npm - @jshookmcp/jshook - Versions diffs - 0.2.3 → 0.2.5 - Mend

@jshookmcp/jshook 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (385) hide show

package/dist/src/native/HeapAnalyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { logger } from '../utils/logger.js';
 import koffi from 'koffi';
-import { openProcessForMemory, CloseHandle, ReadProcessMemory, } from './Win32API.js';
+import { openProcessForMemory, CloseHandle, ReadProcessMemory } from './Win32API.js';
 import { HEAP_ENUMERATE_MAX_BLOCKS, HEAP_SPRAY_THRESHOLD, HEAP_SPRAY_SIZE_TOLERANCE, HEAP_SUSPICIOUS_BLOCK_SIZE, } from '../constants.js';
 import { LF32, HF32 } from './HeapAnalyzer.types.js';
 import { TH32CS } from './Win32Debug.js';
@@ -208,7 +208,7 @@ export class HeapAnalyzer {
         }
     }
     async _detectPossibleUAF(pid, blocks, heapId, anomalies) {
-        const freeBlocks = blocks.filter(b => b.isFree && b.size >= 8);
+        const freeBlocks = blocks.filter((b) => b.isFree && b.size >= 8);
         const sampled = freeBlocks.slice(0, 100);
         let hProcess = null;
         try {

package/dist/src/native/MemoryController.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { randomUUID } from 'node:crypto';
-import { FREEZE_DEFAULT_INTERVAL_MS, WRITE_HISTORY_MAX, } from '../constants.js';
+import { FREEZE_DEFAULT_INTERVAL_MS, WRITE_HISTORY_MAX } from '../constants.js';
 import { openProcessForMemory, CloseHandle, ReadProcessMemory, WriteProcessMemory, VirtualProtectEx, PAGE, } from './Win32API.js';
 import { parsePattern } from './NativeMemoryManager.utils.js';
 export class MemoryController {

package/dist/src/native/MemoryScanSession.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { randomUUID } from 'node:crypto';
-import { SCAN_SESSION_MAX_COUNT, SCAN_SESSION_TTL_MS, } from '../constants.js';
+import { SCAN_SESSION_MAX_COUNT, SCAN_SESSION_TTL_MS } from '../constants.js';
 import { getDefaultAlignment } from './ScanComparators.js';
 import { formatAddress, parseAddress } from './formatAddress.js';
 export class MemoryScanSessionManager {
@@ -97,7 +97,7 @@ export class MemoryScanSessionManager {
         const session = this.getSession(sessionId);
         const serializable = {
             ...session,
-            addresses: session.addresses.map(addr => formatAddress(addr)),
+            addresses: session.addresses.map((addr) => formatAddress(addr)),
             previousValues: Array.from(session.previousValues.entries()).map(([addr, buf]) => [formatAddress(addr), buf.toString('hex')]),
         };
         return JSON.stringify(serializable);

package/dist/src/native/MemoryScanner.js CHANGED Viewed

@@ -229,9 +229,7 @@ export class MemoryScanner {
                     }
                     for (let i = 0; i <= chunk.length - 8; i += 8) {
                         const ptrValue = chunk.readBigUInt64LE(i);
-                        const diff = ptrValue > targetAddr
-                            ? Number(ptrValue - targetAddr)
-                            : Number(targetAddr - ptrValue);
+                        const diff = ptrValue > targetAddr ? Number(ptrValue - targetAddr) : Number(targetAddr - ptrValue);
                         if (diff <= 4096) {
                             const addr = chunkAddr + BigInt(i);
                             const offsetFromTarget = ptrValue >= targetAddr
@@ -271,8 +269,8 @@ export class MemoryScanner {
         if (maxOffset > SCAN_GROUP_MAX_PATTERN_SIZE) {
             throw new Error(`Group pattern too large: ${maxOffset} bytes (max ${SCAN_GROUP_MAX_PATTERN_SIZE})`);
         }
-        const compositePattern = new Array(maxOffset).fill(0);
-        const compositeMask = new Array(maxOffset).fill(0);
+        const compositePattern = Array.from({ length: maxOffset }, () => 0);
+        const compositeMask = Array.from({ length: maxOffset }, () => 0);
         for (const entry of pattern) {
             const effectiveType = entry.type === 'pointer' ? 'uint64' : entry.type;
             const { patternBytes, mask } = parsePattern(entry.value, effectiveType);
@@ -372,9 +370,7 @@ export class MemoryScanner {
             if (!regionInfo)
                 break;
             const regionSize = regionInfo.size;
-            if (regionInfo.isReadable &&
-                regionSize > 0 &&
-                regionSize <= Number.MAX_SAFE_INTEGER) {
+            if (regionInfo.isReadable && regionSize > 0 && regionSize <= Number.MAX_SAFE_INTEGER) {
                 let include = true;
                 if (filter?.writable && !regionInfo.isWritable)
                     include = false;

package/dist/src/native/NativeMemoryManager.impl.js CHANGED Viewed

@@ -4,7 +4,7 @@ import { promisify } from 'node:util';
 import { cpuLimit } from '../utils/concurrency.js';
 import { createPlatformProvider } from './platform/factory.js';
 import { MemoryProtection } from './platform/types.js';
-import { findPatternInBuffer, parsePattern, } from './NativeMemoryManager.utils.js';
+import { findPatternInBuffer, parsePattern } from './NativeMemoryManager.utils.js';
 import { checkNativeMemoryAvailability } from './NativeMemoryManager.availability.js';
 const execAsync = promisify(exec);
 const SCAN_CHUNK_SIZE = 16 * 1024 * 1024;
@@ -374,7 +374,7 @@ export class NativeMemoryManager {
             return { success: false, error: 'Debug port check is only supported on Windows' };
         }
         try {
-            const { openProcessForMemory, CloseHandle, NtQueryInformationProcess, } = await import('./Win32API.js');
+            const { openProcessForMemory, CloseHandle, NtQueryInformationProcess } = await import('./Win32API.js');
             const handle = openProcessForMemory(pid, false);
             try {
                 const { status, debugPort } = NtQueryInformationProcess(handle, 7);

package/dist/src/native/PEAnalyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
-import { readFileSync } from 'node:fs';
+import { promises as fs } from 'node:fs';
 import { logger } from '../utils/logger.js';
-import { openProcessForMemory, CloseHandle, ReadProcessMemory, EnumProcessModules, GetModuleBaseName, GetModuleInformation, } from './Win32API.js';
+import { openProcessForMemory, CloseHandle, ReadProcessMemory, EnumProcessModules, GetModuleBaseName, GetModuleFileNameEx, GetModuleInformation, } from './Win32API.js';
 import { IMAGE_SCN, IMAGE_DIRECTORY_ENTRY } from './PEAnalyzer.types.js';
 const MZ_MAGIC = 0x5a4d;
 const PE_SIGNATURE = 0x00004550;
@@ -73,7 +73,9 @@ export class PEAnalyzer {
                 const off = headers.firstSectionOffset + i * SECTION_HEADER_SIZE;
                 const secData = ReadProcessMemory(hProcess, base + BigInt(off), SECTION_HEADER_SIZE);
                 const nameEnd = secData.indexOf(0);
-                const name = secData.subarray(0, nameEnd > 0 && nameEnd <= 8 ? nameEnd : 8).toString('ascii');
+                const name = secData
+                    .subarray(0, nameEnd > 0 && nameEnd <= 8 ? nameEnd : 8)
+                    .toString('ascii');
                 const virtualSize = secData.readUInt32LE(8);
                 const virtualAddress = secData.readUInt32LE(12);
                 const rawSize = secData.readUInt32LE(16);
@@ -114,7 +116,7 @@ export class PEAnalyzer {
                 const nullIdx = nameData.indexOf(0);
                 const dllName = nameData.subarray(0, nullIdx > 0 ? nullIdx : 256).toString('ascii');
                 const originalFirstThunkRva = desc.readUInt32LE(0) || desc.readUInt32LE(16);
-                const functions = await this._readThunkArray(hProcess, base, originalFirstThunkRva, headers.isPE32Plus);
+                const functions = this._readThunkArray(hProcess, base, originalFirstThunkRva, headers.isPE32Plus);
                 imports.push({ dllName, functions });
                 descOffset += IMPORT_DESCRIPTOR_SIZE;
             }
@@ -147,8 +149,7 @@ export class PEAnalyzer {
                 const nameBuf = ReadProcessMemory(hProcess, base + BigInt(nameRva), 256);
                 const nullIdx = nameBuf.indexOf(0);
                 const name = nameBuf.subarray(0, nullIdx > 0 ? nullIdx : 256).toString('ascii');
-                const funcRva = ReadProcessMemory(hProcess, base + BigInt(addressOfFunctionsRva + ordIndex * 4), 4)
-                    .readUInt32LE(0);
+                const funcRva = ReadProcessMemory(hProcess, base + BigInt(addressOfFunctionsRva + ordIndex * 4), 4).readUInt32LE(0);
                 let forwardedTo = null;
                 if (funcRva >= exportDir.rva && funcRva < exportDir.rva + exportDir.size) {
                     const fwdBuf = ReadProcessMemory(hProcess, base + BigInt(funcRva), 256);
@@ -174,11 +175,11 @@ export class PEAnalyzer {
         try {
             const modules = this._enumerateModulesInternal(hProcess);
             const targets = moduleName
-                ? modules.filter(m => m.name.toLowerCase().includes(moduleName.toLowerCase()))
+                ? modules.filter((m) => m.name.toLowerCase().includes(moduleName.toLowerCase()))
                 : modules;
             for (const mod of targets) {
                 try {
-                    const diskData = readFileSync(mod.path);
+                    const diskData = await fs.readFile(mod.path);
                     const exports = await this.parseExports(pid, mod.base);
                     for (const exp of exports) {
                         const funcRva = parseInt(exp.rva, 16);
@@ -271,13 +272,15 @@ export class PEAnalyzer {
         const firstSectionOffset = e_lfanew + 4 + 20 + sizeOfOptionalHeader;
         return { numSections, isPE32Plus, firstSectionOffset, dataDirectories };
     }
-    async _readThunkArray(hProcess, base, thunkRva, isPE32Plus) {
+    _readThunkArray(hProcess, base, thunkRva, isPE32Plus) {
         const thunkSize = isPE32Plus ? 8 : 4;
         const functions = [];
         const IMAGE_ORDINAL_FLAG = isPE32Plus ? 0x8000000000000000n : 0x80000000n;
         for (let i = 0; i < 2000; i++) {
             const thunkData = ReadProcessMemory(hProcess, base + BigInt(thunkRva + i * thunkSize), thunkSize);
-            const thunkValue = isPE32Plus ? thunkData.readBigUInt64LE(0) : BigInt(thunkData.readUInt32LE(0));
+            const thunkValue = isPE32Plus
+                ? thunkData.readBigUInt64LE(0)
+                : BigInt(thunkData.readUInt32LE(0));
             if (thunkValue === 0n)
                 break;
             if ((thunkValue & IMAGE_ORDINAL_FLAG) !== 0n) {
@@ -312,11 +315,7 @@ export class PEAnalyzer {
                 const hMod = modHandles[i];
                 const name = GetModuleBaseName(hProcess, hMod);
                 const info = GetModuleInformation(hProcess, hMod);
-                let modulePath = name;
-                try {
-                    modulePath = `C:\\Windows\\System32\\${name}`;
-                }
-                catch { }
+                const modulePath = GetModuleFileNameEx(hProcess, hMod) ?? name;
                 if (info.success) {
                     modules.push({
                         name,

package/dist/src/native/PointerChainEngine.js CHANGED Viewed

@@ -156,7 +156,7 @@ export class PointerChainEngine {
     scanLevel(handle, targetAddresses, maxOffset, alignment, _filter) {
         const matches = [];
         const chunkSize = POINTER_CHAIN_SCAN_CHUNK_SIZE;
-        const targets = Array.from(targetAddresses).sort((a, b) => (a < b ? -1 : a > b ? 1 : 0));
+        const targets = Array.from(targetAddresses).toSorted((a, b) => (a < b ? -1 : a > b ? 1 : 0));
         if (targets.length === 0)
             return matches;
         const maxOffsetBig = BigInt(maxOffset);
@@ -198,9 +198,7 @@ export class PointerChainEngine {
                         }
                         for (let t = lo; t < targets.length && targets[t] <= searchMax; t++) {
                             const target = targets[t];
-                            const diff = ptrValue > target
-                                ? Number(ptrValue - target)
-                                : Number(target - ptrValue);
+                            const diff = ptrValue > target ? Number(ptrValue - target) : Number(target - ptrValue);
                             if (diff <= maxOffset) {
                                 const pointerAddr = chunkAddr + BigInt(i);
                                 const matchOffset = Number(target - ptrValue);

package/dist/src/native/ScriptLoader.js CHANGED Viewed

@@ -1,18 +1,13 @@
 import { promises as fs, existsSync } from 'fs';
-import { join, dirname, resolve } from 'path';
+import { join, resolve } from 'path';
 import { platform } from 'os';
 import { fileURLToPath } from 'node:url';
 let _scriptsBaseDir = null;
 function tryGetEsmBaseDir() {
     try {
-        const readImportMetaPath = new Function('try { return import.meta.dirname ?? import.meta.url ?? null; } catch { return null; }');
-        const metaPath = readImportMetaPath();
-        if (!metaPath)
-            return null;
-        if (metaPath.startsWith('file://')) {
-            return dirname(fileURLToPath(metaPath));
-        }
-        return metaPath;
+        const readImportMetaUrl = new Function('try { return import.meta.url ?? null; } catch { return null; }');
+        const metaUrl = readImportMetaUrl();
+        return metaUrl ? fileURLToPath(new URL('.', metaUrl)) : null;
     }
     catch {
         return null;

package/dist/src/native/Speedhack.js CHANGED Viewed

@@ -149,7 +149,7 @@ export class Speedhack {
     }
     buildAbsoluteJump(target) {
         const buf = Buffer.alloc(14);
-        buf[0] = 0xFF;
+        buf[0] = 0xff;
         buf[1] = 0x25;
         buf.writeUInt32LE(0, 2);
         buf.writeBigUInt64LE(target, 6);

package/dist/src/native/StructureAnalyzer.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { STRUCT_ANALYZE_DEFAULT_SIZE, STRUCT_VTABLE_MAX_FUNCTIONS, STRUCT_RTTI_MAX_STRING_LEN, STRUCT_CSTRING_MAX_LEN, } from '../constants.js';
+import { STRUCT_ANALYZE_DEFAULT_SIZE, STRUCT_VTABLE_MAX_FUNCTIONS, STRUCT_RTTI_MAX_STRING_LEN, } from '../constants.js';
 import { createPlatformProvider } from './platform/factory.js';
 import { nativeMemoryManager } from './NativeMemoryManager.impl.js';
 export class StructureAnalyzer {
@@ -126,7 +126,7 @@ export class StructureAnalyzer {
             const signature = colBuf.readUInt32LE(0);
             if (signature !== 1)
                 return null;
-            const typeDescRVA = colBuf.readUInt32LE(0x0C);
+            const typeDescRVA = colBuf.readUInt32LE(0x0c);
             const classDescRVA = colBuf.readUInt32LE(0x10);
             const objectLocRVA = colBuf.readUInt32LE(0x14);
             const moduleBase = colAddr - BigInt(objectLocRVA);
@@ -140,7 +140,7 @@ export class StructureAnalyzer {
                 const classDescAddr = moduleBase + BigInt(classDescRVA);
                 const classDescBuf = this.provider.readMemory(handle, classDescAddr, 0x10).data;
                 const numBaseClasses = classDescBuf.readUInt32LE(0x08);
-                const baseClassArrayRVA = classDescBuf.readUInt32LE(0x0C);
+                const baseClassArrayRVA = classDescBuf.readUInt32LE(0x0c);
                 if (numBaseClasses > 0 && numBaseClasses < 20) {
                     const baseArrayAddr = moduleBase + BigInt(baseClassArrayRVA);
                     const baseArrayBuf = this.provider.readMemory(handle, baseArrayAddr, numBaseClasses * 4).data;
@@ -280,15 +280,13 @@ export class StructureAnalyzer {
                 for (let i = offset; i < buf.length && buf[i] === 0; i++)
                     zeroLen++;
                 const padSize = Math.min(zeroLen, remaining);
-                const alignedPad = padSize >= 8 ? (padSize & ~7) : (padSize >= 4 ? (padSize & ~3) : padSize);
-                if (alignedPad > 0) {
-                    return {
-                        type: 'padding',
-                        size: alignedPad,
-                        value: `0x${'00'.repeat(Math.min(alignedPad, 8))}`,
-                        confidence: 0.6,
-                    };
-                }
+                const alignedPad = padSize & ~7;
+                return {
+                    type: 'padding',
+                    size: alignedPad,
+                    value: `0x${'00'.repeat(Math.min(alignedPad, 8))}`,
+                    confidence: 0.6,
+                };
             }
             if (val32u === 0) {
                 return {
@@ -308,7 +306,10 @@ export class StructureAnalyzer {
                     notes: 'value is 1 — could be boolean',
                 };
             }
-            if (isFinite(valFloat) && !isNaN(valFloat) && Math.abs(valFloat) > 1e-10 && Math.abs(valFloat) < 1e8) {
+            if (isFinite(valFloat) &&
+                !isNaN(valFloat) &&
+                Math.abs(valFloat) > 1e-10 &&
+                Math.abs(valFloat) < 1e8) {
                 const intLooksReasonable = val32u > 0 && val32u < 100_000;
                 const floatHasDecimals = Math.abs(valFloat - Math.round(valFloat)) > 0.001;
                 if (floatHasDecimals || (!intLooksReasonable && Math.abs(valFloat) < 10000)) {
@@ -317,7 +318,9 @@ export class StructureAnalyzer {
                         size: 4,
                         value: valFloat.toFixed(6),
                         confidence: floatHasDecimals ? 0.8 : 0.5,
-                        notes: floatHasDecimals ? 'IEEE 754 float with fractional part' : 'could be float or int',
+                        notes: floatHasDecimals
+                            ? 'IEEE 754 float with fractional part'
+                            : 'could be float or int',
                     };
                 }
             }
@@ -376,9 +379,8 @@ export class StructureAnalyzer {
         }
     }
     readCString(handle, address, maxLen) {
-        const len = maxLen ?? STRUCT_CSTRING_MAX_LEN;
         try {
-            const buf = this.provider.readMemory(handle, address, len).data;
+            const buf = this.provider.readMemory(handle, address, maxLen).data;
             const nullIdx = buf.indexOf(0);
             if (nullIdx < 0)
                 return null;
@@ -403,23 +405,40 @@ export class StructureAnalyzer {
     }
     fieldTypeToCType(type, size) {
         switch (type) {
-            case 'int8': return 'int8_t';
-            case 'uint8': return 'uint8_t';
-            case 'int16': return 'int16_t';
-            case 'uint16': return 'uint16_t';
-            case 'int32': return 'int32_t';
-            case 'uint32': return 'uint32_t';
-            case 'int64': return 'int64_t';
-            case 'uint64': return 'uint64_t';
-            case 'float': return 'float';
-            case 'double': return 'double';
-            case 'pointer': return 'void*';
-            case 'vtable_ptr': return 'void**';
-            case 'string_ptr': return 'char*';
-            case 'bool': return 'bool';
-            case 'padding': return `uint8_t[${size}]`;
-            case 'unknown': return `uint8_t[${size}]`;
-            default: return `uint8_t[${size}]`;
+            case 'int8':
+                return 'int8_t';
+            case 'uint8':
+                return 'uint8_t';
+            case 'int16':
+                return 'int16_t';
+            case 'uint16':
+                return 'uint16_t';
+            case 'int32':
+                return 'int32_t';
+            case 'uint32':
+                return 'uint32_t';
+            case 'int64':
+                return 'int64_t';
+            case 'uint64':
+                return 'uint64_t';
+            case 'float':
+                return 'float';
+            case 'double':
+                return 'double';
+            case 'pointer':
+                return 'void*';
+            case 'vtable_ptr':
+                return 'void**';
+            case 'string_ptr':
+                return 'char*';
+            case 'bool':
+                return 'bool';
+            case 'padding':
+                return `uint8_t[${size}]`;
+            case 'unknown':
+                return `uint8_t[${size}]`;
+            default:
+                return `uint8_t[${size}]`;
         }
     }
     async getModuleEntries(pid) {

package/dist/src/native/Win32API.d.ts CHANGED Viewed

@@ -93,6 +93,7 @@ export declare function EnumProcessModules(hProcess: bigint, maxModules?: number
     count: number;
 };
 export declare function GetModuleBaseName(hProcess: bigint, hModule: bigint, maxSize?: number): string;
+export declare function GetModuleFileNameEx(hProcess: bigint, hModule: bigint, maxSize?: number): string | null;
 export declare function GetModuleInformation(hProcess: bigint, hModule: bigint): {
     success: boolean;
     info: ModuleInfoType;

package/dist/src/native/Win32API.js CHANGED Viewed

@@ -213,6 +213,19 @@ export function GetModuleBaseName(hProcess, hModule, maxSize = 260) {
     }
     return buffer.toString('utf8', 0, len);
 }
+export function GetModuleFileNameEx(hProcess, hModule, maxSize = 32_768) {
+    const fn = getPsapi().func('uint32 GetModuleFileNameExA(void *, void *, _Out_ char[], uint32)');
+    const buffer = Buffer.alloc(maxSize);
+    const result = fn(hProcess, hModule, buffer, maxSize);
+    if (typeof result !== 'number' || result <= 0) {
+        return null;
+    }
+    let len = 0;
+    while (len < maxSize && buffer[len] !== 0) {
+        len++;
+    }
+    return len > 0 ? buffer.toString('utf8', 0, len) : null;
+}
 export function GetModuleInformation(hProcess, hModule) {
     const fn = getPsapi().func('int GetModuleInformation(void *, void *, _Out_ uint8_t[24], uint32)');
     const buffer = Buffer.alloc(24);

package/dist/src/native/Win32Debug.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import koffi from 'koffi';
 import { logger } from '../utils/logger.js';
-import { GetLastError } from './Win32API.js';
+import { GetLastError, CloseHandle } from './Win32API.js';
 export const THREAD_ACCESS = {
     TERMINATE: 0x0001,
     SUSPEND_RESUME: 0x0002,
@@ -70,18 +70,18 @@ export function parseContext(buf) {
         rdx: buf.readBigUInt64LE(0x88),
         rbx: buf.readBigUInt64LE(0x90),
         rsp: buf.readBigUInt64LE(0x98),
-        rbp: buf.readBigUInt64LE(0xA0),
-        rsi: buf.readBigUInt64LE(0xA8),
-        rdi: buf.readBigUInt64LE(0xB0),
-        r8: buf.readBigUInt64LE(0xB8),
-        r9: buf.readBigUInt64LE(0xC0),
-        r10: buf.readBigUInt64LE(0xC8),
-        r11: buf.readBigUInt64LE(0xD0),
-        r12: buf.readBigUInt64LE(0xD8),
-        r13: buf.readBigUInt64LE(0xE0),
-        r14: buf.readBigUInt64LE(0xE8),
-        r15: buf.readBigUInt64LE(0xF0),
-        rip: buf.readBigUInt64LE(0xF8),
+        rbp: buf.readBigUInt64LE(0xa0),
+        rsi: buf.readBigUInt64LE(0xa8),
+        rdi: buf.readBigUInt64LE(0xb0),
+        r8: buf.readBigUInt64LE(0xb8),
+        r9: buf.readBigUInt64LE(0xc0),
+        r10: buf.readBigUInt64LE(0xc8),
+        r11: buf.readBigUInt64LE(0xd0),
+        r12: buf.readBigUInt64LE(0xd8),
+        r13: buf.readBigUInt64LE(0xe0),
+        r14: buf.readBigUInt64LE(0xe8),
+        r15: buf.readBigUInt64LE(0xf0),
+        rip: buf.readBigUInt64LE(0xf8),
     };
 }
 export function writeContext(buf, ctx) {
@@ -102,7 +102,7 @@ export function writeContext(buf, ctx) {
     if (ctx.dr7 !== undefined)
         buf.writeBigUInt64LE(ctx.dr7, 0x70);
     if (ctx.rip !== undefined)
-        buf.writeBigUInt64LE(ctx.rip, 0xF8);
+        buf.writeBigUInt64LE(ctx.rip, 0xf8);
 }
 let kernel32Debug = null;
 function getKernel32() {
@@ -119,7 +119,7 @@ export function OpenThread(dwDesiredAccess, bInheritHandle, dwThreadId) {
 export function SuspendThread(hThread) {
     const fn = getKernel32().func('uint32 SuspendThread(void *)');
     const result = fn(hThread);
-    if (result === 0xFFFFFFFF) {
+    if (result === 0xffffffff) {
         throw new Error(`SuspendThread failed. Error: 0x${GetLastError().toString(16)}`);
     }
     return result;
@@ -127,7 +127,7 @@ export function SuspendThread(hThread) {
 export function ResumeThread(hThread) {
     const fn = getKernel32().func('uint32 ResumeThread(void *)');
     const result = fn(hThread);
-    if (result === 0xFFFFFFFF) {
+    if (result === 0xffffffff) {
         throw new Error(`ResumeThread failed. Error: 0x${GetLastError().toString(16)}`);
     }
     return result;
@@ -209,10 +209,9 @@ export function EnumerateProcessThreads(pid) {
     const entry = Buffer.alloc(28);
     entry.writeUInt32LE(28, 0);
     try {
-        const { CloseHandle } = require('./Win32API.js');
         if (fnFirst(snapshot, entry) !== 0) {
             do {
-                const ownerPid = entry.readUInt32LE(0x0C);
+                const ownerPid = entry.readUInt32LE(0x0c);
                 if (ownerPid === pid) {
                     threads.push(entry.readUInt32LE(0x08));
                 }
@@ -221,7 +220,8 @@ export function EnumerateProcessThreads(pid) {
         }
         CloseHandle(snapshot);
     }
-    catch {
+    catch (e) {
+        console.error('[EnumerateProcessThreads] cleanup error:', e);
     }
     return threads;
 }

package/dist/src/native/platform/darwin/DarwinAPI.d.ts CHANGED Viewed

@@ -115,6 +115,8 @@ export declare function machVmAllocate(task: number, size: bigint, flags: number
     address: bigint;
 };
 export declare function machVmDeallocate(task: number, address: bigint, size: bigint): number;
+export declare function taskSuspend(task: number): number;
+export declare function taskResume(task: number): number;
 export declare function dyldImageCount(): number;
 export declare function dyldGetImageName(index: number): string;
 export declare function dyldGetImageVmaddrSlide(index: number): bigint;

package/dist/src/native/platform/darwin/DarwinAPI.js CHANGED Viewed

@@ -198,6 +198,14 @@ export function machVmDeallocate(task, address, size) {
     const fn = getLibSystem().func('int32 mach_vm_deallocate(uint32, uint64, uint64)');
     return fn(task, address, size);
 }
+export function taskSuspend(task) {
+    const fn = getLibSystem().func('int32 task_suspend(uint32)');
+    return fn(task);
+}
+export function taskResume(task) {
+    const fn = getLibSystem().func('int32 task_resume(uint32)');
+    return fn(task);
+}
 export function dyldImageCount() {
     const fn = getLibSystem().func('uint32 _dyld_image_count()');
     return fn();

package/dist/src/native/platform/darwin/DarwinMemoryProvider.js CHANGED Viewed

@@ -68,9 +68,14 @@ export class DarwinMemoryProvider {
             }
         }
         catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            const isCrash = /signal|bus error|segfault|abort/i.test(message);
             return {
                 available: false,
-                reason: `task_for_pid permission check failed: ${err instanceof Error ? err.message : String(err)}`,
+                reason: isCrash
+                    ? `Mach API call crashed (${message}). This may be caused by SIP (System Integrity Protection) on ARM64 macOS. ` +
+                        'Disable SIP or use a code-signed binary with com.apple.security.cs.debugger entitlement.'
+                    : `task_for_pid permission check failed: ${message}. Run with sudo or add debugger entitlement.`,
                 platform: 'darwin',
             };
         }

package/dist/src/server/MCPServer.context.d.ts CHANGED Viewed

@@ -61,7 +61,6 @@ export interface DomainInstances {
     debuggerManager?: import('../modules/debugger/DebuggerManager.js').DebuggerManager;
     runtimeInspector?: import('../modules/debugger/RuntimeInspector.js').RuntimeInspector;
     consoleMonitor?: import('../modules/monitor/ConsoleMonitor.js').ConsoleMonitor;
-    llm?: import('../services/LLMService.js').LLMService;
     browserHandlers?: import('./domains/browser/index.js').BrowserToolHandlers;
     debuggerHandlers?: import('./domains/debugger/index.js').DebuggerToolHandlers;
     advancedHandlers?: import('./domains/network/index.js').AdvancedToolHandlers;
@@ -90,6 +89,8 @@ export interface DomainInstances {
     coordinationHandlers?: import('./domains/coordination/index.js').CoordinationHandlers;
     traceRecorder?: import('../modules/trace/TraceRecorder.js').TraceRecorder;
     traceHandlers?: import('./domains/trace/index.js').TraceToolHandlers;
+    evidenceHandlers?: import('./domains/evidence/index.js').EvidenceHandlers;
+    instrumentationHandlers?: import('./domains/instrumentation/index.js').InstrumentationHandlers | undefined;
 }
 export interface ServerMethods {
     registerCaches(): Promise<void>;

package/dist/src/server/MCPServer.d.ts CHANGED Viewed

@@ -55,7 +55,6 @@ export declare class MCPServer implements MCPServerContext {
     debuggerManager: import('../modules/debugger/DebuggerManager.js').DebuggerManager | undefined;
     runtimeInspector: import('../modules/debugger/RuntimeInspector.js').RuntimeInspector | undefined;
     consoleMonitor: import('../modules/monitor/ConsoleMonitor.js').ConsoleMonitor | undefined;
-    llm: import('../services/LLMService.js').LLMService | undefined;
     browserHandlers: import('./domains/browser/index.js').BrowserToolHandlers | undefined;
     debuggerHandlers: import('./domains/debugger/index.js').DebuggerToolHandlers | undefined;
     advancedHandlers: import('./domains/network/index.js').AdvancedToolHandlers | undefined;
@@ -82,6 +81,8 @@ export declare class MCPServer implements MCPServerContext {
     sourcemapHandlers: import('./domains/sourcemap/index.js').SourcemapToolHandlers | undefined;
     transformHandlers: import('./domains/transform/index.js').TransformToolHandlers | undefined;
     coordinationHandlers: import('./domains/coordination/index.js').CoordinationHandlers | undefined;
+    evidenceHandlers: import('./domains/evidence/index.js').EvidenceHandlers | undefined;
+    instrumentationHandlers: import('./domains/instrumentation/index.js').InstrumentationHandlers | undefined;
     constructor(config: Config);
     resolveEnabledDomains(tools: Tool[]): Set<string>;
     registerSingleTool(toolDef: Tool): RegisteredTool;

package/dist/src/server/MCPServer.domain.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
 import type { Tool } from '@modelcontextprotocol/sdk/types.js';
 import type { MCPServerContext } from './MCPServer.context.js';
 export declare function resolveEnabledDomains(tools: Tool[]): Set<string>;
-export declare function createDomainProxy<T extends object>(ctx: MCPServerContext, domain: string, label: string, factory: () => T): T;
+export declare function createDomainProxy<T extends object>(ctx: MCPServerContext, domain: string, label: string, factory: () => T | Promise<T>): T;