npm - @jshookmcp/jshook - Versions diffs - 0.2.9 → 0.3.1 - Mend

@jshookmcp/jshook 0.2.9 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (316) hide show

package/README.md +25 -50
package/README.zh.md +25 -48
package/dist/AntiCheatDetector-CGVGNfy5.mjs +1 -0
package/dist/CacheAdapters-CdAxBmVW.mjs +1 -0
package/dist/CodeInjector-BlgyqTOk.mjs +1 -0
package/dist/ConsoleMonitor-Dkqc0HNi.mjs +490 -0
package/dist/DOMInspector-BYY_EJ0C.mjs +95 -0
package/dist/DarwinAPI-DC4HGGLl.mjs +1 -0
package/dist/DetailedDataManager-BniBJlVv.mjs +1 -0
package/dist/EventBus-DgciURGg.mjs +1 -0
package/dist/EvidenceGraphBridge-BIfgB7HP.mjs +1 -0
package/dist/ExtensionManager-erMpqcLk.mjs +1 -0
package/dist/FingerprintManager-N7BZqjxP.mjs +1 -0
package/dist/HardwareBreakpoint-OcJqNFVc.mjs +1 -0
package/dist/HeapAnalyzer-CqAxZzeS.mjs +1 -0
package/dist/{HookGeneratorBuilders.core.generators.storage-CtcdK78Q.mjs → HookGeneratorBuilders.core.generators.storage-Bf1fbrNK.mjs} +66 -174
package/dist/InstrumentationSession-DxXs0sCp.mjs +1 -0
package/dist/MCPServer.search.handlers.domain-DVbWL1bT.mjs +1 -0
package/dist/MemoryController-BaqstM5w.mjs +2 -0
package/dist/MemoryScanSession-CaxAjZJf.mjs +1 -0
package/dist/MemoryScanner-BLYnMJy6.mjs +1 -0
package/dist/NativeMemoryManager.impl-CI554XbY.mjs +1 -0
package/dist/NativeMemoryManager.utils-DM4NC3FE.mjs +1 -0
package/dist/PEAnalyzer-DJyaJTQJ.mjs +1 -0
package/dist/PageController-D9jVkH0i.mjs +1 -0
package/dist/PointerChainEngine-5nF9eNlu.mjs +1 -0
package/dist/PrerequisiteError-Bl3dK8XA.mjs +1 -0
package/dist/ProcessRegistry-Hf12LlR9.mjs +1 -0
package/dist/ResponseBuilder-B2lu4KEl.mjs +1 -0
package/dist/ReverseEvidenceGraph-B931HeoW.mjs +2 -0
package/dist/ScriptManager-fgqiALgj.mjs +7 -0
package/dist/Speedhack-l6s8L2Qw.mjs +1 -0
package/dist/StealthVerifier-Dhbj4B4P.mjs +1 -0
package/dist/StructureAnalyzer-A-WamfYE.mjs +2 -0
package/dist/ToolCatalog-D_IKl1Hu.mjs +1 -0
package/dist/ToolError-DWU_z7gp.mjs +1 -0
package/dist/ToolProbe-xsfALmN3.mjs +1 -0
package/dist/ToolRegistry-B0Zs-phN.mjs +1 -0
package/dist/ToolRouter.policy-CFHoN_Lw.mjs +4 -0
package/dist/TraceRecorder-Dd8jLXpi.mjs +272 -0
package/dist/VersionDetector-DMoUWyNm.mjs +9 -0
package/dist/Win32API-Bhi5xFBe.mjs +1 -0
package/dist/Win32Debug-CQteFL4F.mjs +1 -0
package/dist/WorkflowEngine-CxEp2WXH.mjs +1 -0
package/dist/analysis-BuR-NgX8.mjs +5 -0
package/dist/{antidebug-CqDTB_uk.mjs → antidebug-BOTZH6-0.mjs} +8 -259
package/dist/artifactRetention-NBdncOEW.mjs +1 -0
package/dist/artifacts-B5xQuEa_.mjs +1 -0
package/dist/authorization-schema-B40obG1A.mjs +1 -0
package/dist/betterSqlite3-CGaxz4AX.mjs +1 -0
package/dist/binary-instrument-Cf9qqLlM.mjs +7 -0
package/dist/bind-helpers-BlAOQrFQ.mjs +1 -0
package/dist/boringssl-inspector-BST5vtKx.mjs +2 -0
package/dist/browser-C4Le3xqA.mjs +11 -0
package/dist/capabilities-DbYCv-HF.mjs +1 -0
package/dist/chunk-C_pMuVsO.mjs +1 -0
package/dist/collector-CKO8RPK8.mjs +1 -0
package/dist/concurrency-CcK46d0h.mjs +1 -0
package/dist/constants-Cp6hBrrx.mjs +1 -0
package/dist/coordination-BbijHEHH.mjs +1 -0
package/dist/debugger-CRJq_krh.mjs +1 -0
package/dist/definitions-BGobEDQa.mjs +1 -0
package/dist/definitions-BGwNSkVm.mjs +1 -0
package/dist/definitions-BbxOUiP-.mjs +1 -0
package/dist/definitions-CCP9gphV.mjs +1 -0
package/dist/definitions-CIO9O-Sw.mjs +1 -0
package/dist/definitions-CYFbewnd.mjs +1 -0
package/dist/definitions-CdWEuIkI.mjs +1 -0
package/dist/definitions-CoQFbggH.mjs +1 -0
package/dist/definitions-CuJRsJ6N.mjs +1 -0
package/dist/definitions-DI9YXsJk.mjs +1 -0
package/dist/definitions-DJklW2sS.mjs +1 -0
package/dist/definitions-DZ8uKusP.mjs +1 -0
package/dist/definitions-Dds_zrWx.mjs +1 -0
package/dist/definitions-Dgrg7f3D.mjs +1 -0
package/dist/definitions-DtE0XLrT.mjs +1 -0
package/dist/definitions-LaYTuwQd.mjs +26 -0
package/dist/definitions-NoVp_9Pm.mjs +1 -0
package/dist/definitions-OvGsfxdt.mjs +1 -0
package/dist/definitions-jXPaVy4P.mjs +1 -0
package/dist/encoding-DGcr6Aj_.mjs +2 -0
package/dist/ensure-browser-core-Buls24LQ.mjs +1 -0
package/dist/evidence-graph-bridge-B0yhGPcs.mjs +1 -0
package/dist/factory-Cx_1LorX.mjs +1 -0
package/dist/flat-target-session-CO5g78k3.mjs +1 -0
package/dist/formatAddress-C7j2fDlM.mjs +1 -0
package/dist/graphql-HLf3MS8H.mjs +62 -0
package/dist/handlers-BLMa4X7l.mjs +54 -0
package/dist/handlers-BP12ZsWc.mjs +4 -0
package/dist/handlers-BZoPla6E.mjs +1 -0
package/dist/handlers-BggKiVx9.mjs +2 -0
package/dist/handlers-D3iev8g1.mjs +1 -0
package/dist/handlers-D49r1-1P.mjs +1 -0
package/dist/handlers-DCE45Ww8.mjs +2 -0
package/dist/handlers-DW5AbYs5.mjs +5 -0
package/dist/handlers-De5u62Ga2.mjs +1 -0
package/dist/handlers-DmQzIc44.mjs +31 -0
package/dist/handlers-DnJRGp7t.mjs +302 -0
package/dist/handlers-Dv_runVv.mjs +2 -0
package/dist/handlers-S9Ws0IGy.mjs +2 -0
package/dist/{handlers-Bl8zkwz1.mjs → handlers-pVNpaw4A.mjs} +144 -841
package/dist/handlers.impl-CD2_kOcC.mjs +1 -0
package/dist/hooks-DDKppogd.mjs +600 -0
package/dist/index.mjs +12 -5225
package/dist/logger-sBC6IdRT.mjs +1 -0
package/dist/maintenance-CutEO84j.mjs +1 -0
package/dist/manifest-BFGxlDRh.mjs +123 -0
package/dist/manifest-BPuE6oH2.mjs +1 -0
package/dist/manifest-BXry5N09.mjs +1 -0
package/dist/manifest-BeP_zJGb2.mjs +1 -0
package/dist/manifest-C0g67k6U.mjs +1 -0
package/dist/manifest-C1nZkTkO.mjs +1 -0
package/dist/manifest-C7qV1z7F.mjs +1 -0
package/dist/manifest-CDeUZGUZ.mjs +1 -0
package/dist/manifest-CDiCtaQT.mjs +1 -0
package/dist/manifest-CFn0359q2.mjs +1 -0
package/dist/manifest-CGq4NpqH2.mjs +1 -0
package/dist/manifest-CJMGt7Qy.mjs +1 -0
package/dist/manifest-CRIJq4Hs.mjs +1 -0
package/dist/manifest-C_hEIjSx.mjs +1 -0
package/dist/manifest-CeQmtQOY.mjs +1 -0
package/dist/manifest-Cq0j7GZt.mjs +1 -0
package/dist/manifest-CtPmHAdn.mjs +1 -0
package/dist/manifest-Cx2IVMUY.mjs +1 -0
package/dist/manifest-D16xPXro.mjs +1 -0
package/dist/manifest-D44TaRJU.mjs +1 -0
package/dist/manifest-D610kxZr.mjs +2 -0
package/dist/manifest-DC-SMF6b.mjs +1 -0
package/dist/manifest-DD3rtxvV.mjs +1 -0
package/dist/manifest-DKUorv5M.mjs +1 -0
package/dist/manifest-DMJlcsTR.mjs +1 -0
package/dist/manifest-DWUUWBz0.mjs +1 -0
package/dist/manifest-De-6Wf2R.mjs +1 -0
package/dist/manifest-Dgh0uDW-.mjs +1 -0
package/dist/manifest-Dm0o3i2U.mjs +1 -0
package/dist/manifest-DsVh7Y4U.mjs +1 -0
package/dist/manifest-DtEFSRaq.mjs +1 -0
package/dist/manifest-H-EpAyZQ.mjs +1 -0
package/dist/manifest-ais9Afrw.mjs +1 -0
package/dist/manifest-tmb54wmA.mjs +1 -0
package/dist/manifest-yu2xiQqe.mjs +1 -0
package/dist/manifest-zrbrpKCC.mjs +1 -0
package/dist/matchesWildcardPattern-BGqLSmEs.mjs +1 -0
package/dist/modules-p-PUNv9r.mjs +332 -0
package/dist/mojo-ipc-VGlv3Qyp.mjs +9 -0
package/dist/network-BjZ1Y-GB.mjs +7 -0
package/dist/outputPaths-BonGThuc.mjs +2 -0
package/dist/parse-args-Cuk7-xUt.mjs +1 -0
package/dist/platform-C446Lf97.mjs +93 -0
package/dist/playwright-cdp-fallback-BwVR-_T3.mjs +1 -0
package/dist/process-C9f2A5zk.mjs +962 -0
package/dist/proxy-CvRepxgV.mjs +1 -0
package/dist/registry-DUHIPE-v.mjs +1 -0
package/dist/response-C7rKQst4.mjs +1 -0
package/dist/search-defaults-D2bY-rzH.mjs +1 -0
package/dist/server/plugin-api.mjs +1 -293
package/dist/shared-state-board-Cyg-xh_k.mjs +1 -0
package/dist/sourcemap-D6Q1UuAp.mjs +1 -0
package/dist/ssrf-policy-T96MR3r6.mjs +1 -0
package/dist/streaming-CTX58tbb.mjs +1 -0
package/dist/tool-builder-CI9914Tf.mjs +1 -0
package/dist/transform-Cv9P2vVD.mjs +103 -0
package/dist/types-CuyefmGT.mjs +1 -0
package/dist/types-DtThH00r.mjs +1 -0
package/dist/wasm-DaJa8J0V.mjs +174 -0
package/dist/webcrack-CsLLJIs9.mjs +46 -0
package/dist/workflow-CYIXtrWD.mjs +101 -0
package/package.json +12 -7
package/dist/AntiCheatDetector-BNk-EoBt.mjs +0 -244
package/dist/CacheAdapters-CDe5WPSV.mjs +0 -80
package/dist/CodeInjector-Cq8q01kp.mjs +0 -150
package/dist/ConsoleMonitor-CPVQW1Y-.mjs +0 -2201
package/dist/DarwinAPI-BNPxu0RH.mjs +0 -363
package/dist/DetailedDataManager-BQQcxh64.mjs +0 -217
package/dist/EventBus-DgPmwpeu.mjs +0 -141
package/dist/EvidenceGraphBridge-SFesNera.mjs +0 -153
package/dist/ExtensionManager-CWYgw0YW.mjs +0 -714
package/dist/FingerprintManager-gzWtkKuf.mjs +0 -96
package/dist/HardwareBreakpoint-B9gZCdFP.mjs +0 -239
package/dist/HeapAnalyzer-BLDH0dCv.mjs +0 -284
package/dist/InstrumentationSession-CvPC7Jwy.mjs +0 -244
package/dist/MemoryController-CbVdCIJF.mjs +0 -167
package/dist/MemoryScanSession-BsDZbLYm.mjs +0 -278
package/dist/MemoryScanner-Bcpml6II.mjs +0 -425
package/dist/NativeMemoryManager.impl-dZtA1ZGn.mjs +0 -482
package/dist/NativeMemoryManager.utils-B-FjA2mJ.mjs +0 -165
package/dist/PEAnalyzer-D1lzJ_VG.mjs +0 -385
package/dist/PageController-Bqm2kZ_X.mjs +0 -417
package/dist/PointerChainEngine-BOhyVsjx.mjs +0 -322
package/dist/PrerequisiteError-Dl33Svkz.mjs +0 -20
package/dist/ResponseBuilder-D3iFYx2N.mjs +0 -143
package/dist/ReverseEvidenceGraph-Dlsk94LC.mjs +0 -269
package/dist/ScriptManager-aHHq0X7U.mjs +0 -3000
package/dist/Speedhack-CqdIFlQl.mjs +0 -156
package/dist/StealthVerifier-Bo4T3bz8.mjs +0 -135
package/dist/StructureAnalyzer-DhFaPvRO.mjs +0 -426
package/dist/ToolCatalog-C0JGZoOm.mjs +0 -582
package/dist/ToolError-jh9whhMd.mjs +0 -15
package/dist/ToolProbe-oC7aPrkv.mjs +0 -45
package/dist/ToolRegistry-BjaF4oNz.mjs +0 -131
package/dist/ToolRouter.policy-BWV67ZK-.mjs +0 -304
package/dist/TraceRecorder-DgxyVbdQ.mjs +0 -519
package/dist/VersionDetector-CwVLVdDM.mjs +0 -104
package/dist/Win32API-CePkipZY.mjs +0 -340
package/dist/Win32Debug-BvKs-gxc.mjs +0 -274
package/dist/WorkflowEngine-CuvkZtWu.mjs +0 -598
package/dist/analysis-CL9uACt9.mjs +0 -463
package/dist/artifactRetention-CFEprwPw.mjs +0 -591
package/dist/artifacts-Bk2-_uPq.mjs +0 -59
package/dist/betterSqlite3-0pqusHHH.mjs +0 -74
package/dist/binary-instrument-CXfpx6fT.mjs +0 -979
package/dist/bind-helpers-xFfRF-qm.mjs +0 -22
package/dist/boringssl-inspector-BH2D3VKc.mjs +0 -180
package/dist/browser-BpOr5PEx.mjs +0 -4082
package/dist/chunk-CjcI7cDX.mjs +0 -15
package/dist/concurrency-Bt0yv1kJ.mjs +0 -41
package/dist/constants-B0OANIBL.mjs +0 -519
package/dist/coordination-qUbyF8KU.mjs +0 -259
package/dist/debugger-gnKxRSN0.mjs +0 -1271
package/dist/definitions-6M-eejaT.mjs +0 -53
package/dist/definitions-B18eyf0B.mjs +0 -18
package/dist/definitions-B3QdlrHv.mjs +0 -34
package/dist/definitions-B4rAvHNZ.mjs +0 -63
package/dist/definitions-BB_4jnmy.mjs +0 -37
package/dist/definitions-BMfYXoNC.mjs +0 -43
package/dist/definitions-Beid2EB3.mjs +0 -27
package/dist/definitions-C1UvM5Iy.mjs +0 -126
package/dist/definitions-CXEI7QC72.mjs +0 -216
package/dist/definitions-C_4r7Fo-2.mjs +0 -14
package/dist/definitions-CkFDALoa.mjs +0 -26
package/dist/definitions-Cke7zEb8.mjs +0 -94
package/dist/definitions-ClJLzsJQ.mjs +0 -25
package/dist/definitions-Cq-zroAU.mjs +0 -28
package/dist/definitions-Cy3Sl6gV.mjs +0 -34
package/dist/definitions-D3VsGcvz.mjs +0 -47
package/dist/definitions-DVGfrn7y.mjs +0 -96
package/dist/definitions-LKpC3-nL.mjs +0 -9
package/dist/definitions-bAhHQJq9.mjs +0 -359
package/dist/encoding-Bvz5jLRv.mjs +0 -1065
package/dist/evidence-graph-bridge-C_fv9PuC.mjs +0 -135
package/dist/factory-DxlGh9Xf.mjs +0 -575
package/dist/formatAddress-DVkj9kpI.mjs +0 -17
package/dist/graphql-DYWzJ29s.mjs +0 -1026
package/dist/handlers-9sAbfIg-.mjs +0 -2552
package/dist/handlers-C67ktuRN.mjs +0 -710
package/dist/handlers-C87g8oCe.mjs +0 -276
package/dist/handlers-CTsDAO6p.mjs +0 -681
package/dist/handlers-Cgyg6c0U.mjs +0 -645
package/dist/handlers-D6j6yka7.mjs +0 -2124
package/dist/handlers-DdFzXLvF.mjs +0 -446
package/dist/handlers-DeLOCd5m.mjs +0 -799
package/dist/handlers-DlCJN4Td.mjs +0 -757
package/dist/handlers-DxGIq15_2.mjs +0 -917
package/dist/handlers-U6L4xhuF.mjs +0 -585
package/dist/handlers-tB9Mp9ZK.mjs +0 -84
package/dist/handlers-tiy7EIBp.mjs +0 -572
package/dist/handlers.impl-DS0d9fUw.mjs +0 -761
package/dist/hooks-CzCWByww.mjs +0 -898
package/dist/logger-Dh_xb7_2.mjs +0 -93
package/dist/maintenance-P7ePRXQC.mjs +0 -830
package/dist/manifest-2ToTpjv8.mjs +0 -106
package/dist/manifest-3g71z6Bg.mjs +0 -79
package/dist/manifest-82baTv4U.mjs +0 -45
package/dist/manifest-B3QVVeBS.mjs +0 -82
package/dist/manifest-BB2J8IMJ.mjs +0 -149
package/dist/manifest-BKbgbSiY.mjs +0 -60
package/dist/manifest-Bcf-TJzH.mjs +0 -848
package/dist/manifest-BmtZzQiQ2.mjs +0 -45
package/dist/manifest-Bnd7kqEY.mjs +0 -55
package/dist/manifest-BqQX6OQC2.mjs +0 -65
package/dist/manifest-BqrQ4Tpj.mjs +0 -81
package/dist/manifest-Br4RPFt5.mjs +0 -370
package/dist/manifest-C5qDjysN.mjs +0 -107
package/dist/manifest-C9RT5nk32.mjs +0 -34
package/dist/manifest-CAhOuvSl.mjs +0 -204
package/dist/manifest-CBYWCUBJ.mjs +0 -51
package/dist/manifest-CFADCRa1.mjs +0 -37
package/dist/manifest-CQVhavRF.mjs +0 -114
package/dist/manifest-CT7zZBV1.mjs +0 -48
package/dist/manifest-CV12bcrF.mjs +0 -121
package/dist/manifest-CXsRWjjI.mjs +0 -224
package/dist/manifest-CZLUCfG02.mjs +0 -95
package/dist/manifest-D6phHKFd.mjs +0 -131
package/dist/manifest-DCyjf4n2.mjs +0 -294
package/dist/manifest-DHsnKgP6.mjs +0 -60
package/dist/manifest-Df_dliIe.mjs +0 -55
package/dist/manifest-Dh8WBmEW.mjs +0 -129
package/dist/manifest-DhKRAT8_.mjs +0 -92
package/dist/manifest-DlpTj4ic2.mjs +0 -193
package/dist/manifest-DrbmZcFl2.mjs +0 -253
package/dist/manifest-DuwHjUa5.mjs +0 -70
package/dist/manifest-DzwvxPJX.mjs +0 -38
package/dist/manifest-NXctwWQq.mjs +0 -68
package/dist/manifest-Sc_0JQ13.mjs +0 -418
package/dist/manifest-gZ4s_UtG.mjs +0 -96
package/dist/manifest-qSleDqdO.mjs +0 -1023
package/dist/modules-C184v-S9.mjs +0 -11365
package/dist/mojo-ipc-B_H61Afw.mjs +0 -525
package/dist/network-671Cw6hV.mjs +0 -3346
package/dist/outputPaths-B1uGmrWZ.mjs +0 -1145
package/dist/parse-args-BlRjqlkL.mjs +0 -39
package/dist/platform-WmNn8Sxb.mjs +0 -2070
package/dist/process-QcbIy5Zq.mjs +0 -1401
package/dist/proxy-DqNs0bAd.mjs +0 -170
package/dist/registry-D-6e18lB.mjs +0 -34
package/dist/response-BQVP-xUn.mjs +0 -28
package/dist/shared-state-board-DV-dpHFJ.mjs +0 -586
package/dist/sourcemap-Dq8ez8vS.mjs +0 -650
package/dist/ssrf-policy-ZaUfvhq7.mjs +0 -166
package/dist/streaming-BUQ0VJsg.mjs +0 -725
package/dist/tool-builder-DCbIC5Eo.mjs +0 -186
package/dist/transform-CiYJfNX0.mjs +0 -1007
package/dist/types-Bx92KJfT.mjs +0 -4
package/dist/types-CPhOReNX.mjs +0 -37
package/dist/wasm-DQTnHDs4.mjs +0 -531
package/dist/workflow-f3xJOcjx.mjs +0 -725

package/dist/PEAnalyzer-D1lzJ_VG.mjs DELETED Viewed

@@ -1,385 +0,0 @@
-import { t as logger } from "./logger-Dh_xb7_2.mjs";
-import { a as GetModuleFileNameEx, b as openProcessForMemory, d as ReadProcessMemory, i as GetModuleBaseName, n as EnumProcessModules, s as GetModuleInformation, t as CloseHandle } from "./Win32API-CePkipZY.mjs";
-import { promises } from "node:fs";
-//#region src/native/PEAnalyzer.types.ts
-/** PE section characteristic flags */
-const IMAGE_SCN = {
-	CNT_CODE: 32,
-	CNT_INITIALIZED_DATA: 64,
-	CNT_UNINITIALIZED_DATA: 128,
-	MEM_EXECUTE: 536870912,
-	MEM_READ: 1073741824,
-	MEM_WRITE: 2147483648
-};
-/** Data directory indices */
-const IMAGE_DIRECTORY_ENTRY = {
-	EXPORT: 0,
-	IMPORT: 1,
-	RESOURCE: 2,
-	EXCEPTION: 3,
-	IAT: 12,
-	DELAY_IMPORT: 13
-};
-//#endregion
-//#region src/native/PEAnalyzer.ts
-/**
-* PE Analyzer Engine.
-*
-* Parses PE headers from process memory using ReadProcessMemory.
-* Provides import/export table resolution, inline hook detection,
-* and section anomaly analysis.
-*
-* @module PEAnalyzer
-*/
-const MZ_MAGIC = 23117;
-const PE_SIGNATURE = 17744;
-const PE32PLUS_MAGIC = 523;
-const SECTION_HEADER_SIZE = 40;
-const IMPORT_DESCRIPTOR_SIZE = 20;
-const COMPARE_BYTES = 16;
-var PEAnalyzer = class {
-	/**
-	* Parse PE headers from a module's base address in process memory.
-	*/
-	async parseHeaders(pid, moduleBase) {
-		const base = BigInt(moduleBase);
-		const hProcess = openProcessForMemory(pid);
-		try {
-			const dosData = ReadProcessMemory(hProcess, base, 64);
-			const e_magic = dosData.readUInt16LE(0);
-			if (e_magic !== MZ_MAGIC) throw new Error(`Invalid DOS header: expected 0x5A4D, got 0x${e_magic.toString(16)}`);
-			const e_lfanew = dosData.readUInt32LE(60);
-			const ntData = ReadProcessMemory(hProcess, base + BigInt(e_lfanew), 264);
-			const ntSignature = ntData.readUInt32LE(0);
-			if (ntSignature !== PE_SIGNATURE) throw new Error(`Invalid PE signature: expected 0x4550, got 0x${ntSignature.toString(16)}`);
-			const machine = ntData.readUInt16LE(4);
-			const numberOfSections = ntData.readUInt16LE(6);
-			const timeDateStamp = ntData.readUInt32LE(8);
-			const characteristics = ntData.readUInt16LE(22);
-			const magic = ntData.readUInt16LE(24);
-			const isPE32Plus = magic === PE32PLUS_MAGIC;
-			let imageBase;
-			let entryPoint;
-			let sizeOfImage;
-			let numberOfRvaAndSizes;
-			if (isPE32Plus) {
-				entryPoint = ntData.readUInt32LE(40);
-				imageBase = ntData.readBigUInt64LE(48);
-				sizeOfImage = ntData.readUInt32LE(80);
-				numberOfRvaAndSizes = ntData.readUInt32LE(132);
-			} else {
-				entryPoint = ntData.readUInt32LE(40);
-				imageBase = BigInt(ntData.readUInt32LE(52));
-				sizeOfImage = ntData.readUInt32LE(80);
-				numberOfRvaAndSizes = ntData.readUInt32LE(116);
-			}
-			return {
-				dosHeader: {
-					e_magic,
-					e_lfanew
-				},
-				ntSignature,
-				fileHeader: {
-					machine,
-					numberOfSections,
-					timeDateStamp,
-					characteristics
-				},
-				optionalHeader: {
-					magic,
-					imageBase: `0x${imageBase.toString(16)}`,
-					entryPoint: `0x${entryPoint.toString(16)}`,
-					sizeOfImage,
-					numberOfRvaAndSizes
-				}
-			};
-		} finally {
-			CloseHandle(hProcess);
-		}
-	}
-	/**
-	* List all PE sections with permissions.
-	*/
-	async listSections(pid, moduleBase) {
-		const base = BigInt(moduleBase);
-		const hProcess = openProcessForMemory(pid);
-		try {
-			const headers = await this._readCoreHeaders(hProcess, base);
-			const sections = [];
-			for (let i = 0; i < headers.numSections; i++) {
-				const off = headers.firstSectionOffset + i * SECTION_HEADER_SIZE;
-				const secData = ReadProcessMemory(hProcess, base + BigInt(off), SECTION_HEADER_SIZE);
-				const nameEnd = secData.indexOf(0);
-				const name = secData.subarray(0, nameEnd > 0 && nameEnd <= 8 ? nameEnd : 8).toString("ascii");
-				const virtualSize = secData.readUInt32LE(8);
-				const virtualAddress = secData.readUInt32LE(12);
-				const rawSize = secData.readUInt32LE(16);
-				const chars = secData.readUInt32LE(36);
-				sections.push({
-					name,
-					virtualAddress: `0x${virtualAddress.toString(16)}`,
-					virtualSize,
-					rawSize,
-					characteristics: chars,
-					isExecutable: (chars & IMAGE_SCN.MEM_EXECUTE) !== 0,
-					isWritable: (chars & IMAGE_SCN.MEM_WRITE) !== 0,
-					isReadable: (chars & IMAGE_SCN.MEM_READ) !== 0
-				});
-			}
-			return sections;
-		} finally {
-			CloseHandle(hProcess);
-		}
-	}
-	/**
-	* Parse import table.
-	*/
-	async parseImports(pid, moduleBase) {
-		const base = BigInt(moduleBase);
-		const hProcess = openProcessForMemory(pid);
-		try {
-			const headers = await this._readCoreHeaders(hProcess, base);
-			const importRva = headers.dataDirectories[IMAGE_DIRECTORY_ENTRY.IMPORT];
-			if (!importRva || importRva.rva === 0) return [];
-			const imports = [];
-			let descOffset = importRva.rva;
-			for (let i = 0; i < 500; i++) {
-				const desc = ReadProcessMemory(hProcess, base + BigInt(descOffset), IMPORT_DESCRIPTOR_SIZE);
-				const nameRva = desc.readUInt32LE(12);
-				if (nameRva === 0) break;
-				const nameData = ReadProcessMemory(hProcess, base + BigInt(nameRva), 256);
-				const nullIdx = nameData.indexOf(0);
-				const dllName = nameData.subarray(0, nullIdx > 0 ? nullIdx : 256).toString("ascii");
-				const originalFirstThunkRva = desc.readUInt32LE(0) || desc.readUInt32LE(16);
-				const functions = this._readThunkArray(hProcess, base, originalFirstThunkRva, headers.isPE32Plus);
-				imports.push({
-					dllName,
-					functions
-				});
-				descOffset += IMPORT_DESCRIPTOR_SIZE;
-			}
-			return imports;
-		} finally {
-			CloseHandle(hProcess);
-		}
-	}
-	/**
-	* Parse export table.
-	*/
-	async parseExports(pid, moduleBase) {
-		const base = BigInt(moduleBase);
-		const hProcess = openProcessForMemory(pid);
-		try {
-			const exportDir = (await this._readCoreHeaders(hProcess, base)).dataDirectories[IMAGE_DIRECTORY_ENTRY.EXPORT];
-			if (!exportDir || exportDir.rva === 0) return [];
-			const expData = ReadProcessMemory(hProcess, base + BigInt(exportDir.rva), 40);
-			const numberOfNames = expData.readUInt32LE(24);
-			const addressOfFunctionsRva = expData.readUInt32LE(28);
-			const addressOfNamesRva = expData.readUInt32LE(32);
-			const addressOfNameOrdinalsRva = expData.readUInt32LE(36);
-			const ordinalBase = expData.readUInt32LE(16);
-			const exports = [];
-			const namesBuf = ReadProcessMemory(hProcess, base + BigInt(addressOfNamesRva), numberOfNames * 4);
-			const ordsBuf = ReadProcessMemory(hProcess, base + BigInt(addressOfNameOrdinalsRva), numberOfNames * 2);
-			for (let i = 0; i < Math.min(numberOfNames, 2e3); i++) {
-				const nameRva = namesBuf.readUInt32LE(i * 4);
-				const ordIndex = ordsBuf.readUInt16LE(i * 2);
-				const nameBuf = ReadProcessMemory(hProcess, base + BigInt(nameRva), 256);
-				const nullIdx = nameBuf.indexOf(0);
-				const name = nameBuf.subarray(0, nullIdx > 0 ? nullIdx : 256).toString("ascii");
-				const funcRva = ReadProcessMemory(hProcess, base + BigInt(addressOfFunctionsRva + ordIndex * 4), 4).readUInt32LE(0);
-				let forwardedTo = null;
-				if (funcRva >= exportDir.rva && funcRva < exportDir.rva + exportDir.size) {
-					const fwdBuf = ReadProcessMemory(hProcess, base + BigInt(funcRva), 256);
-					const fwdEnd = fwdBuf.indexOf(0);
-					forwardedTo = fwdBuf.subarray(0, fwdEnd > 0 ? fwdEnd : 256).toString("ascii");
-				}
-				exports.push({
-					name,
-					ordinal: ordinalBase + ordIndex,
-					rva: `0x${funcRva.toString(16)}`,
-					forwardedTo
-				});
-			}
-			return exports;
-		} finally {
-			CloseHandle(hProcess);
-		}
-	}
-	/**
-	* Detect inline hooks by comparing first bytes of exported functions (disk vs memory).
-	*/
-	async detectInlineHooks(pid, moduleName) {
-		const hProcess = openProcessForMemory(pid);
-		const detections = [];
-		try {
-			const modules = this._enumerateModulesInternal(hProcess);
-			const targets = moduleName ? modules.filter((m) => m.name.toLowerCase().includes(moduleName.toLowerCase())) : modules;
-			for (const mod of targets) try {
-				const diskData = await promises.readFile(mod.path);
-				const exports = await this.parseExports(pid, mod.base);
-				for (const exp of exports) {
-					const funcRva = parseInt(exp.rva, 16);
-					if (funcRva === 0 || exp.forwardedTo) continue;
-					const memBytes = ReadProcessMemory(hProcess, BigInt(mod.base) + BigInt(funcRva), COMPARE_BYTES);
-					const diskOffset = this._rvaToFileOffset(diskData, funcRva);
-					if (diskOffset < 0 || diskOffset + COMPARE_BYTES > diskData.length) continue;
-					const diskBytes = diskData.subarray(diskOffset, diskOffset + COMPARE_BYTES);
-					if (!memBytes.equals(diskBytes)) {
-						const hookType = this._classifyHook(memBytes);
-						const jumpTarget = this._decodeJumpTarget(memBytes, BigInt(mod.base) + BigInt(funcRva));
-						detections.push({
-							address: `0x${(BigInt(mod.base) + BigInt(funcRva)).toString(16)}`,
-							moduleName: mod.name,
-							functionName: exp.name,
-							originalBytes: Array.from(diskBytes),
-							currentBytes: Array.from(memBytes),
-							hookType,
-							jumpTarget
-						});
-					}
-				}
-			} catch (e) {
-				logger.debug(`Hook check skipped for ${mod.name}: ${e}`);
-			}
-		} finally {
-			CloseHandle(hProcess);
-		}
-		return detections;
-	}
-	/**
-	* Analyze sections for anomalies (RWX, writable code, etc.).
-	*/
-	async analyzeSections(pid, moduleBase) {
-		const sections = await this.listSections(pid, moduleBase);
-		const anomalies = [];
-		for (const sec of sections) if (sec.isReadable && sec.isWritable && sec.isExecutable) anomalies.push({
-			sectionName: sec.name,
-			anomalyType: "rwx",
-			severity: "high",
-			details: `Section ${sec.name} has Read+Write+Execute permissions — unusual and potentially malicious`
-		});
-		else if (sec.isWritable && sec.isExecutable) anomalies.push({
-			sectionName: sec.name,
-			anomalyType: "writable_code",
-			severity: "high",
-			details: `Section ${sec.name} is writable and executable — code may be self-modifying or packed`
-		});
-		else if (sec.isExecutable && !sec.name.startsWith(".text") && !sec.name.startsWith(".code") && (sec.characteristics & IMAGE_SCN.CNT_INITIALIZED_DATA) !== 0) anomalies.push({
-			sectionName: sec.name,
-			anomalyType: "executable_data",
-			severity: "medium",
-			details: `Data section ${sec.name} has execute permission`
-		});
-		return anomalies;
-	}
-	async _readCoreHeaders(hProcess, base) {
-		const e_lfanew = ReadProcessMemory(hProcess, base, 64).readUInt32LE(60);
-		const ntData = ReadProcessMemory(hProcess, base + BigInt(e_lfanew), 264);
-		const numSections = ntData.readUInt16LE(6);
-		const sizeOfOptionalHeader = ntData.readUInt16LE(20);
-		const isPE32Plus = ntData.readUInt16LE(24) === PE32PLUS_MAGIC;
-		const numberOfRvaAndSizes = isPE32Plus ? ntData.readUInt32LE(132) : ntData.readUInt32LE(116);
-		const dataDirectoriesOffset = isPE32Plus ? 136 : 120;
-		const dataDirectories = [];
-		for (let i = 0; i < Math.min(numberOfRvaAndSizes, 16); i++) {
-			const off = dataDirectoriesOffset + i * 8;
-			if (off + 8 <= ntData.length) dataDirectories.push({
-				rva: ntData.readUInt32LE(off),
-				size: ntData.readUInt32LE(off + 4)
-			});
-		}
-		return {
-			numSections,
-			isPE32Plus,
-			firstSectionOffset: e_lfanew + 4 + 20 + sizeOfOptionalHeader,
-			dataDirectories
-		};
-	}
-	_readThunkArray(hProcess, base, thunkRva, isPE32Plus) {
-		const thunkSize = isPE32Plus ? 8 : 4;
-		const functions = [];
-		const IMAGE_ORDINAL_FLAG = isPE32Plus ? 9223372036854775808n : 2147483648n;
-		for (let i = 0; i < 2e3; i++) {
-			const thunkData = ReadProcessMemory(hProcess, base + BigInt(thunkRva + i * thunkSize), thunkSize);
-			const thunkValue = isPE32Plus ? thunkData.readBigUInt64LE(0) : BigInt(thunkData.readUInt32LE(0));
-			if (thunkValue === 0n) break;
-			if ((thunkValue & IMAGE_ORDINAL_FLAG) !== 0n) functions.push({
-				name: `Ordinal#${Number(thunkValue & 65535n)}`,
-				ordinal: Number(thunkValue & 65535n),
-				hint: 0,
-				thunkRva: `0x${(thunkRva + i * thunkSize).toString(16)}`
-			});
-			else {
-				const hintNameRva = Number(thunkValue);
-				const hintNameData = ReadProcessMemory(hProcess, base + BigInt(hintNameRva), 258);
-				const hint = hintNameData.readUInt16LE(0);
-				const nullIdx = hintNameData.indexOf(0, 2);
-				const name = hintNameData.subarray(2, nullIdx > 2 ? nullIdx : 258).toString("ascii");
-				functions.push({
-					name,
-					ordinal: 0,
-					hint,
-					thunkRva: `0x${(thunkRva + i * thunkSize).toString(16)}`
-				});
-			}
-		}
-		return functions;
-	}
-	_enumerateModulesInternal(hProcess) {
-		const modules = [];
-		try {
-			const { modules: modHandles, count } = EnumProcessModules(hProcess);
-			for (let i = 0; i < count; i++) {
-				const hMod = modHandles[i];
-				const name = GetModuleBaseName(hProcess, hMod);
-				const info = GetModuleInformation(hProcess, hMod);
-				const modulePath = GetModuleFileNameEx(hProcess, hMod) ?? name;
-				if (info.success) modules.push({
-					name,
-					base: `0x${info.info.lpBaseOfDll.toString(16)}`,
-					path: modulePath,
-					size: info.info.SizeOfImage
-				});
-			}
-		} catch (e) {
-			logger.debug(`Module enumeration failed: ${e}`);
-		}
-		return modules;
-	}
-	_rvaToFileOffset(peData, rva) {
-		const e_lfanew = peData.readUInt32LE(60);
-		const numSections = peData.readUInt16LE(e_lfanew + 6);
-		const sizeOfOptionalHeader = peData.readUInt16LE(e_lfanew + 20);
-		const secStart = e_lfanew + 24 + sizeOfOptionalHeader;
-		for (let i = 0; i < numSections; i++) {
-			const off = secStart + i * 40;
-			if (off + 40 > peData.length) break;
-			const virtualAddr = peData.readUInt32LE(off + 12);
-			const virtualSize = peData.readUInt32LE(off + 8);
-			const rawOffset = peData.readUInt32LE(off + 20);
-			if (rva >= virtualAddr && rva < virtualAddr + virtualSize) return rawOffset + (rva - virtualAddr);
-		}
-		return -1;
-	}
-	_classifyHook(memBytes) {
-		if (memBytes[0] === 233) return "jmp_rel32";
-		if (memBytes[0] === 255 && memBytes[1] === 37) return "jmp_abs64";
-		if (memBytes[0] === 104 && memBytes[5] === 195) return "push_ret";
-		return "unknown";
-	}
-	_decodeJumpTarget(memBytes, funcAddr) {
-		if (memBytes[0] === 233) {
-			const rel32 = memBytes.readInt32LE(1);
-			return `0x${(funcAddr + 5n + BigInt(rel32)).toString(16)}`;
-		}
-		if (memBytes[0] === 255 && memBytes[1] === 37) {
-			if (memBytes.length >= 14) return `0x${memBytes.readBigUInt64LE(6).toString(16)}`;
-		}
-		if (memBytes[0] === 104) return `0x${memBytes.readUInt32LE(1).toString(16)}`;
-		return "0x0";
-	}
-};
-const peAnalyzer = new PEAnalyzer();
-//#endregion
-export { PEAnalyzer, peAnalyzer };