@jshookmcp/jshook 0.2.3 → 0.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -5
- package/README.zh.md +18 -3
- package/dist/packages/extension-sdk/src/bridges/shared.js +2 -2
- package/dist/packages/extension-sdk/src/plugin.d.ts +5 -0
- package/dist/packages/extension-sdk/src/plugin.js +119 -33
- package/dist/packages/extension-sdk/src/workflow.d.ts +171 -0
- package/dist/packages/extension-sdk/src/workflow.js +272 -0
- package/dist/src/config/search-defaults.js +161 -0
- package/dist/src/constants.d.ts +3 -0
- package/dist/src/constants.js +4 -1
- package/dist/src/index.d.ts +1 -1
- package/dist/src/index.js +13 -17
- package/dist/src/modules/analyzer/CodeAnalyzer.d.ts +1 -3
- package/dist/src/modules/analyzer/CodeAnalyzer.js +16 -28
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.d.ts +1 -2
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.js +1 -45
- package/dist/src/modules/analyzer/IntelligentAnalyzer.d.ts +1 -37
- package/dist/src/modules/analyzer/IntelligentAnalyzer.js +9 -142
- package/dist/src/modules/analyzer/PatternDetector.js +3 -3
- package/dist/src/modules/analyzer/PatternDetectorAuthPatterns.js +1 -1
- package/dist/src/modules/browser/BrowserDiscovery.js +2 -2
- package/dist/src/modules/browser/BrowserModeManager.js +11 -10
- package/dist/src/modules/browser/BrowserPool.d.ts +49 -0
- package/dist/src/modules/browser/BrowserPool.js +288 -0
- package/dist/src/modules/browser/TabRegistry.js +2 -2
- package/dist/src/modules/browser/UnifiedBrowserManager.d.ts +1 -0
- package/dist/src/modules/browser/UnifiedBrowserManager.js +18 -3
- package/dist/src/modules/captcha/AICaptchaDetector.d.ts +1 -10
- package/dist/src/modules/captcha/AICaptchaDetector.js +7 -201
- package/dist/src/modules/collector/CodeCollector.js +4 -5
- package/dist/src/modules/collector/DOMInspector.js +48 -58
- package/dist/src/modules/collector/PageController.d.ts +17 -4
- package/dist/src/modules/collector/PageController.js +2 -5
- package/dist/src/modules/collector/PageScriptCollectors.js +3 -3
- package/dist/src/modules/crypto/CryptoDetector.d.ts +1 -4
- package/dist/src/modules/crypto/CryptoDetector.js +2 -42
- package/dist/src/modules/crypto/CryptoRules.js +1 -1
- package/dist/src/modules/debugger/BlackboxManager.js +1 -1
- package/dist/src/modules/debugger/DebuggerManager.impl.core.scope.js +1 -1
- package/dist/src/modules/debugger/ScriptManager.impl.extract-function-tree.js +4 -2
- package/dist/src/modules/debugger/WatchExpressionManager.js +1 -1
- package/dist/src/modules/deobfuscator/AdvancedDeobfuscator.d.ts +5 -0
- package/dist/src/modules/deobfuscator/AdvancedDeobfuscator.js +43 -2
- package/dist/src/modules/deobfuscator/Deobfuscator.d.ts +1 -4
- package/dist/src/modules/deobfuscator/Deobfuscator.js +9 -39
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.d.ts +0 -3
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.js +2 -8
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.d.ts +1 -2
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.js +3 -55
- package/dist/src/modules/deobfuscator/JScramblerDeobfuscator.js +3 -4
- package/dist/src/modules/deobfuscator/VMDeobfuscator.d.ts +2 -10
- package/dist/src/modules/deobfuscator/VMDeobfuscator.js +3 -128
- package/dist/src/modules/deobfuscator/webcrack.js +15 -2
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.d.ts +5 -8
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.js +10 -102
- package/dist/src/modules/emulator/EnvironmentEmulator.d.ts +1 -5
- package/dist/src/modules/emulator/EnvironmentEmulator.js +7 -91
- package/dist/src/modules/emulator/EnvironmentEmulatorFetch.js +58 -61
- package/dist/src/modules/emulator/templates/chrome-env.d.ts +17 -7
- package/dist/src/modules/emulator/templates/chrome-env.js +14 -7
- package/dist/src/modules/external/ExternalToolRunner.js +25 -22
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.compose.js +5 -5
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.network.js +311 -311
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.runtime.js +410 -410
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.storage.js +122 -122
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.d.ts +13 -0
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.js +42 -0
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.dynamic.js +194 -194
- package/dist/src/modules/monitor/FetchInterceptor.d.ts +46 -0
- package/dist/src/modules/monitor/FetchInterceptor.js +191 -0
- package/dist/src/modules/monitor/PerformanceMonitor.js +8 -7
- package/dist/src/modules/monitor/PlaywrightNetworkMonitor.js +62 -62
- package/dist/src/modules/process/BaseMemoryManager.d.ts +1 -1
- package/dist/src/modules/process/LinuxProcessManager.js +2 -0
- package/dist/src/modules/process/MacProcessManager.js +25 -25
- package/dist/src/modules/process/MemoryManager.d.ts +1 -1
- package/dist/src/modules/process/MemoryManager.js +2 -2
- package/dist/src/modules/process/memory/AuditTrail.js +1 -1
- package/dist/src/modules/process/memory/availability.js +49 -49
- package/dist/src/modules/process/memory/injector.js +185 -185
- package/dist/src/modules/process/memory/reader.js +85 -53
- package/dist/src/modules/process/memory/regions.dump.js +51 -51
- package/dist/src/modules/process/memory/regions.enumerate.js +108 -108
- package/dist/src/modules/process/memory/regions.modules.js +80 -80
- package/dist/src/modules/process/memory/regions.protection.js +148 -115
- package/dist/src/modules/process/memory/scanner.d.ts +5 -1
- package/dist/src/modules/process/memory/scanner.darwin.js +98 -41
- package/dist/src/modules/process/memory/scanner.js +88 -4
- package/dist/src/modules/process/memory/scanner.windows.js +124 -124
- package/dist/src/modules/process/memory/writer.js +98 -58
- package/dist/src/modules/security/ExecutionSandbox.js +51 -52
- package/dist/src/modules/stealth/FingerprintManager.js +1 -1
- package/dist/src/modules/stealth/StealthScripts.d.ts +1 -0
- package/dist/src/modules/stealth/StealthScripts.js +18 -13
- package/dist/src/modules/stealth/StealthVerifier.js +1 -3
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.d.ts +14 -0
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.js +181 -2
- package/dist/src/modules/trace/TraceDB.js +75 -69
- package/dist/src/modules/trace/TraceRecorder.js +1 -5
- package/dist/src/native/AntiCheatDetector.js +67 -16
- package/dist/src/native/CodeInjector.js +3 -3
- package/dist/src/native/HardwareBreakpoint.js +24 -15
- package/dist/src/native/HeapAnalyzer.js +2 -2
- package/dist/src/native/MemoryController.js +1 -1
- package/dist/src/native/MemoryScanSession.js +2 -2
- package/dist/src/native/MemoryScanner.js +4 -8
- package/dist/src/native/NativeMemoryManager.impl.js +2 -2
- package/dist/src/native/PEAnalyzer.js +14 -15
- package/dist/src/native/PointerChainEngine.js +2 -4
- package/dist/src/native/ScriptLoader.js +4 -9
- package/dist/src/native/Speedhack.js +1 -1
- package/dist/src/native/StructureAnalyzer.js +52 -33
- package/dist/src/native/Win32API.d.ts +1 -0
- package/dist/src/native/Win32API.js +13 -0
- package/dist/src/native/Win32Debug.js +19 -19
- package/dist/src/native/platform/darwin/DarwinAPI.d.ts +2 -0
- package/dist/src/native/platform/darwin/DarwinAPI.js +8 -0
- package/dist/src/native/platform/darwin/DarwinMemoryProvider.js +6 -1
- package/dist/src/server/MCPServer.context.d.ts +3 -1
- package/dist/src/server/MCPServer.d.ts +2 -1
- package/dist/src/server/MCPServer.domain.d.ts +1 -1
- package/dist/src/server/MCPServer.domain.js +81 -16
- package/dist/src/server/MCPServer.js +41 -14
- package/dist/src/server/MCPServer.resources.d.ts +2 -0
- package/dist/src/server/MCPServer.resources.js +91 -0
- package/dist/src/server/MCPServer.search.handlers.call.js +2 -1
- package/dist/src/server/MCPServer.search.helpers.js +1 -1
- package/dist/src/server/MCPServer.transport.js +12 -0
- package/dist/src/server/ToolCallContextGuard.js +8 -0
- package/dist/src/server/ToolRouter.d.ts +25 -9
- package/dist/src/server/ToolRouter.intent.d.ts +26 -0
- package/dist/src/server/ToolRouter.intent.js +77 -0
- package/dist/src/server/ToolRouter.js +103 -284
- package/dist/src/server/ToolRouter.policy.d.ts +22 -0
- package/dist/src/server/ToolRouter.policy.js +163 -0
- package/dist/src/server/ToolRouter.probe.d.ts +17 -0
- package/dist/src/server/ToolRouter.probe.js +103 -0
- package/dist/src/server/ToolRouter.renderer.d.ts +9 -0
- package/dist/src/server/ToolRouter.renderer.js +52 -0
- package/dist/src/server/activation/ActivationController.js +15 -12
- package/dist/src/server/activation/CompoundConditionEngine.js +1 -1
- package/dist/src/server/activation/PredictiveBooster.js +1 -3
- package/dist/src/server/domains/analysis/definitions.js +155 -655
- package/dist/src/server/domains/analysis/handlers.impl.js +26 -20
- package/dist/src/server/domains/analysis/handlers.web-tools.js +2 -1
- package/dist/src/server/domains/analysis/manifest.js +6 -4
- package/dist/src/server/domains/antidebug/definitions.js +25 -111
- package/dist/src/server/domains/browser/definitions.tools.advanced.js +59 -88
- package/dist/src/server/domains/browser/definitions.tools.behavior.js +120 -227
- package/dist/src/server/domains/browser/definitions.tools.page-core.js +210 -439
- package/dist/src/server/domains/browser/definitions.tools.page-system.js +108 -250
- package/dist/src/server/domains/browser/definitions.tools.runtime.js +98 -211
- package/dist/src/server/domains/browser/definitions.tools.security.js +194 -339
- package/dist/src/server/domains/browser/handlers/camoufox-browser.js +3 -2
- package/dist/src/server/domains/browser/handlers/captcha-solver.js +3 -3
- package/dist/src/server/domains/browser/handlers/dom-query.js +2 -1
- package/dist/src/server/domains/browser/handlers/framework-state.js +27 -9
- package/dist/src/server/domains/browser/handlers/indexeddb-dump.js +21 -20
- package/dist/src/server/domains/browser/handlers/script-management.js +1 -1
- package/dist/src/server/domains/browser/handlers/stealth-injection.d.ts +1 -0
- package/dist/src/server/domains/browser/handlers/stealth-injection.js +3 -0
- package/dist/src/server/domains/browser/handlers.impl.d.ts +1 -2
- package/dist/src/server/domains/browser/handlers.impl.js +2 -3
- package/dist/src/server/domains/browser/manifest.js +37 -13
- package/dist/src/server/domains/coordination/definitions.js +50 -216
- package/dist/src/server/domains/coordination/index.d.ts +2 -1
- package/dist/src/server/domains/coordination/index.js +1 -0
- package/dist/src/server/domains/debugger/definitions.tools.advanced.js +72 -189
- package/dist/src/server/domains/debugger/definitions.tools.core.js +114 -288
- package/dist/src/server/domains/debugger/manifest.js +9 -2
- package/dist/src/server/domains/encoding/definitions.js +43 -153
- package/dist/src/server/domains/encoding/handlers.base.js +2 -2
- package/dist/src/server/domains/evidence/definitions.d.ts +2 -0
- package/dist/src/server/domains/evidence/definitions.js +42 -0
- package/dist/src/server/domains/evidence/handlers.d.ts +582 -0
- package/dist/src/server/domains/evidence/handlers.js +60 -0
- package/dist/src/server/domains/evidence/index.d.ts +2 -0
- package/dist/src/server/domains/evidence/index.js +2 -0
- package/dist/src/server/domains/evidence/manifest.d.ts +63 -0
- package/dist/src/server/domains/evidence/manifest.js +78 -0
- package/dist/src/server/domains/graphql/definitions.js +53 -141
- package/dist/src/server/domains/graphql/handlers.impl.core.runtime.replay.js +92 -114
- package/dist/src/server/domains/graphql/handlers.impl.core.runtime.shared.js +77 -77
- package/dist/src/server/domains/hooks/ai-handlers.d.ts +0 -7
- package/dist/src/server/domains/hooks/ai-handlers.js +1 -67
- package/dist/src/server/domains/hooks/definitions.js +69 -335
- package/dist/src/server/domains/hooks/manifest.d.ts +1 -1
- package/dist/src/server/domains/hooks/manifest.js +1 -2
- package/dist/src/server/domains/instrumentation/definitions.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/definitions.js +99 -0
- package/dist/src/server/domains/instrumentation/handlers.d.ts +78 -0
- package/dist/src/server/domains/instrumentation/handlers.js +206 -0
- package/dist/src/server/domains/instrumentation/index.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/index.js +2 -0
- package/dist/src/server/domains/instrumentation/manifest.d.ts +63 -0
- package/dist/src/server/domains/instrumentation/manifest.js +114 -0
- package/dist/src/server/domains/macro/definitions.js +16 -43
- package/dist/src/server/domains/maintenance/definitions.js +60 -219
- package/dist/src/server/domains/maintenance/handlers.extensions.js +78 -20
- package/dist/src/server/domains/memory/definitions.js +387 -559
- package/dist/src/server/domains/memory/handlers/hooks.d.ts +55 -0
- package/dist/src/server/domains/memory/handlers/hooks.js +115 -0
- package/dist/src/server/domains/memory/handlers/integrity.d.ts +77 -0
- package/dist/src/server/domains/memory/handlers/integrity.js +180 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.js +82 -0
- package/dist/src/server/domains/memory/handlers/readwrite.d.ts +41 -0
- package/dist/src/server/domains/memory/handlers/readwrite.js +78 -0
- package/dist/src/server/domains/memory/handlers/scan.d.ts +35 -0
- package/dist/src/server/domains/memory/handlers/scan.js +97 -0
- package/dist/src/server/domains/memory/handlers/session.d.ts +23 -0
- package/dist/src/server/domains/memory/handlers/session.js +49 -0
- package/dist/src/server/domains/memory/handlers/structure.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/structure.js +74 -0
- package/dist/src/server/domains/memory/handlers.impl.d.ts +49 -54
- package/dist/src/server/domains/memory/handlers.impl.js +63 -494
- package/dist/src/server/domains/memory/manifest.js +236 -64
- package/dist/src/server/domains/native-bridge/definitions.js +54 -192
- package/dist/src/server/domains/native-bridge/index.d.ts +1 -0
- package/dist/src/server/domains/native-bridge/index.js +2 -1
- package/dist/src/server/domains/network/auth-extractor.js +1 -1
- package/dist/src/server/domains/network/definitions.js +175 -578
- package/dist/src/server/domains/network/handlers.base.core.d.ts +64 -0
- package/dist/src/server/domains/network/handlers.base.core.js +623 -0
- package/dist/src/server/domains/network/handlers.base.d.ts +2 -124
- package/dist/src/server/domains/network/handlers.base.js +3 -878
- package/dist/src/server/domains/network/handlers.base.performance.d.ts +63 -0
- package/dist/src/server/domains/network/handlers.base.performance.js +193 -0
- package/dist/src/server/domains/network/handlers.base.types.d.ts +42 -0
- package/dist/src/server/domains/network/handlers.base.types.js +89 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.d.ts +1 -1
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.d.ts +21 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.js +186 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.js +1 -1
- package/dist/src/server/domains/network/manifest.js +15 -0
- package/dist/src/server/domains/network/replay.js +1 -4
- package/dist/src/server/domains/platform/definitions.js +121 -112
- package/dist/src/server/domains/platform/handlers/bridge-handlers.d.ts +4 -0
- package/dist/src/server/domains/platform/handlers/bridge-handlers.js +193 -4
- package/dist/src/server/domains/platform/handlers/electron-asar-helpers.js +26 -6
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.js +170 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.js +193 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.d.ts +6 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.js +95 -2
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.js +370 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.js +78 -0
- package/dist/src/server/domains/platform/handlers/miniapp-handlers.js +3 -3
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.js +207 -0
- package/dist/src/server/domains/platform/handlers.d.ts +48 -0
- package/dist/src/server/domains/platform/handlers.js +29 -0
- package/dist/src/server/domains/platform/manifest.js +38 -0
- package/dist/src/server/domains/process/definitions.js +163 -647
- package/dist/src/server/domains/process/handlers.base.d.ts +3 -95
- package/dist/src/server/domains/process/handlers.base.js +7 -462
- package/dist/src/server/domains/process/handlers.base.process.d.ts +61 -0
- package/dist/src/server/domains/process/handlers.base.process.js +417 -0
- package/dist/src/server/domains/process/handlers.base.types.d.ts +57 -0
- package/dist/src/server/domains/process/handlers.base.types.js +50 -0
- package/dist/src/server/domains/process/handlers.impl.core.runtime.inject.js +18 -16
- package/dist/src/server/domains/process/manifest.js +6 -1
- package/dist/src/server/domains/sandbox/definitions.js +11 -33
- package/dist/src/server/domains/sandbox/handlers.js +8 -3
- package/dist/src/server/domains/shared/ResponseBuilder.d.ts +209 -0
- package/dist/src/server/domains/shared/ResponseBuilder.js +48 -0
- package/dist/src/server/domains/shared/modules.d.ts +0 -2
- package/dist/src/server/domains/shared/modules.js +0 -1
- package/dist/src/server/domains/shared-state-board/definitions.d.ts +2 -0
- package/dist/src/server/domains/shared-state-board/definitions.js +78 -0
- package/dist/src/server/domains/shared-state-board/handlers.impl.d.ts +58 -0
- package/dist/src/server/domains/shared-state-board/handlers.impl.js +419 -0
- package/dist/src/server/domains/shared-state-board/index.d.ts +2 -0
- package/dist/src/server/domains/shared-state-board/index.js +2 -0
- package/dist/src/server/domains/shared-state-board/manifest.d.ts +57 -0
- package/dist/src/server/domains/shared-state-board/manifest.js +74 -0
- package/dist/src/server/domains/sourcemap/definitions.js +27 -111
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-common.js +7 -2
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-main.js +1 -1
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-parse-base.js +1 -1
- package/dist/src/server/domains/sourcemap/manifest.d.ts +1 -1
- package/dist/src/server/domains/sourcemap/manifest.js +1 -1
- package/dist/src/server/domains/streaming/definitions.js +36 -148
- package/dist/src/server/domains/streaming/handlers.impl.streaming-sse.js +163 -164
- package/dist/src/server/domains/streaming/handlers.impl.streaming-ws.js +1 -1
- package/dist/src/server/domains/trace/TraceSummarizer.js +8 -5
- package/dist/src/server/domains/trace/definitions.tools.js +51 -206
- package/dist/src/server/domains/trace/handlers.js +10 -12
- package/dist/src/server/domains/trace/index.d.ts +2 -1
- package/dist/src/server/domains/trace/index.js +2 -1
- package/dist/src/server/domains/trace/manifest.js +15 -3
- package/dist/src/server/domains/transform/definitions.js +50 -210
- package/dist/src/server/domains/transform/handlers.impl.transform-base.js +108 -108
- package/dist/src/server/domains/transform/handlers.impl.transform-crypto.js +18 -19
- package/dist/src/server/domains/transform/manifest.d.ts +1 -1
- package/dist/src/server/domains/transform/manifest.js +1 -1
- package/dist/src/server/domains/wasm/definitions.js +55 -232
- package/dist/src/server/domains/wasm/handlers.js +1 -1
- package/dist/src/server/domains/workflow/definitions.js +144 -414
- package/dist/src/server/domains/workflow/handlers.impl.workflow-account-bundle.js +1 -1
- package/dist/src/server/domains/workflow/handlers.impl.workflow-api.js +51 -51
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.d.ts +2 -0
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.js +126 -87
- package/dist/src/server/domains/workflow/handlers.impl.workflow-batch.js +5 -5
- package/dist/src/server/evidence/ReverseEvidenceGraph.d.ts +20 -0
- package/dist/src/server/evidence/ReverseEvidenceGraph.js +208 -0
- package/dist/src/server/evidence/index.d.ts +2 -0
- package/dist/src/server/evidence/index.js +1 -0
- package/dist/src/server/evidence/types.d.ts +22 -0
- package/dist/src/server/evidence/types.js +1 -0
- package/dist/src/server/extensions/ExtensionManager.d.ts +1 -0
- package/dist/src/server/extensions/ExtensionManager.discovery.js +72 -9
- package/dist/src/server/extensions/ExtensionManager.integrity.js +1 -1
- package/dist/src/server/extensions/ExtensionManager.js +193 -40
- package/dist/src/server/extensions/ExtensionManager.roots.d.ts +1 -1
- package/dist/src/server/extensions/ExtensionManager.roots.js +4 -4
- package/dist/src/server/extensions/plugin-config.js +1 -1
- package/dist/src/server/extensions/plugin-env.d.ts +1 -1
- package/dist/src/server/extensions/plugin-env.js +10 -4
- package/dist/src/server/extensions/types.d.ts +17 -0
- package/dist/src/server/extensions/types.js +1 -1
- package/dist/src/server/http/SseStream.d.ts +21 -0
- package/dist/src/server/http/SseStream.js +129 -0
- package/dist/src/server/instrumentation/EvidenceGraphBridge.d.ts +13 -0
- package/dist/src/server/instrumentation/EvidenceGraphBridge.js +150 -0
- package/dist/src/server/instrumentation/InstrumentationSession.d.ts +60 -0
- package/dist/src/server/instrumentation/InstrumentationSession.js +269 -0
- package/dist/src/server/instrumentation/index.d.ts +2 -0
- package/dist/src/server/instrumentation/index.js +2 -0
- package/dist/src/server/instrumentation/types.d.ts +62 -0
- package/dist/src/server/instrumentation/types.js +7 -0
- package/dist/src/server/macros/MacroConfigLoader.d.ts +6 -5
- package/dist/src/server/macros/MacroConfigLoader.js +61 -59
- package/dist/src/server/macros/MacroRunner.js +6 -2
- package/dist/src/server/macros/builtins/index.d.ts +2 -3
- package/dist/src/server/macros/builtins/index.js +51 -7
- package/dist/src/server/plugins/PluginContract.d.ts +1 -1
- package/dist/src/server/registry/contracts.d.ts +1 -1
- package/dist/src/server/registry/discovery.js +5 -4
- package/dist/src/server/registry/ensure-browser-core.js +0 -3
- package/dist/src/server/registry/index.js +4 -4
- package/dist/src/server/registry/tool-builder.d.ts +46 -0
- package/dist/src/server/registry/tool-builder.js +105 -0
- package/dist/src/server/sandbox/QuickJSSandbox.js +16 -5
- package/dist/src/server/sandbox/SandboxHelpers.js +250 -250
- package/dist/src/server/search/EmbeddingWorker.js +5 -3
- package/dist/src/server/search/FeedbackTracker.d.ts +9 -0
- package/dist/src/server/search/FeedbackTracker.js +26 -0
- package/dist/src/server/search/QueryNormalizer.d.ts +6 -0
- package/dist/src/server/search/QueryNormalizer.js +94 -0
- package/dist/src/server/search/ToolSearchEngineImpl.d.ts +2 -3
- package/dist/src/server/search/ToolSearchEngineImpl.js +38 -88
- package/dist/src/server/teams/TeamManager.d.ts +43 -0
- package/dist/src/server/teams/TeamManager.js +238 -0
- package/dist/src/server/teams/index.d.ts +1 -0
- package/dist/src/server/teams/index.js +1 -0
- package/dist/src/server/workflows/WorkflowContract.d.ts +44 -4
- package/dist/src/server/workflows/WorkflowContract.js +52 -0
- package/dist/src/server/workflows/WorkflowEngine.d.ts +1 -0
- package/dist/src/server/workflows/WorkflowEngine.js +314 -4
- package/dist/src/types/config.d.ts +0 -14
- package/dist/src/types/deobfuscator.d.ts +1 -1
- package/dist/src/types/index.d.ts +1 -1
- package/dist/src/utils/DetailedDataManager.js +2 -0
- package/dist/src/utils/RingBuffer.js +5 -5
- package/dist/src/utils/TokenBudgetManager.js +1 -1
- package/dist/src/utils/UnifiedCacheManager.js +1 -1
- package/dist/src/utils/artifactRetention.js +2 -2
- package/dist/src/utils/betterSqlite3.d.ts +11 -0
- package/dist/src/utils/betterSqlite3.js +88 -0
- package/dist/src/utils/browserExecutable.js +2 -2
- package/dist/src/utils/cache/CachedDecorator.d.ts +8 -0
- package/dist/src/utils/cache/CachedDecorator.js +55 -0
- package/dist/src/utils/cache/PersistentCache.d.ts +33 -0
- package/dist/src/utils/cache/PersistentCache.js +246 -0
- package/dist/src/utils/cache/index.d.ts +2 -0
- package/dist/src/utils/cache/index.js +2 -0
- package/dist/src/utils/cliFastPath.js +5 -8
- package/dist/src/utils/config.js +4 -26
- package/dist/src/utils/environmentDoctor.js +138 -11
- package/dist/src/utils/outputPaths.js +16 -9
- package/dist/src/utils/parallel.js +1 -3
- package/package.json +82 -81
- package/scripts/postinstall.cjs +54 -27
- package/workflows/.gitkeep +0 -0
- package/workflows/anti-bot-diagnoser/.jshook-install.json +14 -0
- package/workflows/anti-bot-diagnoser/LICENSE +21 -0
- package/workflows/anti-bot-diagnoser/README.md +105 -0
- package/workflows/anti-bot-diagnoser/docs/agent-recipes.md +44 -0
- package/workflows/anti-bot-diagnoser/meta.yaml +6 -0
- package/workflows/anti-bot-diagnoser/package.json +22 -0
- package/workflows/anti-bot-diagnoser/tsconfig.json +15 -0
- package/workflows/anti-bot-diagnoser/workflow.ts +224 -0
- package/workflows/api-openapi-probe/.jshook-install.json +14 -0
- package/workflows/api-openapi-probe/meta.yaml +6 -0
- package/workflows/api-openapi-probe/package.json +22 -0
- package/workflows/api-openapi-probe/pnpm-lock.yaml +819 -0
- package/workflows/api-openapi-probe/tsconfig.json +15 -0
- package/workflows/api-openapi-probe/workflow.ts +40 -0
- package/workflows/api-probe-batch/.jshook-install.json +14 -0
- package/workflows/api-probe-batch/LICENSE +21 -0
- package/workflows/api-probe-batch/README.md +45 -0
- package/workflows/api-probe-batch/meta.yaml +4 -0
- package/workflows/api-probe-batch/package.json +23 -0
- package/workflows/api-probe-batch/tsconfig.json +16 -0
- package/workflows/api-probe-batch/workflow.ts +111 -0
- package/workflows/auth-bootstrap/.jshook-install.json +14 -0
- package/workflows/auth-bootstrap/LICENSE +21 -0
- package/workflows/auth-bootstrap/README.md +74 -0
- package/workflows/auth-bootstrap/meta.yaml +4 -0
- package/workflows/auth-bootstrap/package.json +23 -0
- package/workflows/auth-bootstrap/tsconfig.json +16 -0
- package/workflows/auth-bootstrap/workflow.ts +141 -0
- package/workflows/auth-extract/.jshook-install.json +14 -0
- package/workflows/auth-extract/meta.yaml +6 -0
- package/workflows/auth-extract/package.json +22 -0
- package/workflows/auth-extract/pnpm-lock.yaml +819 -0
- package/workflows/auth-extract/tsconfig.json +15 -0
- package/workflows/auth-extract/workflow.ts +36 -0
- package/workflows/auth-surface-mapper/.jshook-install.json +14 -0
- package/workflows/auth-surface-mapper/meta.yaml +6 -0
- package/workflows/auth-surface-mapper/package.json +22 -0
- package/workflows/auth-surface-mapper/pnpm-lock.yaml +819 -0
- package/workflows/auth-surface-mapper/tsconfig.json +15 -0
- package/workflows/auth-surface-mapper/workflow.ts +104 -0
- package/workflows/batch-register/.jshook-install.json +14 -0
- package/workflows/batch-register/LICENSE +21 -0
- package/workflows/batch-register/README.md +39 -0
- package/workflows/batch-register/meta.yaml +4 -0
- package/workflows/batch-register/package.json +23 -0
- package/workflows/batch-register/tsconfig.json +16 -0
- package/workflows/batch-register/workflow.ts +67 -0
- package/workflows/bundle-recovery/.jshook-install.json +14 -0
- package/workflows/bundle-recovery/LICENSE +21 -0
- package/workflows/bundle-recovery/README.md +105 -0
- package/workflows/bundle-recovery/docs/agent-recipes.md +44 -0
- package/workflows/bundle-recovery/meta.yaml +6 -0
- package/workflows/bundle-recovery/package.json +22 -0
- package/workflows/bundle-recovery/tsconfig.json +15 -0
- package/workflows/bundle-recovery/workflow.ts +179 -0
- package/workflows/challenge-detector/.jshook-install.json +14 -0
- package/workflows/challenge-detector/meta.yaml +14 -0
- package/workflows/challenge-detector/package.json +22 -0
- package/workflows/challenge-detector/pnpm-lock.yaml +819 -0
- package/workflows/challenge-detector/tsconfig.json +15 -0
- package/workflows/challenge-detector/workflow.ts +298 -0
- package/workflows/deobfuscation-pipeline/.jshook-install.json +14 -0
- package/workflows/deobfuscation-pipeline/meta.yaml +6 -0
- package/workflows/deobfuscation-pipeline/package.json +22 -0
- package/workflows/deobfuscation-pipeline/pnpm-lock.yaml +819 -0
- package/workflows/deobfuscation-pipeline/tsconfig.json +15 -0
- package/workflows/deobfuscation-pipeline/workflow.ts +119 -0
- package/workflows/electron-bridge-mapper/.jshook-install.json +14 -0
- package/workflows/electron-bridge-mapper/meta.yaml +6 -0
- package/workflows/electron-bridge-mapper/package.json +22 -0
- package/workflows/electron-bridge-mapper/pnpm-lock.yaml +819 -0
- package/workflows/electron-bridge-mapper/tsconfig.json +15 -0
- package/workflows/electron-bridge-mapper/workflow.ts +125 -0
- package/workflows/evidence-pack/.jshook-install.json +14 -0
- package/workflows/evidence-pack/LICENSE +21 -0
- package/workflows/evidence-pack/README.md +105 -0
- package/workflows/evidence-pack/docs/agent-recipes.md +44 -0
- package/workflows/evidence-pack/meta.yaml +6 -0
- package/workflows/evidence-pack/package.json +22 -0
- package/workflows/evidence-pack/tsconfig.json +15 -0
- package/workflows/evidence-pack/workflow.ts +154 -0
- package/workflows/js-bundle-search/.jshook-install.json +14 -0
- package/workflows/js-bundle-search/LICENSE +21 -0
- package/workflows/js-bundle-search/README.md +46 -0
- package/workflows/js-bundle-search/meta.yaml +4 -0
- package/workflows/js-bundle-search/package.json +23 -0
- package/workflows/js-bundle-search/tsconfig.json +16 -0
- package/workflows/js-bundle-search/workflow.ts +118 -0
- package/workflows/protocol-registry/.jshook-install.json +14 -0
- package/workflows/protocol-registry/meta.yaml +6 -0
- package/workflows/protocol-registry/package.json +22 -0
- package/workflows/protocol-registry/pnpm-lock.yaml +819 -0
- package/workflows/protocol-registry/tsconfig.json +15 -0
- package/workflows/protocol-registry/workflow.ts +107 -0
- package/workflows/qwen-mail-open-latest/meta.yaml +7 -0
- package/workflows/qwen-mail-open-latest/package.json +22 -0
- package/workflows/qwen-mail-open-latest/pnpm-lock.yaml +819 -0
- package/workflows/qwen-mail-open-latest/tsconfig.json +15 -0
- package/workflows/qwen-mail-open-latest/workflow.ts +77 -0
- package/workflows/register-account-flow/.jshook-install.json +14 -0
- package/workflows/register-account-flow/LICENSE +21 -0
- package/workflows/register-account-flow/README.md +64 -0
- package/workflows/register-account-flow/meta.yaml +4 -0
- package/workflows/register-account-flow/package.json +23 -0
- package/workflows/register-account-flow/tsconfig.json +16 -0
- package/workflows/register-account-flow/workflow.ts +127 -0
- package/workflows/replay-lab/.jshook-install.json +14 -0
- package/workflows/replay-lab/meta.yaml +6 -0
- package/workflows/replay-lab/package.json +22 -0
- package/workflows/replay-lab/pnpm-lock.yaml +819 -0
- package/workflows/replay-lab/tsconfig.json +15 -0
- package/workflows/replay-lab/workflow.ts +106 -0
- package/workflows/script-evidence-scan/.jshook-install.json +14 -0
- package/workflows/script-evidence-scan/LICENSE +21 -0
- package/workflows/script-evidence-scan/README.md +61 -0
- package/workflows/script-evidence-scan/meta.yaml +4 -0
- package/workflows/script-evidence-scan/package.json +23 -0
- package/workflows/script-evidence-scan/tsconfig.json +16 -0
- package/workflows/script-evidence-scan/workflow.ts +89 -0
- package/workflows/signature-hunter/.jshook-install.json +14 -0
- package/workflows/signature-hunter/LICENSE +21 -0
- package/workflows/signature-hunter/README.md +105 -0
- package/workflows/signature-hunter/docs/agent-recipes.md +44 -0
- package/workflows/signature-hunter/meta.yaml +6 -0
- package/workflows/signature-hunter/package.json +22 -0
- package/workflows/signature-hunter/tsconfig.json +15 -0
- package/workflows/signature-hunter/workflow.ts +170 -0
- package/workflows/signing-lineage/.jshook-install.json +14 -0
- package/workflows/signing-lineage/meta.yaml +6 -0
- package/workflows/signing-lineage/package.json +22 -0
- package/workflows/signing-lineage/pnpm-lock.yaml +819 -0
- package/workflows/signing-lineage/tsconfig.json +15 -0
- package/workflows/signing-lineage/workflow.ts +120 -0
- package/workflows/temp-mail-extract-link/.jshook-install.json +14 -0
- package/workflows/temp-mail-extract-link/LICENSE +21 -0
- package/workflows/temp-mail-extract-link/README.md +71 -0
- package/workflows/temp-mail-extract-link/meta.yaml +4 -0
- package/workflows/temp-mail-extract-link/package.json +23 -0
- package/workflows/temp-mail-extract-link/tsconfig.json +16 -0
- package/workflows/temp-mail-extract-link/workflow.ts +221 -0
- package/workflows/temp-mail-open-latest/.jshook-install.json +14 -0
- package/workflows/temp-mail-open-latest/LICENSE +21 -0
- package/workflows/temp-mail-open-latest/README.md +61 -0
- package/workflows/temp-mail-open-latest/meta.yaml +4 -0
- package/workflows/temp-mail-open-latest/package.json +23 -0
- package/workflows/temp-mail-open-latest/tsconfig.json +16 -0
- package/workflows/temp-mail-open-latest/workflow.ts +136 -0
- package/workflows/template/.jshook-install.json +14 -0
- package/workflows/template/LICENSE +21 -0
- package/workflows/template/README.md +45 -0
- package/workflows/template/docs/SKILL.md +111 -0
- package/workflows/template/meta.yaml +6 -0
- package/workflows/template/package.json +22 -0
- package/workflows/template/pnpm-lock.yaml +819 -0
- package/workflows/template/tsconfig.json +15 -0
- package/workflows/template/workflow.ts +73 -0
- package/workflows/web-api-capture-session/.jshook-install.json +14 -0
- package/workflows/web-api-capture-session/LICENSE +21 -0
- package/workflows/web-api-capture-session/README.md +64 -0
- package/workflows/web-api-capture-session/meta.yaml +4 -0
- package/workflows/web-api-capture-session/package.json +23 -0
- package/workflows/web-api-capture-session/tsconfig.json +16 -0
- package/workflows/web-api-capture-session/workflow.ts +124 -0
- package/workflows/ws-protocol-lifter/.jshook-install.json +14 -0
- package/workflows/ws-protocol-lifter/LICENSE +21 -0
- package/workflows/ws-protocol-lifter/README.md +105 -0
- package/workflows/ws-protocol-lifter/docs/agent-recipes.md +44 -0
- package/workflows/ws-protocol-lifter/meta.yaml +6 -0
- package/workflows/ws-protocol-lifter/package.json +22 -0
- package/workflows/ws-protocol-lifter/tsconfig.json +15 -0
- package/workflows/ws-protocol-lifter/workflow.ts +163 -0
- package/dist/src/modules/analyzer/AISummarizer.d.ts +0 -39
- package/dist/src/modules/analyzer/AISummarizer.js +0 -122
- package/dist/src/modules/hook/AIHookGenerator.d.ts +0 -52
- package/dist/src/modules/hook/AIHookGenerator.js +0 -360
- package/dist/src/modules/hook/AIHookGeneratorTemplates.d.ts +0 -9
- package/dist/src/modules/hook/AIHookGeneratorTemplates.js +0 -157
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.js +0 -25
- package/dist/src/server/macros/builtins/unpacker-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/unpacker-flow.js +0 -25
- package/dist/src/services/LLMService.d.ts +0 -37
- package/dist/src/services/LLMService.js +0 -233
- package/dist/src/services/prompts/analysis.d.ts +0 -9
- package/dist/src/services/prompts/analysis.js +0 -158
- package/dist/src/services/prompts/crypto.d.ts +0 -2
- package/dist/src/services/prompts/crypto.js +0 -108
- package/dist/src/services/prompts/deobfuscation.d.ts +0 -6
- package/dist/src/services/prompts/deobfuscation.js +0 -300
- package/dist/src/services/prompts/environment.d.ts +0 -16
- package/dist/src/services/prompts/environment.js +0 -372
- package/dist/src/services/prompts/intelligence.d.ts +0 -4
- package/dist/src/services/prompts/intelligence.js +0 -250
- package/dist/src/services/prompts/taint.d.ts +0 -2
- package/dist/src/services/prompts/taint.js +0 -54
|
@@ -59,6 +59,20 @@ export declare class JSVMPSymbolicExecutor extends SymbolicExecutor {
|
|
|
59
59
|
private executeAdd;
|
|
60
60
|
private executeSub;
|
|
61
61
|
private executeMul;
|
|
62
|
+
private executeDiv;
|
|
63
|
+
private executeMod;
|
|
64
|
+
private executeAnd;
|
|
65
|
+
private executeOr;
|
|
66
|
+
private executeNot;
|
|
67
|
+
private executeXor;
|
|
68
|
+
private executeEq;
|
|
69
|
+
private executeNe;
|
|
70
|
+
private executeLt;
|
|
71
|
+
private executeLe;
|
|
72
|
+
private executeGt;
|
|
73
|
+
private executeGe;
|
|
74
|
+
private executeJnz;
|
|
75
|
+
private executeDup;
|
|
62
76
|
private executeLoad;
|
|
63
77
|
private executeStore;
|
|
64
78
|
private executeJZ;
|
|
@@ -61,7 +61,7 @@ export class JSVMPSymbolicExecutor extends SymbolicExecutor {
|
|
|
61
61
|
break;
|
|
62
62
|
}
|
|
63
63
|
executionTrace.push(this.cloneStateInternal(state));
|
|
64
|
-
state = this.executeInstruction(state, instruction);
|
|
64
|
+
state = this.executeInstruction(state, instruction, instructions);
|
|
65
65
|
if (instruction.opcode === JSVMPOpcode.HALT) {
|
|
66
66
|
break;
|
|
67
67
|
}
|
|
@@ -88,7 +88,7 @@ export class JSVMPSymbolicExecutor extends SymbolicExecutor {
|
|
|
88
88
|
throw error;
|
|
89
89
|
}
|
|
90
90
|
}
|
|
91
|
-
executeInstruction(state, instruction) {
|
|
91
|
+
executeInstruction(state, instruction, instructions) {
|
|
92
92
|
const newState = this.cloneStateInternal(state);
|
|
93
93
|
switch (instruction.opcode) {
|
|
94
94
|
case JSVMPOpcode.PUSH:
|
|
@@ -106,6 +106,55 @@ export class JSVMPSymbolicExecutor extends SymbolicExecutor {
|
|
|
106
106
|
case JSVMPOpcode.MUL:
|
|
107
107
|
this.executeMul(newState);
|
|
108
108
|
break;
|
|
109
|
+
case JSVMPOpcode.DIV:
|
|
110
|
+
this.executeDiv(newState);
|
|
111
|
+
break;
|
|
112
|
+
case JSVMPOpcode.MOD:
|
|
113
|
+
this.executeMod(newState);
|
|
114
|
+
break;
|
|
115
|
+
case JSVMPOpcode.AND:
|
|
116
|
+
this.executeAnd(newState);
|
|
117
|
+
break;
|
|
118
|
+
case JSVMPOpcode.OR:
|
|
119
|
+
this.executeOr(newState);
|
|
120
|
+
break;
|
|
121
|
+
case JSVMPOpcode.NOT:
|
|
122
|
+
this.executeNot(newState);
|
|
123
|
+
break;
|
|
124
|
+
case JSVMPOpcode.XOR:
|
|
125
|
+
this.executeXor(newState);
|
|
126
|
+
break;
|
|
127
|
+
case JSVMPOpcode.EQ:
|
|
128
|
+
this.executeEq(newState);
|
|
129
|
+
break;
|
|
130
|
+
case JSVMPOpcode.NE:
|
|
131
|
+
this.executeNe(newState);
|
|
132
|
+
break;
|
|
133
|
+
case JSVMPOpcode.LT:
|
|
134
|
+
this.executeLt(newState);
|
|
135
|
+
break;
|
|
136
|
+
case JSVMPOpcode.LE:
|
|
137
|
+
this.executeLe(newState);
|
|
138
|
+
break;
|
|
139
|
+
case JSVMPOpcode.GT:
|
|
140
|
+
this.executeGt(newState);
|
|
141
|
+
break;
|
|
142
|
+
case JSVMPOpcode.GE:
|
|
143
|
+
this.executeGe(newState);
|
|
144
|
+
break;
|
|
145
|
+
case JSVMPOpcode.JNZ:
|
|
146
|
+
this.executeJnz(newState, this.asNumberOperand(instruction.operands[0]));
|
|
147
|
+
return newState;
|
|
148
|
+
case JSVMPOpcode.RET:
|
|
149
|
+
newState.pc = instructions.length;
|
|
150
|
+
return newState;
|
|
151
|
+
case JSVMPOpcode.DUP:
|
|
152
|
+
this.executeDup(newState);
|
|
153
|
+
break;
|
|
154
|
+
case JSVMPOpcode.LOAD_CONST:
|
|
155
|
+
this.executePush(newState, instruction.operands[0]);
|
|
156
|
+
newState.pc++;
|
|
157
|
+
return newState;
|
|
109
158
|
case JSVMPOpcode.LOAD:
|
|
110
159
|
this.executeLoad(newState, this.asStringOperand(instruction.operands[0]));
|
|
111
160
|
break;
|
|
@@ -168,6 +217,136 @@ export class JSVMPSymbolicExecutor extends SymbolicExecutor {
|
|
|
168
217
|
state.stack.push(result);
|
|
169
218
|
}
|
|
170
219
|
}
|
|
220
|
+
executeDiv(state) {
|
|
221
|
+
const b = state.stack.pop();
|
|
222
|
+
const a = state.stack.pop();
|
|
223
|
+
if (a && b) {
|
|
224
|
+
const result = this.createSymbolicValue('number', `${a.name} / ${b.name}`);
|
|
225
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} / ${b.name}`, '');
|
|
226
|
+
state.stack.push(result);
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
executeMod(state) {
|
|
230
|
+
const b = state.stack.pop();
|
|
231
|
+
const a = state.stack.pop();
|
|
232
|
+
if (a && b) {
|
|
233
|
+
const result = this.createSymbolicValue('number', `${a.name} % ${b.name}`);
|
|
234
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} % ${b.name}`, '');
|
|
235
|
+
state.stack.push(result);
|
|
236
|
+
}
|
|
237
|
+
}
|
|
238
|
+
executeAnd(state) {
|
|
239
|
+
const b = state.stack.pop();
|
|
240
|
+
const a = state.stack.pop();
|
|
241
|
+
if (a && b) {
|
|
242
|
+
const result = this.createSymbolicValue('boolean', `${a.name} && ${b.name}`);
|
|
243
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} && ${b.name}`, '');
|
|
244
|
+
state.stack.push(result);
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
executeOr(state) {
|
|
248
|
+
const b = state.stack.pop();
|
|
249
|
+
const a = state.stack.pop();
|
|
250
|
+
if (a && b) {
|
|
251
|
+
const result = this.createSymbolicValue('boolean', `${a.name} || ${b.name}`);
|
|
252
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} || ${b.name}`, '');
|
|
253
|
+
state.stack.push(result);
|
|
254
|
+
}
|
|
255
|
+
}
|
|
256
|
+
executeNot(state) {
|
|
257
|
+
const a = state.stack.pop();
|
|
258
|
+
if (a) {
|
|
259
|
+
const result = this.createSymbolicValue('boolean', `!${a.name}`);
|
|
260
|
+
this.addConstraint(result, 'custom', `${result.name} = !${a.name}`, '');
|
|
261
|
+
state.stack.push(result);
|
|
262
|
+
}
|
|
263
|
+
}
|
|
264
|
+
executeXor(state) {
|
|
265
|
+
const b = state.stack.pop();
|
|
266
|
+
const a = state.stack.pop();
|
|
267
|
+
if (a && b) {
|
|
268
|
+
const result = this.createSymbolicValue('boolean', `${a.name} ^ ${b.name}`);
|
|
269
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} ^ ${b.name}`, '');
|
|
270
|
+
state.stack.push(result);
|
|
271
|
+
}
|
|
272
|
+
}
|
|
273
|
+
executeEq(state) {
|
|
274
|
+
const b = state.stack.pop();
|
|
275
|
+
const a = state.stack.pop();
|
|
276
|
+
if (a && b) {
|
|
277
|
+
const result = this.createSymbolicValue('boolean', `${a.name} === ${b.name}`);
|
|
278
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} === ${b.name}`, '');
|
|
279
|
+
state.stack.push(result);
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
executeNe(state) {
|
|
283
|
+
const b = state.stack.pop();
|
|
284
|
+
const a = state.stack.pop();
|
|
285
|
+
if (a && b) {
|
|
286
|
+
const result = this.createSymbolicValue('boolean', `${a.name} !== ${b.name}`);
|
|
287
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} !== ${b.name}`, '');
|
|
288
|
+
state.stack.push(result);
|
|
289
|
+
}
|
|
290
|
+
}
|
|
291
|
+
executeLt(state) {
|
|
292
|
+
const b = state.stack.pop();
|
|
293
|
+
const a = state.stack.pop();
|
|
294
|
+
if (a && b) {
|
|
295
|
+
const result = this.createSymbolicValue('boolean', `${a.name} < ${b.name}`);
|
|
296
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} < ${b.name}`, '');
|
|
297
|
+
state.stack.push(result);
|
|
298
|
+
}
|
|
299
|
+
}
|
|
300
|
+
executeLe(state) {
|
|
301
|
+
const b = state.stack.pop();
|
|
302
|
+
const a = state.stack.pop();
|
|
303
|
+
if (a && b) {
|
|
304
|
+
const result = this.createSymbolicValue('boolean', `${a.name} <= ${b.name}`);
|
|
305
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} <= ${b.name}`, '');
|
|
306
|
+
state.stack.push(result);
|
|
307
|
+
}
|
|
308
|
+
}
|
|
309
|
+
executeGt(state) {
|
|
310
|
+
const b = state.stack.pop();
|
|
311
|
+
const a = state.stack.pop();
|
|
312
|
+
if (a && b) {
|
|
313
|
+
const result = this.createSymbolicValue('boolean', `${a.name} > ${b.name}`);
|
|
314
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} > ${b.name}`, '');
|
|
315
|
+
state.stack.push(result);
|
|
316
|
+
}
|
|
317
|
+
}
|
|
318
|
+
executeGe(state) {
|
|
319
|
+
const b = state.stack.pop();
|
|
320
|
+
const a = state.stack.pop();
|
|
321
|
+
if (a && b) {
|
|
322
|
+
const result = this.createSymbolicValue('boolean', `${a.name} >= ${b.name}`);
|
|
323
|
+
this.addConstraint(result, 'custom', `${result.name} = ${a.name} >= ${b.name}`, '');
|
|
324
|
+
state.stack.push(result);
|
|
325
|
+
}
|
|
326
|
+
}
|
|
327
|
+
executeJnz(state, target) {
|
|
328
|
+
const condition = state.stack.pop();
|
|
329
|
+
if (condition) {
|
|
330
|
+
const constraint = {
|
|
331
|
+
type: 'inequality',
|
|
332
|
+
expression: `${condition.name} != 0`,
|
|
333
|
+
description: '',
|
|
334
|
+
};
|
|
335
|
+
state.pathConstraints.push(constraint);
|
|
336
|
+
state.pc = target;
|
|
337
|
+
}
|
|
338
|
+
}
|
|
339
|
+
executeDup(state) {
|
|
340
|
+
const value = state.stack[state.stack.length - 1];
|
|
341
|
+
if (value) {
|
|
342
|
+
const dup = this.createSymbolicValue(value.type, value.name, value.source);
|
|
343
|
+
dup.constraints = [...value.constraints];
|
|
344
|
+
if (value.possibleValues) {
|
|
345
|
+
dup.possibleValues = [...value.possibleValues];
|
|
346
|
+
}
|
|
347
|
+
state.stack.push(dup);
|
|
348
|
+
}
|
|
349
|
+
}
|
|
171
350
|
executeLoad(state, varName) {
|
|
172
351
|
const value = state.memory.get(varName);
|
|
173
352
|
if (value) {
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { formatBetterSqlite3Error } from '../../utils/betterSqlite3.js';
|
|
1
2
|
let Database;
|
|
2
3
|
try {
|
|
3
4
|
Database = require('better-sqlite3');
|
|
@@ -19,9 +20,14 @@ export class TraceDB {
|
|
|
19
20
|
constructor(options) {
|
|
20
21
|
this.options = options;
|
|
21
22
|
if (!Database) {
|
|
22
|
-
throw new Error(
|
|
23
|
+
throw new Error(formatBetterSqlite3Error(new Error("Cannot find package 'better-sqlite3'")));
|
|
24
|
+
}
|
|
25
|
+
try {
|
|
26
|
+
this.db = new Database(options.dbPath);
|
|
27
|
+
}
|
|
28
|
+
catch (error) {
|
|
29
|
+
throw new Error(formatBetterSqlite3Error(error), { cause: error });
|
|
23
30
|
}
|
|
24
|
-
this.db = new Database(options.dbPath);
|
|
25
31
|
this.batchSize = options.batchSize ?? 200;
|
|
26
32
|
this.db.pragma('journal_mode = WAL');
|
|
27
33
|
this.db.pragma('synchronous = NORMAL');
|
|
@@ -32,61 +38,61 @@ export class TraceDB {
|
|
|
32
38
|
return this.options.dbPath;
|
|
33
39
|
}
|
|
34
40
|
createSchema() {
|
|
35
|
-
this.db.exec(`
|
|
36
|
-
CREATE TABLE IF NOT EXISTS events (
|
|
37
|
-
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
38
|
-
timestamp REAL NOT NULL,
|
|
39
|
-
category TEXT NOT NULL,
|
|
40
|
-
event_type TEXT NOT NULL,
|
|
41
|
-
data TEXT NOT NULL DEFAULT '{}',
|
|
42
|
-
script_id TEXT,
|
|
43
|
-
line_number INTEGER
|
|
44
|
-
);
|
|
45
|
-
CREATE INDEX IF NOT EXISTS idx_events_timestamp ON events(timestamp);
|
|
46
|
-
CREATE INDEX IF NOT EXISTS idx_events_category_type ON events(category, event_type);
|
|
47
|
-
CREATE INDEX IF NOT EXISTS idx_events_script_id ON events(script_id);
|
|
48
|
-
|
|
49
|
-
CREATE TABLE IF NOT EXISTS memory_deltas (
|
|
50
|
-
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
51
|
-
timestamp REAL NOT NULL,
|
|
52
|
-
address TEXT NOT NULL,
|
|
53
|
-
old_value TEXT NOT NULL,
|
|
54
|
-
new_value TEXT NOT NULL,
|
|
55
|
-
size INTEGER NOT NULL,
|
|
56
|
-
value_type TEXT NOT NULL
|
|
57
|
-
);
|
|
58
|
-
CREATE INDEX IF NOT EXISTS idx_memory_timestamp ON memory_deltas(timestamp);
|
|
59
|
-
CREATE INDEX IF NOT EXISTS idx_memory_address ON memory_deltas(address);
|
|
60
|
-
|
|
61
|
-
CREATE TABLE IF NOT EXISTS heap_snapshots (
|
|
62
|
-
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
63
|
-
timestamp REAL NOT NULL,
|
|
64
|
-
snapshot_data BLOB,
|
|
65
|
-
summary TEXT NOT NULL DEFAULT '{}'
|
|
66
|
-
);
|
|
67
|
-
|
|
68
|
-
CREATE TABLE IF NOT EXISTS metadata (
|
|
69
|
-
key TEXT PRIMARY KEY,
|
|
70
|
-
value TEXT NOT NULL
|
|
71
|
-
);
|
|
41
|
+
this.db.exec(`
|
|
42
|
+
CREATE TABLE IF NOT EXISTS events (
|
|
43
|
+
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
44
|
+
timestamp REAL NOT NULL,
|
|
45
|
+
category TEXT NOT NULL,
|
|
46
|
+
event_type TEXT NOT NULL,
|
|
47
|
+
data TEXT NOT NULL DEFAULT '{}',
|
|
48
|
+
script_id TEXT,
|
|
49
|
+
line_number INTEGER
|
|
50
|
+
);
|
|
51
|
+
CREATE INDEX IF NOT EXISTS idx_events_timestamp ON events(timestamp);
|
|
52
|
+
CREATE INDEX IF NOT EXISTS idx_events_category_type ON events(category, event_type);
|
|
53
|
+
CREATE INDEX IF NOT EXISTS idx_events_script_id ON events(script_id);
|
|
54
|
+
|
|
55
|
+
CREATE TABLE IF NOT EXISTS memory_deltas (
|
|
56
|
+
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
57
|
+
timestamp REAL NOT NULL,
|
|
58
|
+
address TEXT NOT NULL,
|
|
59
|
+
old_value TEXT NOT NULL,
|
|
60
|
+
new_value TEXT NOT NULL,
|
|
61
|
+
size INTEGER NOT NULL,
|
|
62
|
+
value_type TEXT NOT NULL
|
|
63
|
+
);
|
|
64
|
+
CREATE INDEX IF NOT EXISTS idx_memory_timestamp ON memory_deltas(timestamp);
|
|
65
|
+
CREATE INDEX IF NOT EXISTS idx_memory_address ON memory_deltas(address);
|
|
66
|
+
|
|
67
|
+
CREATE TABLE IF NOT EXISTS heap_snapshots (
|
|
68
|
+
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
69
|
+
timestamp REAL NOT NULL,
|
|
70
|
+
snapshot_data BLOB,
|
|
71
|
+
summary TEXT NOT NULL DEFAULT '{}'
|
|
72
|
+
);
|
|
73
|
+
|
|
74
|
+
CREATE TABLE IF NOT EXISTS metadata (
|
|
75
|
+
key TEXT PRIMARY KEY,
|
|
76
|
+
value TEXT NOT NULL
|
|
77
|
+
);
|
|
72
78
|
`);
|
|
73
79
|
}
|
|
74
80
|
prepareStatements() {
|
|
75
|
-
this.insertEventStmt = this.db.prepare(`
|
|
76
|
-
INSERT INTO events (timestamp, category, event_type, data, script_id, line_number)
|
|
77
|
-
VALUES (?, ?, ?, ?, ?, ?)
|
|
81
|
+
this.insertEventStmt = this.db.prepare(`
|
|
82
|
+
INSERT INTO events (timestamp, category, event_type, data, script_id, line_number)
|
|
83
|
+
VALUES (?, ?, ?, ?, ?, ?)
|
|
78
84
|
`);
|
|
79
|
-
this.insertDeltaStmt = this.db.prepare(`
|
|
80
|
-
INSERT INTO memory_deltas (timestamp, address, old_value, new_value, size, value_type)
|
|
81
|
-
VALUES (?, ?, ?, ?, ?, ?)
|
|
85
|
+
this.insertDeltaStmt = this.db.prepare(`
|
|
86
|
+
INSERT INTO memory_deltas (timestamp, address, old_value, new_value, size, value_type)
|
|
87
|
+
VALUES (?, ?, ?, ?, ?, ?)
|
|
82
88
|
`);
|
|
83
|
-
this.insertSnapshotStmt = this.db.prepare(`
|
|
84
|
-
INSERT INTO heap_snapshots (timestamp, snapshot_data, summary)
|
|
85
|
-
VALUES (?, ?, ?)
|
|
89
|
+
this.insertSnapshotStmt = this.db.prepare(`
|
|
90
|
+
INSERT INTO heap_snapshots (timestamp, snapshot_data, summary)
|
|
91
|
+
VALUES (?, ?, ?)
|
|
86
92
|
`);
|
|
87
|
-
this.upsertMetadataStmt = this.db.prepare(`
|
|
88
|
-
INSERT INTO metadata (key, value) VALUES (?, ?)
|
|
89
|
-
ON CONFLICT(key) DO UPDATE SET value = excluded.value
|
|
93
|
+
this.upsertMetadataStmt = this.db.prepare(`
|
|
94
|
+
INSERT INTO metadata (key, value) VALUES (?, ?)
|
|
95
|
+
ON CONFLICT(key) DO UPDATE SET value = excluded.value
|
|
90
96
|
`);
|
|
91
97
|
}
|
|
92
98
|
insertEvent(event) {
|
|
@@ -138,19 +144,19 @@ export class TraceDB {
|
|
|
138
144
|
return { columns, rows: [], rowCount: 0 };
|
|
139
145
|
}
|
|
140
146
|
const columns = Object.keys(rows[0]);
|
|
141
|
-
const rowArrays = rows.map(row => columns.map(col => row[col]));
|
|
147
|
+
const rowArrays = rows.map((row) => columns.map((col) => row[col]));
|
|
142
148
|
return { columns, rows: rowArrays, rowCount: rows.length };
|
|
143
149
|
}
|
|
144
150
|
getEventsByTimeRange(start, end) {
|
|
145
151
|
this.ensureOpen();
|
|
146
152
|
this.flush();
|
|
147
|
-
const stmt = this.db.prepare(`
|
|
148
|
-
SELECT id, timestamp, category, event_type, data, script_id, line_number
|
|
149
|
-
FROM events
|
|
150
|
-
WHERE timestamp >= ? AND timestamp <= ?
|
|
151
|
-
ORDER BY timestamp ASC
|
|
153
|
+
const stmt = this.db.prepare(`
|
|
154
|
+
SELECT id, timestamp, category, event_type, data, script_id, line_number
|
|
155
|
+
FROM events
|
|
156
|
+
WHERE timestamp >= ? AND timestamp <= ?
|
|
157
|
+
ORDER BY timestamp ASC
|
|
152
158
|
`);
|
|
153
|
-
return stmt.all(start, end).map(row => ({
|
|
159
|
+
return stmt.all(start, end).map((row) => ({
|
|
154
160
|
id: row['id'],
|
|
155
161
|
timestamp: row['timestamp'],
|
|
156
162
|
category: row['category'],
|
|
@@ -163,13 +169,13 @@ export class TraceDB {
|
|
|
163
169
|
getMemoryDeltasByAddress(address) {
|
|
164
170
|
this.ensureOpen();
|
|
165
171
|
this.flush();
|
|
166
|
-
const stmt = this.db.prepare(`
|
|
167
|
-
SELECT id, timestamp, address, old_value, new_value, size, value_type
|
|
168
|
-
FROM memory_deltas
|
|
169
|
-
WHERE address = ?
|
|
170
|
-
ORDER BY timestamp ASC
|
|
172
|
+
const stmt = this.db.prepare(`
|
|
173
|
+
SELECT id, timestamp, address, old_value, new_value, size, value_type
|
|
174
|
+
FROM memory_deltas
|
|
175
|
+
WHERE address = ?
|
|
176
|
+
ORDER BY timestamp ASC
|
|
171
177
|
`);
|
|
172
|
-
return stmt.all(address).map(row => ({
|
|
178
|
+
return stmt.all(address).map((row) => ({
|
|
173
179
|
id: row['id'],
|
|
174
180
|
timestamp: row['timestamp'],
|
|
175
181
|
address: row['address'],
|
|
@@ -181,12 +187,12 @@ export class TraceDB {
|
|
|
181
187
|
}
|
|
182
188
|
getHeapSnapshots() {
|
|
183
189
|
this.ensureOpen();
|
|
184
|
-
const stmt = this.db.prepare(`
|
|
185
|
-
SELECT id, timestamp, snapshot_data, summary
|
|
186
|
-
FROM heap_snapshots
|
|
187
|
-
ORDER BY timestamp ASC
|
|
190
|
+
const stmt = this.db.prepare(`
|
|
191
|
+
SELECT id, timestamp, snapshot_data, summary
|
|
192
|
+
FROM heap_snapshots
|
|
193
|
+
ORDER BY timestamp ASC
|
|
188
194
|
`);
|
|
189
|
-
return stmt.all().map(row => ({
|
|
195
|
+
return stmt.all().map((row) => ({
|
|
190
196
|
id: row['id'],
|
|
191
197
|
timestamp: row['timestamp'],
|
|
192
198
|
snapshotData: row['snapshot_data'],
|
|
@@ -4,11 +4,7 @@ import { resolveArtifactPath } from '../../utils/artifacts.js';
|
|
|
4
4
|
const CDP_EVENTS_BY_DOMAIN = {
|
|
5
5
|
Debugger: ['Debugger.paused', 'Debugger.resumed', 'Debugger.scriptParsed'],
|
|
6
6
|
Runtime: ['Runtime.consoleAPICalled', 'Runtime.exceptionThrown'],
|
|
7
|
-
Network: [
|
|
8
|
-
'Network.requestWillBeSent',
|
|
9
|
-
'Network.responseReceived',
|
|
10
|
-
'Network.loadingFinished',
|
|
11
|
-
],
|
|
7
|
+
Network: ['Network.requestWillBeSent', 'Network.responseReceived', 'Network.loadingFinished'],
|
|
12
8
|
Page: ['Page.navigatedWithinDocument', 'Page.loadEventFired'],
|
|
13
9
|
};
|
|
14
10
|
const DEFAULT_CDP_DOMAINS = ['Debugger', 'Runtime', 'Network', 'Page'];
|
|
@@ -1,27 +1,77 @@
|
|
|
1
1
|
import { createHash } from 'node:crypto';
|
|
2
|
-
import {
|
|
2
|
+
import { promises as fs } from 'node:fs';
|
|
3
3
|
import { logger } from '../utils/logger.js';
|
|
4
|
-
import { openProcessForMemory, CloseHandle, ReadProcessMemory, VirtualQueryEx, PAGE, EnumProcessModules, GetModuleBaseName, GetModuleInformation, } from './Win32API.js';
|
|
4
|
+
import { openProcessForMemory, CloseHandle, ReadProcessMemory, VirtualQueryEx, PAGE, EnumProcessModules, GetModuleBaseName, GetModuleFileNameEx, GetModuleInformation, } from './Win32API.js';
|
|
5
5
|
import { PEAnalyzer } from './PEAnalyzer.js';
|
|
6
6
|
const ANTI_DEBUG_IMPORTS = [
|
|
7
7
|
{
|
|
8
8
|
dll: 'kernel32.dll',
|
|
9
9
|
funcs: [
|
|
10
|
-
{
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
10
|
+
{
|
|
11
|
+
name: 'IsDebuggerPresent',
|
|
12
|
+
mechanism: 'anti_debug_api',
|
|
13
|
+
confidence: 'high',
|
|
14
|
+
bypass: 'Hook IsDebuggerPresent to return 0, or patch PEB.BeingDebugged field',
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
name: 'CheckRemoteDebuggerPresent',
|
|
18
|
+
mechanism: 'anti_debug_api',
|
|
19
|
+
confidence: 'high',
|
|
20
|
+
bypass: 'Hook CheckRemoteDebuggerPresent to set output to FALSE and return TRUE',
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
name: 'OutputDebugStringA',
|
|
24
|
+
mechanism: 'exception_based',
|
|
25
|
+
confidence: 'low',
|
|
26
|
+
bypass: 'May be used for anti-debug timing — monitor for exception handler abuse',
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
name: 'GetTickCount',
|
|
30
|
+
mechanism: 'timing_check',
|
|
31
|
+
confidence: 'low',
|
|
32
|
+
bypass: 'Hook GetTickCount to return consistent delta values',
|
|
33
|
+
},
|
|
34
|
+
{
|
|
35
|
+
name: 'GetTickCount64',
|
|
36
|
+
mechanism: 'timing_check',
|
|
37
|
+
confidence: 'low',
|
|
38
|
+
bypass: 'Hook GetTickCount64 to return consistent delta values',
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
name: 'QueryPerformanceCounter',
|
|
42
|
+
mechanism: 'timing_check',
|
|
43
|
+
confidence: 'medium',
|
|
44
|
+
bypass: 'Hook QPC to filter out debugging time deltas',
|
|
45
|
+
},
|
|
16
46
|
],
|
|
17
47
|
},
|
|
18
48
|
{
|
|
19
49
|
dll: 'ntdll.dll',
|
|
20
50
|
funcs: [
|
|
21
|
-
{
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
51
|
+
{
|
|
52
|
+
name: 'NtQueryInformationProcess',
|
|
53
|
+
mechanism: 'ntquery_debug',
|
|
54
|
+
confidence: 'high',
|
|
55
|
+
bypass: 'Hook NtQueryInformationProcess: return 0 for ProcessDebugPort (7), ProcessDebugObjectHandle (30), ProcessDebugFlags (31)',
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
name: 'NtSetInformationThread',
|
|
59
|
+
mechanism: 'thread_hiding',
|
|
60
|
+
confidence: 'medium',
|
|
61
|
+
bypass: 'Hook NtSetInformationThread: intercept ThreadHideFromDebugger (0x11) calls',
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
name: 'NtClose',
|
|
65
|
+
mechanism: 'exception_based',
|
|
66
|
+
confidence: 'low',
|
|
67
|
+
bypass: 'NtClose with invalid handle detects debugger via exception — hook to suppress',
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
name: 'RtlGetNtGlobalFlags',
|
|
71
|
+
mechanism: 'heap_flags',
|
|
72
|
+
confidence: 'medium',
|
|
73
|
+
bypass: 'Clear NtGlobalFlag (FLG_HEAP_*) in PEB at offset 0xBC (x64)',
|
|
74
|
+
},
|
|
25
75
|
],
|
|
26
76
|
},
|
|
27
77
|
];
|
|
@@ -41,7 +91,7 @@ export class AntiCheatDetector {
|
|
|
41
91
|
for (const knownDll of ANTI_DEBUG_IMPORTS) {
|
|
42
92
|
if (dllLower.includes(knownDll.dll.toLowerCase().replace('.dll', ''))) {
|
|
43
93
|
for (const func of knownDll.funcs) {
|
|
44
|
-
if (imp.functions.some(f => f.name === func.name)) {
|
|
94
|
+
if (imp.functions.some((f) => f.name === func.name)) {
|
|
45
95
|
detections.push({
|
|
46
96
|
mechanism: func.mechanism,
|
|
47
97
|
confidence: func.confidence,
|
|
@@ -127,11 +177,11 @@ export class AntiCheatDetector {
|
|
|
127
177
|
try {
|
|
128
178
|
const modules = this._enumerateModules(hProcess);
|
|
129
179
|
const targets = moduleName
|
|
130
|
-
? modules.filter(m => m.name.toLowerCase().includes(moduleName.toLowerCase()))
|
|
180
|
+
? modules.filter((m) => m.name.toLowerCase().includes(moduleName.toLowerCase()))
|
|
131
181
|
: modules;
|
|
132
182
|
for (const mod of targets) {
|
|
133
183
|
try {
|
|
134
|
-
const diskData =
|
|
184
|
+
const diskData = await fs.readFile(mod.path);
|
|
135
185
|
const sections = await this.peAnalyzer.listSections(pid, mod.base);
|
|
136
186
|
for (const sec of sections) {
|
|
137
187
|
if (!sec.isExecutable)
|
|
@@ -174,11 +224,12 @@ export class AntiCheatDetector {
|
|
|
174
224
|
const hMod = modHandles[i];
|
|
175
225
|
const name = GetModuleBaseName(hProcess, hMod);
|
|
176
226
|
const info = GetModuleInformation(hProcess, hMod);
|
|
227
|
+
const modulePath = GetModuleFileNameEx(hProcess, hMod) ?? name;
|
|
177
228
|
if (info.success) {
|
|
178
229
|
modules.push({
|
|
179
230
|
name,
|
|
180
231
|
base: `0x${info.info.lpBaseOfDll.toString(16)}`,
|
|
181
|
-
path:
|
|
232
|
+
path: modulePath,
|
|
182
233
|
size: info.info.SizeOfImage,
|
|
183
234
|
});
|
|
184
235
|
}
|
|
@@ -54,7 +54,7 @@ export class CodeInjector {
|
|
|
54
54
|
}
|
|
55
55
|
}
|
|
56
56
|
async nopBytes(pid, address, count) {
|
|
57
|
-
const nops =
|
|
57
|
+
const nops = Array.from({ length: count }, () => 0x90);
|
|
58
58
|
return this.patchBytes(pid, address, nops);
|
|
59
59
|
}
|
|
60
60
|
async findCodeCaves(pid, minSize) {
|
|
@@ -80,7 +80,7 @@ export class CodeInjector {
|
|
|
80
80
|
let caveStart = -1;
|
|
81
81
|
for (let i = 0; i < chunk.length; i++) {
|
|
82
82
|
const b = chunk[i];
|
|
83
|
-
if (b === 0x00 || b ===
|
|
83
|
+
if (b === 0x00 || b === 0xcc) {
|
|
84
84
|
if (caveStart === -1)
|
|
85
85
|
caveStart = i;
|
|
86
86
|
}
|
|
@@ -123,7 +123,7 @@ export class CodeInjector {
|
|
|
123
123
|
finally {
|
|
124
124
|
CloseHandle(handle);
|
|
125
125
|
}
|
|
126
|
-
return caves.
|
|
126
|
+
return caves.toSorted((a, b) => b.size - a.size);
|
|
127
127
|
}
|
|
128
128
|
async allocateRemote(pid, size) {
|
|
129
129
|
const handle = openProcessForMemory(pid, true);
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { randomUUID } from 'node:crypto';
|
|
2
|
-
import { BREAKPOINT_HIT_TIMEOUT_MS, BREAKPOINT_TRACE_MAX_HITS
|
|
2
|
+
import { BREAKPOINT_HIT_TIMEOUT_MS, BREAKPOINT_TRACE_MAX_HITS } from '../constants.js';
|
|
3
3
|
import { SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, DebugActiveProcess, DebugActiveProcessStop, DebugSetProcessKillOnExit, WaitForDebugEvent, ContinueDebugEvent, EnumerateProcessThreads, openThreadForDebug, parseContext, writeContext, encodeDR7, CONTEXT_FLAGS, EXCEPTION_CODE, DBG, } from './Win32Debug.js';
|
|
4
4
|
import { CloseHandle } from './Win32API.js';
|
|
5
|
+
const toHex = (v) => `0x${v.toString(16).toUpperCase()}`;
|
|
5
6
|
export class HardwareBreakpointEngine {
|
|
6
7
|
breakpoints = new Map();
|
|
7
8
|
attachedPids = new Set();
|
|
@@ -123,10 +124,10 @@ export class HardwareBreakpointEngine {
|
|
|
123
124
|
applyDRToAllThreads(pid, drIndex, address, access, size, enable) {
|
|
124
125
|
const threads = EnumerateProcessThreads(pid);
|
|
125
126
|
const drAccessMap = {
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
127
|
+
execute: 'execute',
|
|
128
|
+
write: 'write',
|
|
129
|
+
readwrite: 'readwrite',
|
|
130
|
+
read: 'read',
|
|
130
131
|
};
|
|
131
132
|
for (const tid of threads) {
|
|
132
133
|
let hThread;
|
|
@@ -172,7 +173,8 @@ export class HardwareBreakpointEngine {
|
|
|
172
173
|
try {
|
|
173
174
|
ResumeThread(hThread);
|
|
174
175
|
}
|
|
175
|
-
catch {
|
|
176
|
+
catch {
|
|
177
|
+
}
|
|
176
178
|
}
|
|
177
179
|
finally {
|
|
178
180
|
CloseHandle(hThread);
|
|
@@ -203,7 +205,6 @@ export class HardwareBreakpointEngine {
|
|
|
203
205
|
bp.lastHit = Date.now();
|
|
204
206
|
ctxBuf.writeBigUInt64LE(0n, 0x68);
|
|
205
207
|
SetThreadContext(hThread, ctxBuf);
|
|
206
|
-
const toHex = (v) => `0x${v.toString(16).toUpperCase()}`;
|
|
207
208
|
return {
|
|
208
209
|
breakpointId: id,
|
|
209
210
|
address: bp.address,
|
|
@@ -213,14 +214,22 @@ export class HardwareBreakpointEngine {
|
|
|
213
214
|
accessType: bp.access,
|
|
214
215
|
timestamp: Date.now(),
|
|
215
216
|
registers: {
|
|
216
|
-
rax: toHex(ctx.rax),
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
217
|
+
rax: toHex(ctx.rax),
|
|
218
|
+
rbx: toHex(ctx.rbx),
|
|
219
|
+
rcx: toHex(ctx.rcx),
|
|
220
|
+
rdx: toHex(ctx.rdx),
|
|
221
|
+
rsi: toHex(ctx.rsi),
|
|
222
|
+
rdi: toHex(ctx.rdi),
|
|
223
|
+
rsp: toHex(ctx.rsp),
|
|
224
|
+
rbp: toHex(ctx.rbp),
|
|
225
|
+
r8: toHex(ctx.r8),
|
|
226
|
+
r9: toHex(ctx.r9),
|
|
227
|
+
r10: toHex(ctx.r10),
|
|
228
|
+
r11: toHex(ctx.r11),
|
|
229
|
+
r12: toHex(ctx.r12),
|
|
230
|
+
r13: toHex(ctx.r13),
|
|
231
|
+
r14: toHex(ctx.r14),
|
|
232
|
+
r15: toHex(ctx.r15),
|
|
224
233
|
rip: toHex(ctx.rip),
|
|
225
234
|
rflags: `0x${ctx.eflags.toString(16).toUpperCase()}`,
|
|
226
235
|
},
|