerprintManager.js +1 -1
- package/dist/src/modules/stealth/StealthScripts.d.ts +1 -0
- package/dist/src/modules/stealth/StealthScripts.js +18 -13
- package/dist/src/modules/stealth/StealthVerifier.js +1 -3
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.d.ts +14 -0
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.js +181 -2
- package/dist/src/modules/trace/TraceDB.js +75 -69
- package/dist/src/modules/trace/TraceRecorder.js +1 -5
- package/dist/src/native/AntiCheatDetector.js +67 -16
- package/dist/src/native/CodeInjector.js +3 -3
- package/dist/src/native/HardwareBreakpoint.js +24 -15
- package/dist/src/native/HeapAnalyzer.js +2 -2
- package/dist/src/native/MemoryController.js +1 -1
- package/dist/src/native/MemoryScanSession.js +2 -2
- package/dist/src/native/MemoryScanner.js +4 -8
- package/dist/src/native/NativeMemoryManager.impl.js +2 -2
- package/dist/src/native/PEAnalyzer.js +14 -15
- package/dist/src/native/PointerChainEngine.js +2 -4
- package/dist/src/native/ScriptLoader.js +4 -9
- package/dist/src/native/Speedhack.js +1 -1
- package/dist/src/native/StructureAnalyzer.js +52 -33
- package/dist/src/native/Win32API.d.ts +1 -0
- package/dist/src/native/Win32API.js +13 -0
- package/dist/src/native/Win32Debug.js +19 -19
- package/dist/src/native/platform/darwin/DarwinAPI.d.ts +2 -0
- package/dist/src/native/platform/darwin/DarwinAPI.js +8 -0
- package/dist/src/native/platform/darwin/DarwinMemoryProvider.js +6 -1
- package/dist/src/server/MCPServer.context.d.ts +2 -1
- package/dist/src/server/MCPServer.d.ts +2 -1
- package/dist/src/server/MCPServer.domain.d.ts +1 -1
- package/dist/src/server/MCPServer.domain.js +81 -16
- package/dist/src/server/MCPServer.js +41 -14
- package/dist/src/server/MCPServer.resources.d.ts +2 -0
- package/dist/src/server/MCPServer.resources.js +91 -0
- package/dist/src/server/MCPServer.search.handlers.call.js +2 -1
- package/dist/src/server/MCPServer.search.helpers.js +1 -1
- package/dist/src/server/MCPServer.transport.js +12 -0
- package/dist/src/server/ToolCallContextGuard.js +8 -0
- package/dist/src/server/ToolRouter.d.ts +25 -9
- package/dist/src/server/ToolRouter.intent.d.ts +26 -0
- package/dist/src/server/ToolRouter.intent.js +77 -0
- package/dist/src/server/ToolRouter.js +103 -284
- package/dist/src/server/ToolRouter.policy.d.ts +22 -0
- package/dist/src/server/ToolRouter.policy.js +163 -0
- package/dist/src/server/ToolRouter.probe.d.ts +17 -0
- package/dist/src/server/ToolRouter.probe.js +103 -0
- package/dist/src/server/ToolRouter.renderer.d.ts +9 -0
- package/dist/src/server/ToolRouter.renderer.js +52 -0
- package/dist/src/server/activation/ActivationController.js +15 -12
- package/dist/src/server/activation/CompoundConditionEngine.js +1 -1
- package/dist/src/server/activation/PredictiveBooster.js +1 -3
- package/dist/src/server/domains/analysis/definitions.js +155 -655
- package/dist/src/server/domains/analysis/handlers.impl.js +26 -20
- package/dist/src/server/domains/analysis/handlers.web-tools.js +2 -1
- package/dist/src/server/domains/analysis/manifest.js +6 -4
- package/dist/src/server/domains/antidebug/definitions.js +25 -111
- package/dist/src/server/domains/browser/definitions.tools.advanced.js +59 -88
- package/dist/src/server/domains/browser/definitions.tools.behavior.js +120 -227
- package/dist/src/server/domains/browser/definitions.tools.page-core.js +210 -439
- package/dist/src/server/domains/browser/definitions.tools.page-system.js +108 -250
- package/dist/src/server/domains/browser/definitions.tools.runtime.js +98 -211
- package/dist/src/server/domains/browser/definitions.tools.security.js +194 -339
- package/dist/src/server/domains/browser/handlers/camoufox-browser.js +3 -2
- package/dist/src/server/domains/browser/handlers/captcha-solver.js +3 -3
- package/dist/src/server/domains/browser/handlers/dom-query.js +2 -1
- package/dist/src/server/domains/browser/handlers/framework-state.js +27 -9
- package/dist/src/server/domains/browser/handlers/indexeddb-dump.js +21 -20
- package/dist/src/server/domains/browser/handlers/script-management.js +1 -1
- package/dist/src/server/domains/browser/handlers.impl.d.ts +1 -2
- package/dist/src/server/domains/browser/handlers.impl.js +2 -3
- package/dist/src/server/domains/browser/manifest.js +37 -13
- package/dist/src/server/domains/coordination/definitions.js +50 -216
- package/dist/src/server/domains/coordination/index.d.ts +2 -1
- package/dist/src/server/domains/coordination/index.js +1 -0
- package/dist/src/server/domains/debugger/definitions.tools.advanced.js +72 -189
- package/dist/src/server/domains/debugger/definitions.tools.core.js +114 -288
- package/dist/src/server/domains/debugger/manifest.js +9 -2
- package/dist/src/server/domains/encoding/definitions.js +43 -153
- package/dist/src/server/domains/encoding/handlers.base.js +2 -2
- package/dist/src/server/domains/evidence/definitions.d.ts +2 -0
- package/dist/src/server/domains/evidence/definitions.js +42 -0
- package/dist/src/server/domains/evidence/handlers.d.ts +582 -0
- package/dist/src/server/domains/evidence/handlers.js +60 -0
- package/dist/src/server/domains/evidence/index.d.ts +2 -0
- package/dist/src/server/domains/evidence/index.js +2 -0
- package/dist/src/server/domains/evidence/manifest.d.ts +63 -0
- package/dist/src/server/domains/evidence/manifest.js +78 -0
- package/dist/src/server/domains/graphql/definitions.js +53 -141
- package/dist/src/server/domains/graphql/handlers.impl.core.runtime.replay.js +92 -114
- package/dist/src/server/domains/graphql/handlers.impl.core.runtime.shared.js +77 -77
- package/dist/src/server/domains/hooks/ai-handlers.d.ts +0 -7
- package/dist/src/server/domains/hooks/ai-handlers.js +1 -67
- package/dist/src/server/domains/hooks/definitions.js +69 -335
- package/dist/src/server/domains/hooks/manifest.d.ts +1 -1
- package/dist/src/server/domains/hooks/manifest.js +1 -2
- package/dist/src/server/domains/instrumentation/definitions.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/definitions.js +99 -0
- package/dist/src/server/domains/instrumentation/handlers.d.ts +78 -0
- package/dist/src/server/domains/instrumentation/handlers.js +206 -0
- package/dist/src/server/domains/instrumentation/index.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/index.js +2 -0
- package/dist/src/server/domains/instrumentation/manifest.d.ts +63 -0
- package/dist/src/server/domains/instrumentation/manifest.js +114 -0
- package/dist/src/server/domains/macro/definitions.js +16 -43
- package/dist/src/server/domains/maintenance/definitions.js +60 -219
- package/dist/src/server/domains/maintenance/handlers.extensions.js +78 -20
- package/dist/src/server/domains/memory/definitions.js +387 -559
- package/dist/src/server/domains/memory/handlers/hooks.d.ts +55 -0
- package/dist/src/server/domains/memory/handlers/hooks.js +115 -0
- package/dist/src/server/domains/memory/handlers/integrity.d.ts +77 -0
- package/dist/src/server/domains/memory/handlers/integrity.js +180 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.js +82 -0
- package/dist/src/server/domains/memory/handlers/readwrite.d.ts +41 -0
- package/dist/src/server/domains/memory/handlers/readwrite.js +78 -0
- package/dist/src/server/domains/memory/handlers/scan.d.ts +35 -0
- package/dist/src/server/domains/memory/handlers/scan.js +97 -0
- package/dist/src/server/domains/memory/handlers/session.d.ts +23 -0
- package/dist/src/server/domains/memory/handlers/session.js +49 -0
- package/dist/src/server/domains/memory/handlers/structure.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/structure.js +74 -0
- package/dist/src/server/domains/memory/handlers.impl.d.ts +49 -54
- package/dist/src/server/domains/memory/handlers.impl.js +63 -494
- package/dist/src/server/domains/memory/manifest.js +236 -64
- package/dist/src/server/domains/native-bridge/definitions.js +54 -192
- package/dist/src/server/domains/native-bridge/index.d.ts +1 -0
- package/dist/src/server/domains/native-bridge/index.js +2 -1
- package/dist/src/server/domains/network/auth-extractor.js +1 -1
- package/dist/src/server/domains/network/definitions.js +175 -578
- package/dist/src/server/domains/network/handlers.base.core.d.ts +64 -0
- package/dist/src/server/domains/network/handlers.base.core.js +623 -0
- package/dist/src/server/domains/network/handlers.base.d.ts +2 -124
- package/dist/src/server/domains/network/handlers.base.js +3 -878
- package/dist/src/server/domains/network/handlers.base.performance.d.ts +63 -0
- package/dist/src/server/domains/network/handlers.base.performance.js +193 -0
- package/dist/src/server/domains/network/handlers.base.types.d.ts +42 -0
- package/dist/src/server/domains/network/handlers.base.types.js +89 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.d.ts +1 -1
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.d.ts +21 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.js +186 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.js +1 -1
- package/dist/src/server/domains/network/manifest.js +15 -0
- package/dist/src/server/domains/network/replay.js +1 -4
- package/dist/src/server/domains/platform/definitions.js +121 -112
- package/dist/src/server/domains/platform/handlers/bridge-handlers.d.ts +4 -0
- package/dist/src/server/domains/platform/handlers/bridge-handlers.js +193 -4
- package/dist/src/server/domains/platform/handlers/electron-asar-helpers.js +26 -6
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.js +170 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.js +193 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.d.ts +6 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.js +95 -2
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.js +370 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.js +78 -0
- package/dist/src/server/domains/platform/handlers/miniapp-handlers.js +3 -3
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.js +207 -0
- package/dist/src/server/domains/platform/handlers.d.ts +48 -0
- package/dist/src/server/domains/platform/handlers.js +29 -0
- package/dist/src/server/domains/platform/manifest.js +38 -0
- package/dist/src/server/domains/process/definitions.js +163 -647
- package/dist/src/server/domains/process/handlers.base.d.ts +3 -95
- package/dist/src/server/domains/process/handlers.base.js +7 -462
- package/dist/src/server/domains/process/handlers.base.process.d.ts +61 -0
- package/dist/src/server/domains/process/handlers.base.process.js +417 -0
- package/dist/src/server/domains/process/handlers.base.types.d.ts +57 -0
- package/dist/src/server/domains/process/handlers.base.types.js +50 -0
- package/dist/src/server/domains/process/handlers.impl.core.runtime.inject.js +18 -16
- package/dist/src/server/domains/process/manifest.js +6 -1
- package/dist/src/server/domains/sandbox/definitions.js +11 -33
- package/dist/src/server/domains/sandbox/handlers.js +8 -3
- package/dist/src/server/domains/shared/ResponseBuilder.d.ts +209 -0
- package/dist/src/server/domains/shared/ResponseBuilder.js +48 -0
- package/dist/src/server/domains/shared/modules.d.ts +0 -2
- package/dist/src/server/domains/shared/modules.js +0 -1
- package/dist/src/server/domains/sourcemap/definitions.js +27 -111
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-common.js +7 -2
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-main.js +1 -1
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-parse-base.js +1 -1
- package/dist/src/server/domains/sourcemap/manifest.d.ts +1 -1
- package/dist/src/server/domains/sourcemap/manifest.js +1 -1
- package/dist/src/server/domains/streaming/definitions.js +36 -148
- package/dist/src/server/domains/streaming/handlers.impl.streaming-sse.js +163 -164
- package/dist/src/server/domains/streaming/handlers.impl.streaming-ws.js +1 -1
- package/dist/src/server/domains/trace/TraceSummarizer.js +8 -5
- package/dist/src/server/domains/trace/definitions.tools.js +51 -206
- package/dist/src/server/domains/trace/handlers.js +10 -12
- package/dist/src/server/domains/trace/index.d.ts +2 -1
- package/dist/src/server/domains/trace/index.js +2 -1
- package/dist/src/server/domains/trace/manifest.js +15 -3
- package/dist/src/server/domains/transform/definitions.js +50 -210
- package/dist/src/server/domains/transform/handlers.impl.transform-base.js +108 -108
- package/dist/src/server/domains/transform/handlers.impl.transform-crypto.js +18 -19
- package/dist/src/server/domains/transform/manifest.d.ts +1 -1
- package/dist/src/server/domains/transform/manifest.js +1 -1
- package/dist/src/server/domains/wasm/definitions.js +55 -232
- package/dist/src/server/domains/wasm/handlers.js +1 -1
- package/dist/src/server/domains/workflow/definitions.js +144 -414
- package/dist/src/server/domains/workflow/handlers.impl.workflow-account-bundle.js +1 -1
- package/dist/src/server/domains/workflow/handlers.impl.workflow-api.js +51 -51
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.d.ts +2 -0
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.js +126 -87
- package/dist/src/server/domains/workflow/handlers.impl.workflow-batch.js +5 -5
- package/dist/src/server/evidence/ReverseEvidenceGraph.d.ts +20 -0
- package/dist/src/server/evidence/ReverseEvidenceGraph.js +208 -0
- package/dist/src/server/evidence/index.d.ts +2 -0
- package/dist/src/server/evidence/index.js +1 -0
- package/dist/src/server/evidence/types.d.ts +22 -0
- package/dist/src/server/evidence/types.js +1 -0
- package/dist/src/server/extensions/ExtensionManager.d.ts +1 -0
- package/dist/src/server/extensions/ExtensionManager.discovery.js +72 -9
- package/dist/src/server/extensions/ExtensionManager.integrity.js +1 -1
- package/dist/src/server/extensions/ExtensionManager.js +193 -40
- package/dist/src/server/extensions/ExtensionManager.roots.d.ts +1 -1
- package/dist/src/server/extensions/ExtensionManager.roots.js +4 -4
- package/dist/src/server/extensions/plugin-config.js +1 -1
- package/dist/src/server/extensions/plugin-env.d.ts +1 -1
- package/dist/src/server/extensions/plugin-env.js +10 -4
- package/dist/src/server/extensions/types.d.ts +17 -0
- package/dist/src/server/extensions/types.js +1 -1
- package/dist/src/server/instrumentation/EvidenceGraphBridge.d.ts +13 -0
- package/dist/src/server/instrumentation/EvidenceGraphBridge.js +150 -0
- package/dist/src/server/instrumentation/InstrumentationSession.d.ts +60 -0
- package/dist/src/server/instrumentation/InstrumentationSession.js +269 -0
- package/dist/src/server/instrumentation/index.d.ts +2 -0
- package/dist/src/server/instrumentation/index.js +2 -0
- package/dist/src/server/instrumentation/types.d.ts +62 -0
- package/dist/src/server/instrumentation/types.js +7 -0
- package/dist/src/server/macros/MacroConfigLoader.d.ts +6 -5
- package/dist/src/server/macros/MacroConfigLoader.js +61 -59
- package/dist/src/server/macros/MacroRunner.js +6 -2
- package/dist/src/server/macros/builtins/index.d.ts +2 -3
- package/dist/src/server/macros/builtins/index.js +51 -7
- package/dist/src/server/plugins/PluginContract.d.ts +1 -1
- package/dist/src/server/registry/contracts.d.ts +1 -1
- package/dist/src/server/registry/discovery.js +5 -4
- package/dist/src/server/registry/ensure-browser-core.js +0 -3
- package/dist/src/server/registry/index.js +4 -4
- package/dist/src/server/registry/tool-builder.d.ts +46 -0
- package/dist/src/server/registry/tool-builder.js +105 -0
- package/dist/src/server/sandbox/QuickJSSandbox.js +16 -5
- package/dist/src/server/sandbox/SandboxHelpers.js +250 -250
- package/dist/src/server/search/EmbeddingWorker.js +5 -3
- package/dist/src/server/search/FeedbackTracker.d.ts +9 -0
- package/dist/src/server/search/FeedbackTracker.js +26 -0
- package/dist/src/server/search/QueryNormalizer.d.ts +6 -0
- package/dist/src/server/search/QueryNormalizer.js +94 -0
- package/dist/src/server/search/ToolSearchEngineImpl.d.ts +2 -3
- package/dist/src/server/search/ToolSearchEngineImpl.js +38 -88
- package/dist/src/server/workflows/WorkflowContract.d.ts +24 -0
- package/dist/src/server/workflows/WorkflowContract.js +12 -0
- package/dist/src/server/workflows/WorkflowEngine.d.ts +1 -0
- package/dist/src/server/workflows/WorkflowEngine.js +136 -3
- package/dist/src/types/config.d.ts +0 -14
- package/dist/src/types/deobfuscator.d.ts +0 -1
- package/dist/src/types/index.d.ts +1 -1
- package/dist/src/utils/DetailedDataManager.js +2 -0
- package/dist/src/utils/RingBuffer.js +5 -5
- package/dist/src/utils/TokenBudgetManager.js +1 -1
- package/dist/src/utils/UnifiedCacheManager.js +1 -1
- package/dist/src/utils/artifactRetention.js +2 -2
- package/dist/src/utils/betterSqlite3.d.ts +11 -0
- package/dist/src/utils/betterSqlite3.js +88 -0
- package/dist/src/utils/browserExecutable.js +2 -2
- package/dist/src/utils/cliFastPath.js +5 -8
- package/dist/src/utils/config.js +4 -26
- package/dist/src/utils/environmentDoctor.js +138 -11
- package/dist/src/utils/outputPaths.js +16 -9
- package/dist/src/utils/parallel.js +1 -3
- package/package.json +74 -72
- package/workflows/.gitkeep +0 -0
- package/dist/src/modules/analyzer/AISummarizer.d.ts +0 -39
- package/dist/src/modules/analyzer/AISummarizer.js +0 -122
- package/dist/src/modules/hook/AIHookGenerator.d.ts +0 -52
- package/dist/src/modules/hook/AIHookGenerator.js +0 -360
- package/dist/src/modules/hook/AIHookGeneratorTemplates.d.ts +0 -9
- package/dist/src/modules/hook/AIHookGeneratorTemplates.js +0 -157
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.js +0 -25
- package/dist/src/server/macros/builtins/unpacker-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/unpacker-flow.js +0 -25
- package/dist/src/services/LLMService.d.ts +0 -37
- package/dist/src/services/LLMService.js +0 -233
- package/dist/src/services/prompts/analysis.d.ts +0 -9
- package/dist/src/services/prompts/analysis.js +0 -158
- package/dist/src/services/prompts/crypto.d.ts +0 -2
- package/dist/src/services/prompts/crypto.js +0 -108
- package/dist/src/services/prompts/deobfuscation.d.ts +0 -6
- package/dist/src/services/prompts/deobfuscation.js +0 -300
- package/dist/src/services/prompts/environment.d.ts +0 -16
- package/dist/src/services/prompts/environment.js +0 -372
- package/dist/src/services/prompts/intelligence.d.ts +0 -4
- package/dist/src/services/prompts/intelligence.js +0 -250
- package/dist/src/services/prompts/taint.d.ts +0 -2
- package/dist/src/services/prompts/taint.js +0 -54
|
@@ -1,123 +1,123 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { promises as fsAsync } from 'fs';
|
|
2
2
|
import { logger } from '../../../utils/logger.js';
|
|
3
3
|
import { execAsync, executePowerShellScript, } from '../../process/memory/types.js';
|
|
4
|
-
import { parseProcMaps, formatLinuxProtection } from './linux/mapsParser.js';
|
|
5
4
|
import { nativeMemoryManager } from '../../../native/NativeMemoryManager.js';
|
|
6
5
|
import { isKoffiAvailable } from '../../../native/NativeMemoryManager.utils.js';
|
|
6
|
+
import { parseProcMaps, formatLinuxProtection } from './linux/mapsParser.js';
|
|
7
7
|
function buildProtectionCheckScript(pid, address) {
|
|
8
|
-
return `
|
|
9
|
-
Add-Type @"
|
|
10
|
-
using System;
|
|
11
|
-
using System.Runtime.InteropServices;
|
|
12
|
-
using System.ComponentModel;
|
|
13
|
-
|
|
14
|
-
public class ProtectionChecker {
|
|
15
|
-
[DllImport("kernel32.dll", SetLastError = true)]
|
|
16
|
-
public static extern IntPtr OpenProcess(int access, bool inherit, int pid);
|
|
17
|
-
|
|
18
|
-
[DllImport("kernel32.dll", SetLastError = true)]
|
|
19
|
-
public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr addr, out MEMORY_BASIC_INFORMATION info, int size);
|
|
20
|
-
|
|
21
|
-
[DllImport("kernel32.dll", SetLastError = true)]
|
|
22
|
-
public static extern bool CloseHandle(IntPtr handle);
|
|
23
|
-
|
|
24
|
-
const int PROCESS_QUERY_INFORMATION = 0x0400;
|
|
25
|
-
|
|
26
|
-
[StructLayout(LayoutKind.Sequential)]
|
|
27
|
-
public struct MEMORY_BASIC_INFORMATION {
|
|
28
|
-
public IntPtr BaseAddress;
|
|
29
|
-
public IntPtr AllocationBase;
|
|
30
|
-
public uint AllocationProtect;
|
|
31
|
-
public IntPtr RegionSize;
|
|
32
|
-
public uint State;
|
|
33
|
-
public uint Protect;
|
|
34
|
-
public uint Type;
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
const uint MEM_COMMIT = 0x1000;
|
|
38
|
-
const uint PAGE_NOACCESS = 0x01;
|
|
39
|
-
const uint PAGE_READONLY = 0x02;
|
|
40
|
-
const uint PAGE_READWRITE = 0x04;
|
|
41
|
-
const uint PAGE_WRITECOPY = 0x08;
|
|
42
|
-
const uint PAGE_EXECUTE = 0x10;
|
|
43
|
-
const uint PAGE_EXECUTE_READ = 0x20;
|
|
44
|
-
const uint PAGE_EXECUTE_READWRITE = 0x40;
|
|
45
|
-
const uint PAGE_EXECUTE_WRITECOPY = 0x80;
|
|
46
|
-
const uint PAGE_GUARD = 0x100;
|
|
47
|
-
|
|
48
|
-
public static object CheckProtection(int pid, long address) {
|
|
49
|
-
IntPtr hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, false, pid);
|
|
50
|
-
if (hProcess == IntPtr.Zero) {
|
|
51
|
-
int error = Marshal.GetLastWin32Error();
|
|
52
|
-
throw new Win32Exception(error, "Failed to open process. Run as Administrator.");
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
try {
|
|
56
|
-
MEMORY_BASIC_INFORMATION info;
|
|
57
|
-
int infoSize = Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION));
|
|
58
|
-
int result = VirtualQueryEx(hProcess, (IntPtr)address, out info, infoSize);
|
|
59
|
-
|
|
60
|
-
if (result != infoSize) {
|
|
61
|
-
return new { success = false, error = "Failed to query memory region" };
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
if (info.State != MEM_COMMIT) {
|
|
65
|
-
return new {
|
|
66
|
-
success = true,
|
|
67
|
-
protection = "NOT_COMMITTED",
|
|
68
|
-
isWritable = false,
|
|
69
|
-
isReadable = false,
|
|
70
|
-
isExecutable = false,
|
|
71
|
-
regionStart = "0x" + info.BaseAddress.ToInt64().ToString("X"),
|
|
72
|
-
regionSize = info.RegionSize.ToInt64()
|
|
73
|
-
};
|
|
74
|
-
}
|
|
75
|
-
|
|
76
|
-
uint protect = info.Protect;
|
|
77
|
-
string protectionStr = "";
|
|
78
|
-
bool isWritable = false;
|
|
79
|
-
bool isReadable = false;
|
|
80
|
-
bool isExecutable = false;
|
|
81
|
-
|
|
82
|
-
if ((protect & PAGE_NOACCESS) != 0) protectionStr += "NOACCESS ";
|
|
83
|
-
if ((protect & PAGE_READONLY) != 0) { protectionStr += "R "; isReadable = true; }
|
|
84
|
-
if ((protect & PAGE_READWRITE) != 0) { protectionStr += "RW "; isReadable = true; isWritable = true; }
|
|
85
|
-
if ((protect & PAGE_WRITECOPY) != 0) { protectionStr += "WC "; isReadable = true; isWritable = true; }
|
|
86
|
-
if ((protect & PAGE_EXECUTE) != 0) { protectionStr += "X "; isExecutable = true; }
|
|
87
|
-
if ((protect & PAGE_EXECUTE_READ) != 0) { protectionStr += "RX "; isReadable = true; isExecutable = true; }
|
|
88
|
-
if ((protect & PAGE_EXECUTE_READWRITE) != 0) { protectionStr += "RWX "; isReadable = true; isWritable = true; isExecutable = true; }
|
|
89
|
-
if ((protect & PAGE_EXECUTE_WRITECOPY) != 0) { protectionStr += "RWCX "; isReadable = true; isWritable = true; isExecutable = true; }
|
|
90
|
-
if ((protect & PAGE_GUARD) != 0) protectionStr += "GUARD ";
|
|
91
|
-
|
|
92
|
-
return new {
|
|
93
|
-
success = true,
|
|
94
|
-
protection = protectionStr.Trim(),
|
|
95
|
-
isWritable = isWritable,
|
|
96
|
-
isReadable = isReadable,
|
|
97
|
-
isExecutable = isExecutable,
|
|
98
|
-
regionStart = "0x" + info.BaseAddress.ToInt64().ToString("X"),
|
|
99
|
-
regionSize = info.RegionSize.ToInt64()
|
|
100
|
-
};
|
|
101
|
-
} finally {
|
|
102
|
-
CloseHandle(hProcess);
|
|
103
|
-
}
|
|
104
|
-
}
|
|
105
|
-
}
|
|
106
|
-
"@
|
|
107
|
-
|
|
108
|
-
try {
|
|
109
|
-
$result = [ProtectionChecker]::CheckProtection(${pid}, ${address})
|
|
110
|
-
$result | ConvertTo-Json -Compress
|
|
111
|
-
} catch {
|
|
112
|
-
@{ success = $false; error = $_.Exception.Message } | ConvertTo-Json -Compress
|
|
113
|
-
}
|
|
8
|
+
return `
|
|
9
|
+
Add-Type @"
|
|
10
|
+
using System;
|
|
11
|
+
using System.Runtime.InteropServices;
|
|
12
|
+
using System.ComponentModel;
|
|
13
|
+
|
|
14
|
+
public class ProtectionChecker {
|
|
15
|
+
[DllImport("kernel32.dll", SetLastError = true)]
|
|
16
|
+
public static extern IntPtr OpenProcess(int access, bool inherit, int pid);
|
|
17
|
+
|
|
18
|
+
[DllImport("kernel32.dll", SetLastError = true)]
|
|
19
|
+
public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr addr, out MEMORY_BASIC_INFORMATION info, int size);
|
|
20
|
+
|
|
21
|
+
[DllImport("kernel32.dll", SetLastError = true)]
|
|
22
|
+
public static extern bool CloseHandle(IntPtr handle);
|
|
23
|
+
|
|
24
|
+
const int PROCESS_QUERY_INFORMATION = 0x0400;
|
|
25
|
+
|
|
26
|
+
[StructLayout(LayoutKind.Sequential)]
|
|
27
|
+
public struct MEMORY_BASIC_INFORMATION {
|
|
28
|
+
public IntPtr BaseAddress;
|
|
29
|
+
public IntPtr AllocationBase;
|
|
30
|
+
public uint AllocationProtect;
|
|
31
|
+
public IntPtr RegionSize;
|
|
32
|
+
public uint State;
|
|
33
|
+
public uint Protect;
|
|
34
|
+
public uint Type;
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
const uint MEM_COMMIT = 0x1000;
|
|
38
|
+
const uint PAGE_NOACCESS = 0x01;
|
|
39
|
+
const uint PAGE_READONLY = 0x02;
|
|
40
|
+
const uint PAGE_READWRITE = 0x04;
|
|
41
|
+
const uint PAGE_WRITECOPY = 0x08;
|
|
42
|
+
const uint PAGE_EXECUTE = 0x10;
|
|
43
|
+
const uint PAGE_EXECUTE_READ = 0x20;
|
|
44
|
+
const uint PAGE_EXECUTE_READWRITE = 0x40;
|
|
45
|
+
const uint PAGE_EXECUTE_WRITECOPY = 0x80;
|
|
46
|
+
const uint PAGE_GUARD = 0x100;
|
|
47
|
+
|
|
48
|
+
public static object CheckProtection(int pid, long address) {
|
|
49
|
+
IntPtr hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, false, pid);
|
|
50
|
+
if (hProcess == IntPtr.Zero) {
|
|
51
|
+
int error = Marshal.GetLastWin32Error();
|
|
52
|
+
throw new Win32Exception(error, "Failed to open process. Run as Administrator.");
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
try {
|
|
56
|
+
MEMORY_BASIC_INFORMATION info;
|
|
57
|
+
int infoSize = Marshal.SizeOf(typeof(MEMORY_BASIC_INFORMATION));
|
|
58
|
+
int result = VirtualQueryEx(hProcess, (IntPtr)address, out info, infoSize);
|
|
59
|
+
|
|
60
|
+
if (result != infoSize) {
|
|
61
|
+
return new { success = false, error = "Failed to query memory region" };
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
if (info.State != MEM_COMMIT) {
|
|
65
|
+
return new {
|
|
66
|
+
success = true,
|
|
67
|
+
protection = "NOT_COMMITTED",
|
|
68
|
+
isWritable = false,
|
|
69
|
+
isReadable = false,
|
|
70
|
+
isExecutable = false,
|
|
71
|
+
regionStart = "0x" + info.BaseAddress.ToInt64().ToString("X"),
|
|
72
|
+
regionSize = info.RegionSize.ToInt64()
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
uint protect = info.Protect;
|
|
77
|
+
string protectionStr = "";
|
|
78
|
+
bool isWritable = false;
|
|
79
|
+
bool isReadable = false;
|
|
80
|
+
bool isExecutable = false;
|
|
81
|
+
|
|
82
|
+
if ((protect & PAGE_NOACCESS) != 0) protectionStr += "NOACCESS ";
|
|
83
|
+
if ((protect & PAGE_READONLY) != 0) { protectionStr += "R "; isReadable = true; }
|
|
84
|
+
if ((protect & PAGE_READWRITE) != 0) { protectionStr += "RW "; isReadable = true; isWritable = true; }
|
|
85
|
+
if ((protect & PAGE_WRITECOPY) != 0) { protectionStr += "WC "; isReadable = true; isWritable = true; }
|
|
86
|
+
if ((protect & PAGE_EXECUTE) != 0) { protectionStr += "X "; isExecutable = true; }
|
|
87
|
+
if ((protect & PAGE_EXECUTE_READ) != 0) { protectionStr += "RX "; isReadable = true; isExecutable = true; }
|
|
88
|
+
if ((protect & PAGE_EXECUTE_READWRITE) != 0) { protectionStr += "RWX "; isReadable = true; isWritable = true; isExecutable = true; }
|
|
89
|
+
if ((protect & PAGE_EXECUTE_WRITECOPY) != 0) { protectionStr += "RWCX "; isReadable = true; isWritable = true; isExecutable = true; }
|
|
90
|
+
if ((protect & PAGE_GUARD) != 0) protectionStr += "GUARD ";
|
|
91
|
+
|
|
92
|
+
return new {
|
|
93
|
+
success = true,
|
|
94
|
+
protection = protectionStr.Trim(),
|
|
95
|
+
isWritable = isWritable,
|
|
96
|
+
isReadable = isReadable,
|
|
97
|
+
isExecutable = isExecutable,
|
|
98
|
+
regionStart = "0x" + info.BaseAddress.ToInt64().ToString("X"),
|
|
99
|
+
regionSize = info.RegionSize.ToInt64()
|
|
100
|
+
};
|
|
101
|
+
} finally {
|
|
102
|
+
CloseHandle(hProcess);
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
"@
|
|
107
|
+
|
|
108
|
+
try {
|
|
109
|
+
$result = [ProtectionChecker]::CheckProtection(${pid}, ${address})
|
|
110
|
+
$result | ConvertTo-Json -Compress
|
|
111
|
+
} catch {
|
|
112
|
+
@{ success = $false; error = $_.Exception.Message } | ConvertTo-Json -Compress
|
|
113
|
+
}
|
|
114
114
|
`.trim();
|
|
115
115
|
}
|
|
116
116
|
export async function checkMemoryProtection(platform, pid, address) {
|
|
117
117
|
const addrNum = BigInt(address.startsWith('0x') ? address : `0x${address}`);
|
|
118
118
|
if (platform === 'linux') {
|
|
119
119
|
try {
|
|
120
|
-
const mapsContent =
|
|
120
|
+
const mapsContent = await fsAsync.readFile(`/proc/${pid}/maps`, 'utf-8');
|
|
121
121
|
const regions = parseProcMaps(mapsContent);
|
|
122
122
|
const region = regions.find((r) => addrNum >= r.start && addrNum < r.end);
|
|
123
123
|
if (!region) {
|
|
@@ -139,8 +139,41 @@ export async function checkMemoryProtection(platform, pid, address) {
|
|
|
139
139
|
}
|
|
140
140
|
if (platform === 'darwin') {
|
|
141
141
|
try {
|
|
142
|
-
const
|
|
143
|
-
|
|
142
|
+
const { createPlatformProvider } = await import('../../../native/platform/factory.js');
|
|
143
|
+
const provider = createPlatformProvider();
|
|
144
|
+
const avail = await provider.checkAvailability();
|
|
145
|
+
if (avail.available) {
|
|
146
|
+
const handle = provider.openProcess(pid, false);
|
|
147
|
+
try {
|
|
148
|
+
const region = provider.queryRegion(handle, addrNum);
|
|
149
|
+
if (region) {
|
|
150
|
+
const protStr = [
|
|
151
|
+
region.isReadable ? 'r' : '-',
|
|
152
|
+
region.isWritable ? 'w' : '-',
|
|
153
|
+
region.isExecutable ? 'x' : '-',
|
|
154
|
+
].join('');
|
|
155
|
+
return {
|
|
156
|
+
success: true,
|
|
157
|
+
protection: protStr,
|
|
158
|
+
isReadable: region.isReadable,
|
|
159
|
+
isWritable: region.isWritable,
|
|
160
|
+
isExecutable: region.isExecutable,
|
|
161
|
+
regionStart: `0x${region.baseAddress.toString(16)}`,
|
|
162
|
+
regionSize: region.size,
|
|
163
|
+
};
|
|
164
|
+
}
|
|
165
|
+
return { success: false, error: `Address ${address} not found in any memory region` };
|
|
166
|
+
}
|
|
167
|
+
finally {
|
|
168
|
+
provider.closeProcess(handle);
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
catch {
|
|
173
|
+
}
|
|
174
|
+
try {
|
|
175
|
+
const darwinAddr = parseInt(address, 16);
|
|
176
|
+
if (isNaN(darwinAddr))
|
|
144
177
|
return { success: false, error: 'Invalid address format' };
|
|
145
178
|
const { stdout } = await execAsync(`vmmap -v ${pid}`, {
|
|
146
179
|
timeout: 15000,
|
|
@@ -153,7 +186,7 @@ export async function checkMemoryProtection(platform, pid, address) {
|
|
|
153
186
|
continue;
|
|
154
187
|
const start = parseInt(m[2], 16);
|
|
155
188
|
const end = parseInt(m[3], 16);
|
|
156
|
-
if (
|
|
189
|
+
if (darwinAddr >= start && darwinAddr < end) {
|
|
157
190
|
const prot = m[4];
|
|
158
191
|
return {
|
|
159
192
|
success: true,
|
|
@@ -195,11 +228,11 @@ export async function checkMemoryProtection(platform, pid, address) {
|
|
|
195
228
|
}
|
|
196
229
|
}
|
|
197
230
|
try {
|
|
198
|
-
const
|
|
199
|
-
if (isNaN(
|
|
231
|
+
const winAddr = parseInt(address, 16);
|
|
232
|
+
if (isNaN(winAddr)) {
|
|
200
233
|
return { success: false, error: 'Invalid address format' };
|
|
201
234
|
}
|
|
202
|
-
const psScript = buildProtectionCheckScript(pid,
|
|
235
|
+
const psScript = buildProtectionCheckScript(pid, winAddr);
|
|
203
236
|
const { stdout } = await executePowerShellScript(psScript, {
|
|
204
237
|
maxBuffer: 1024 * 1024,
|
|
205
238
|
timeout: 30000,
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
import type { Platform, MemoryScanResult, PatternType } from '../../process/memory/types.js';
|
|
2
2
|
export { buildPatternBytesAndMask, patternToBytesMac } from './scanner.patterns.js';
|
|
3
|
-
export
|
|
3
|
+
export interface ScanOptions {
|
|
4
|
+
patternType?: PatternType;
|
|
5
|
+
suspendTarget?: boolean;
|
|
6
|
+
}
|
|
7
|
+
export declare function scanMemory(platform: Platform, pid: number, pattern: string, patternType?: PatternType, suspendTarget?: boolean): Promise<MemoryScanResult>;
|
|
4
8
|
export declare function scanMemoryFiltered(pid: number, pattern: string, addresses: string[], patternType: PatternType | undefined, _readMemoryFn: (pid: number, address: string, size: number) => Promise<{
|
|
5
9
|
success: boolean;
|
|
6
10
|
data?: string;
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { promises as fs } from 'node:fs';
|
|
2
|
+
import { logger } from '../../../utils/logger.js';
|
|
2
3
|
import { execAsync } from '../../process/memory/types.js';
|
|
3
4
|
import { patternToBytesMac } from './scanner.patterns.js';
|
|
5
|
+
import { findPatternInBuffer } from '../../../native/NativeMemoryManager.utils.js';
|
|
4
6
|
export async function scanMemoryMac(pid, pattern, patternType) {
|
|
5
7
|
let patternBytes;
|
|
6
8
|
let patternMask;
|
|
@@ -16,52 +18,107 @@ export async function scanMemoryMac(pid, pattern, patternType) {
|
|
|
16
18
|
error: e instanceof Error ? e.message : 'Invalid pattern',
|
|
17
19
|
};
|
|
18
20
|
}
|
|
21
|
+
try {
|
|
22
|
+
const nativeResult = await scanMemoryMacNative(pid, patternBytes, patternMask);
|
|
23
|
+
if (nativeResult)
|
|
24
|
+
return nativeResult;
|
|
25
|
+
}
|
|
26
|
+
catch (nativeErr) {
|
|
27
|
+
logger.debug('Native Mach scan failed, falling back to lldb:', nativeErr);
|
|
28
|
+
}
|
|
29
|
+
return scanMemoryMacLldb(pid, patternBytes, patternMask);
|
|
30
|
+
}
|
|
31
|
+
async function scanMemoryMacNative(pid, patternBytes, patternMask) {
|
|
32
|
+
const { createPlatformProvider } = await import('../../../native/platform/factory.js');
|
|
33
|
+
const provider = createPlatformProvider();
|
|
34
|
+
const avail = await provider.checkAvailability();
|
|
35
|
+
if (!avail.available)
|
|
36
|
+
return null;
|
|
37
|
+
const handle = provider.openProcess(pid, false);
|
|
38
|
+
const foundAddresses = [];
|
|
39
|
+
const maxResults = 1000;
|
|
40
|
+
const maxRegionSize = 32 * 1024 * 1024;
|
|
41
|
+
try {
|
|
42
|
+
let address = 0n;
|
|
43
|
+
for (let i = 0; i < 50000 && foundAddresses.length < maxResults; i++) {
|
|
44
|
+
const region = provider.queryRegion(handle, address);
|
|
45
|
+
if (!region)
|
|
46
|
+
break;
|
|
47
|
+
if (region.isReadable && region.size > 0 && region.size <= maxRegionSize) {
|
|
48
|
+
try {
|
|
49
|
+
const result = provider.readMemory(handle, region.baseAddress, region.size);
|
|
50
|
+
const matches = findPatternInBuffer(result.data, patternBytes, patternMask);
|
|
51
|
+
for (const offset of matches) {
|
|
52
|
+
foundAddresses.push(`0x${(region.baseAddress + BigInt(offset)).toString(16)}`);
|
|
53
|
+
if (foundAddresses.length >= maxResults)
|
|
54
|
+
break;
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
address = region.baseAddress + BigInt(region.size);
|
|
61
|
+
if (address <= region.baseAddress)
|
|
62
|
+
break;
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
finally {
|
|
66
|
+
provider.closeProcess(handle);
|
|
67
|
+
}
|
|
68
|
+
logger.debug(`Native Mach scan completed (zero-pause): ${foundAddresses.length} results`);
|
|
69
|
+
return {
|
|
70
|
+
success: true,
|
|
71
|
+
addresses: foundAddresses,
|
|
72
|
+
stats: { patternLength: patternBytes.length, resultsFound: foundAddresses.length },
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
async function scanMemoryMacLldb(pid, patternBytes, patternMask) {
|
|
19
76
|
const byteList = patternBytes.map((b) => `0x${b.toString(16)}`).join(',');
|
|
20
77
|
const maskList = patternMask.join(',');
|
|
21
78
|
const tag = `${pid}_${Date.now()}`;
|
|
22
79
|
const pyFile = `/tmp/lldb_scan_${tag}.py`;
|
|
23
80
|
const cmdFile = `/tmp/lldb_scan_${tag}.txt`;
|
|
24
|
-
const pyScript = `
|
|
25
|
-
import lldb, json, sys
|
|
26
|
-
|
|
27
|
-
def __lldb_init_module(debugger, internal_dict):
|
|
28
|
-
proc = debugger.GetSelectedTarget().GetProcess()
|
|
29
|
-
pat = bytes([${byteList}])
|
|
30
|
-
mask = [${maskList}]
|
|
31
|
-
results = []
|
|
32
|
-
rl = proc.GetMemoryRegions()
|
|
33
|
-
for i in range(rl.GetSize()):
|
|
34
|
-
info = lldb.SBMemoryRegionInfo()
|
|
35
|
-
rl.GetMemoryRegionAtIndex(i, info)
|
|
36
|
-
if not info.IsReadable():
|
|
37
|
-
continue
|
|
38
|
-
s = info.GetRegionBase()
|
|
39
|
-
sz = info.GetRegionEnd() - s
|
|
40
|
-
if sz > 32 * 1024 * 1024:
|
|
41
|
-
continue
|
|
42
|
-
err = lldb.SBError()
|
|
43
|
-
data = proc.ReadMemory(s, sz, err)
|
|
44
|
-
if not err.Success():
|
|
45
|
-
continue
|
|
46
|
-
n = len(pat)
|
|
47
|
-
for j in range(len(data) - n + 1):
|
|
48
|
-
match = True
|
|
49
|
-
for k in range(n):
|
|
50
|
-
if mask[k] == 1 and data[j+k] != pat[k]:
|
|
51
|
-
match = False
|
|
52
|
-
break
|
|
53
|
-
if match:
|
|
54
|
-
results.append(hex(s + j))
|
|
55
|
-
if len(results) >= 1000:
|
|
56
|
-
break
|
|
57
|
-
if len(results) >= 1000:
|
|
58
|
-
break
|
|
59
|
-
sys.stdout.write('SCAN_RESULT:' + json.dumps({
|
|
60
|
-
'success': True,
|
|
61
|
-
'addresses': results,
|
|
62
|
-
'stats': {'patternLength': len(pat), 'resultsFound': len(results)}
|
|
63
|
-
}) + '\\n')
|
|
64
|
-
sys.stdout.flush()
|
|
81
|
+
const pyScript = `
|
|
82
|
+
import lldb, json, sys
|
|
83
|
+
|
|
84
|
+
def __lldb_init_module(debugger, internal_dict):
|
|
85
|
+
proc = debugger.GetSelectedTarget().GetProcess()
|
|
86
|
+
pat = bytes([${byteList}])
|
|
87
|
+
mask = [${maskList}]
|
|
88
|
+
results = []
|
|
89
|
+
rl = proc.GetMemoryRegions()
|
|
90
|
+
for i in range(rl.GetSize()):
|
|
91
|
+
info = lldb.SBMemoryRegionInfo()
|
|
92
|
+
rl.GetMemoryRegionAtIndex(i, info)
|
|
93
|
+
if not info.IsReadable():
|
|
94
|
+
continue
|
|
95
|
+
s = info.GetRegionBase()
|
|
96
|
+
sz = info.GetRegionEnd() - s
|
|
97
|
+
if sz > 32 * 1024 * 1024:
|
|
98
|
+
continue
|
|
99
|
+
err = lldb.SBError()
|
|
100
|
+
data = proc.ReadMemory(s, sz, err)
|
|
101
|
+
if not err.Success():
|
|
102
|
+
continue
|
|
103
|
+
n = len(pat)
|
|
104
|
+
for j in range(len(data) - n + 1):
|
|
105
|
+
match = True
|
|
106
|
+
for k in range(n):
|
|
107
|
+
if mask[k] == 1 and data[j+k] != pat[k]:
|
|
108
|
+
match = False
|
|
109
|
+
break
|
|
110
|
+
if match:
|
|
111
|
+
results.append(hex(s + j))
|
|
112
|
+
if len(results) >= 1000:
|
|
113
|
+
break
|
|
114
|
+
if len(results) >= 1000:
|
|
115
|
+
break
|
|
116
|
+
sys.stdout.write('SCAN_RESULT:' + json.dumps({
|
|
117
|
+
'success': True,
|
|
118
|
+
'addresses': results,
|
|
119
|
+
'stats': {'patternLength': len(pat), 'resultsFound': len(results)}
|
|
120
|
+
}) + '\\n')
|
|
121
|
+
sys.stdout.flush()
|
|
65
122
|
`;
|
|
66
123
|
await fs.writeFile(pyFile, pyScript, 'utf8');
|
|
67
124
|
await fs.writeFile(cmdFile, `command script import ${pyFile}\nprocess detach\n`, 'utf8');
|
|
@@ -3,15 +3,25 @@ import { scanMemoryWindows } from './scanner.windows.js';
|
|
|
3
3
|
import { scanMemoryLinux } from './scanner.linux.js';
|
|
4
4
|
import { scanMemoryMac } from './scanner.darwin.js';
|
|
5
5
|
export { buildPatternBytesAndMask, patternToBytesMac } from './scanner.patterns.js';
|
|
6
|
-
export async function scanMemory(platform, pid, pattern, patternType = 'hex') {
|
|
6
|
+
export async function scanMemory(platform, pid, pattern, patternType = 'hex', suspendTarget = false) {
|
|
7
|
+
let suspended = false;
|
|
7
8
|
try {
|
|
9
|
+
if (suspendTarget) {
|
|
10
|
+
suspended = await suspendProcess(platform, pid);
|
|
11
|
+
if (suspended) {
|
|
12
|
+
logger.info(`Suspended process ${pid} for consistent memory scan`);
|
|
13
|
+
}
|
|
14
|
+
else {
|
|
15
|
+
logger.warn(`Could not suspend process ${pid} — scanning unsuspended`);
|
|
16
|
+
}
|
|
17
|
+
}
|
|
8
18
|
switch (platform) {
|
|
9
19
|
case 'win32':
|
|
10
|
-
return scanMemoryWindows(pid, pattern, patternType);
|
|
20
|
+
return await scanMemoryWindows(pid, pattern, patternType);
|
|
11
21
|
case 'linux':
|
|
12
|
-
return scanMemoryLinux(pid, pattern, patternType);
|
|
22
|
+
return await scanMemoryLinux(pid, pattern, patternType);
|
|
13
23
|
case 'darwin':
|
|
14
|
-
return scanMemoryMac(pid, pattern, patternType);
|
|
24
|
+
return await scanMemoryMac(pid, pattern, patternType);
|
|
15
25
|
default:
|
|
16
26
|
return { success: false, addresses: [], error: `Memory scan not supported on ${platform}` };
|
|
17
27
|
}
|
|
@@ -24,6 +34,12 @@ export async function scanMemory(platform, pid, pattern, patternType = 'hex') {
|
|
|
24
34
|
error: error instanceof Error ? error.message : String(error),
|
|
25
35
|
};
|
|
26
36
|
}
|
|
37
|
+
finally {
|
|
38
|
+
if (suspended) {
|
|
39
|
+
await resumeProcess(platform, pid);
|
|
40
|
+
logger.info(`Resumed process ${pid} after memory scan`);
|
|
41
|
+
}
|
|
42
|
+
}
|
|
27
43
|
}
|
|
28
44
|
export async function scanMemoryFiltered(pid, pattern, addresses, patternType = 'hex', _readMemoryFn, scanMemoryFn) {
|
|
29
45
|
const validAddresses = [];
|
|
@@ -59,3 +75,71 @@ export async function scanMemoryFiltered(pid, pattern, addresses, patternType =
|
|
|
59
75
|
stats: { resultsFound: results.length, patternLength: pattern.length },
|
|
60
76
|
};
|
|
61
77
|
}
|
|
78
|
+
async function suspendProcess(platform, pid) {
|
|
79
|
+
try {
|
|
80
|
+
switch (platform) {
|
|
81
|
+
case 'darwin': {
|
|
82
|
+
const { createPlatformProvider } = await import('../../../native/platform/factory.js');
|
|
83
|
+
const provider = createPlatformProvider();
|
|
84
|
+
const avail = await provider.checkAvailability();
|
|
85
|
+
if (!avail.available)
|
|
86
|
+
return false;
|
|
87
|
+
const handle = provider.openProcess(pid, false);
|
|
88
|
+
try {
|
|
89
|
+
const { taskSuspend } = await import('../../../native/platform/darwin/DarwinAPI.js');
|
|
90
|
+
const { machTaskSelf, taskForPid, KERN } = await import('../../../native/platform/darwin/DarwinAPI.js');
|
|
91
|
+
const { kr, task } = taskForPid(machTaskSelf(), pid);
|
|
92
|
+
if (kr !== KERN.SUCCESS)
|
|
93
|
+
return false;
|
|
94
|
+
const suspendKr = taskSuspend(task);
|
|
95
|
+
return suspendKr === KERN.SUCCESS;
|
|
96
|
+
}
|
|
97
|
+
finally {
|
|
98
|
+
provider.closeProcess(handle);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
case 'linux': {
|
|
102
|
+
const { execAsync } = await import('../../process/memory/types.js');
|
|
103
|
+
await execAsync(`kill -STOP ${pid}`, { timeout: 2000 });
|
|
104
|
+
return true;
|
|
105
|
+
}
|
|
106
|
+
case 'win32': {
|
|
107
|
+
const { execAsync } = await import('../../process/memory/types.js');
|
|
108
|
+
await execAsync(`powershell -NoProfile -Command "(Add-Type -MemberDefinition '[DllImport("ntdll.dll")] public static extern int NtSuspendProcess(IntPtr h);' -Name W -Namespace N -PassThru)::NtSuspendProcess((Get-Process -Id ${pid}).Handle)"`, { timeout: 5000 });
|
|
109
|
+
return true;
|
|
110
|
+
}
|
|
111
|
+
default:
|
|
112
|
+
return false;
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
catch (err) {
|
|
116
|
+
logger.warn(`Failed to suspend process ${pid}:`, err);
|
|
117
|
+
return false;
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
async function resumeProcess(platform, pid) {
|
|
121
|
+
try {
|
|
122
|
+
switch (platform) {
|
|
123
|
+
case 'darwin': {
|
|
124
|
+
const { machTaskSelf, taskForPid, taskResume, KERN } = await import('../../../native/platform/darwin/DarwinAPI.js');
|
|
125
|
+
const { kr, task } = taskForPid(machTaskSelf(), pid);
|
|
126
|
+
if (kr === KERN.SUCCESS)
|
|
127
|
+
taskResume(task);
|
|
128
|
+
break;
|
|
129
|
+
}
|
|
130
|
+
case 'linux': {
|
|
131
|
+
const { execAsync } = await import('../../process/memory/types.js');
|
|
132
|
+
await execAsync(`kill -CONT ${pid}`, { timeout: 2000 });
|
|
133
|
+
break;
|
|
134
|
+
}
|
|
135
|
+
case 'win32': {
|
|
136
|
+
const { execAsync } = await import('../../process/memory/types.js');
|
|
137
|
+
await execAsync(`powershell -NoProfile -Command "(Add-Type -MemberDefinition '[DllImport("ntdll.dll")] public static extern int NtResumeProcess(IntPtr h);' -Name W -Namespace N -PassThru)::NtResumeProcess((Get-Process -Id ${pid}).Handle)"`, { timeout: 5000 });
|
|
138
|
+
break;
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
catch (err) {
|
|
143
|
+
logger.error(`CRITICAL: Failed to resume process ${pid} — may need manual SIGCONT:`, err);
|
|
144
|
+
}
|
|
145
|
+
}
|