@jshookmcp/jshook 0.2.9 → 0.3.1

package/dist/binary-instrument-CXfpx6fT.mjs

@@ -1,979 +0,0 @@
-import { t as __exportAll } from "./chunk-CjcI7cDX.mjs";
-import { t as logger } from "./logger-Dh_xb7_2.mjs";
-import { $ as GHIDRA_TIMEOUT_MS, Z as FRIDA_TIMEOUT_MS, dr as UNIDBG_TIMEOUT_MS } from "./constants-B0OANIBL.mjs";
-import { t as probeCommand } from "./ToolProbe-oC7aPrkv.mjs";
-import { tmpdir } from "node:os";
-import { randomUUID } from "node:crypto";
-import { basename, dirname, join } from "node:path";
-import { access, mkdtemp, readFile, rm, writeFile } from "node:fs/promises";
-import { execFile } from "node:child_process";
-//#region src/modules/binary-instrument/FridaSession.ts
-const FRIDA_MAX_BUFFER_BYTES = 5 * 1024 * 1024;
-var FridaSession = class {
-	sessions = /* @__PURE__ */ new Map();
-	activeSessionId;
-	fridaProbe;
-	probePromise;
-	async attach(target) {
-		const availability = await this.getAvailability();
-		if (!availability.available) throw new Error(availability.reason ?? "Frida CLI is not available");
-		const sessionId = randomUUID();
-		const record = {
-			id: sessionId,
-			target,
-			pid: this.resolvePid(target),
-			status: "attached",
-			attachedAt: (/* @__PURE__ */ new Date()).toISOString()
-		};
-		this.sessions.set(sessionId, record);
-		this.activeSessionId = sessionId;
-		return sessionId;
-	}
-	async detach() {
-		const active = this.getActiveSessionRecord();
-		if (!active) return;
-		active.status = "detached";
-		this.activeSessionId = void 0;
-	}
-	async executeScript(script) {
-		const session = this.requireActiveSession();
-		const result = await this.runFridaCommand(session.target, script);
-		if (result.error) {
-			session.status = "error";
-			session.lastError = result.error;
-		}
-		return result;
-	}
-	async enumerateModules() {
-		const session = this.requireActiveSession();
-		const result = await this.runFridaCommand(session.target, "console.log(JSON.stringify(Process.enumerateModules()));");
-		const parsed = this.parseModuleList(result.output);
-		if (parsed.length > 0) return parsed;
-		if (result.error) {
-			session.status = "error";
-			session.lastError = result.error;
-		}
-		return [this.createFallbackModule(session.target)];
-	}
-	async enumerateFunctions(moduleName) {
-		const session = this.requireActiveSession();
-		const safeModuleName = JSON.stringify(moduleName);
-		const result = await this.runFridaCommand(session.target, [
-			`const entries = Module.enumerateExportsSync(${safeModuleName})`,
-			".filter(function (entry) { return entry.type === \"function\"; })",
-			".map(function (entry) {",
-			"  return { name: entry.name, address: String(entry.address), size: 0 };",
-			"});",
-			"console.log(JSON.stringify(entries));"
-		].join(""));
-		const parsed = this.parseFunctionList(result.output);
-		if (parsed.length > 0) return parsed;
-		if (result.error) {
-			session.status = "error";
-			session.lastError = result.error;
-		}
-		return [{
-			name: `${moduleName}!<unknown>`,
-			address: "0x0",
-			size: 0
-		}];
-	}
-	async findSymbols(pattern) {
-		const session = this.requireActiveSession();
-		const matchPattern = JSON.stringify(`exports:!*${pattern}*`);
-		const result = await this.runFridaCommand(session.target, [
-			"const resolver = new ApiResolver(\"module\");",
-			`const matches = resolver.enumerateMatches(${matchPattern});`,
-			"const mapped = matches.map(function (entry) {",
-			"  const resolvedName = typeof entry.name === \"string\" ? entry.name : \"unknown\";",
-			"  const resolvedAddress = entry.address ? String(entry.address) : \"0x0\";",
-			"  return { name: resolvedName, address: resolvedAddress, demangled: resolvedName };",
-			"});",
-			"console.log(JSON.stringify(mapped));"
-		].join(""));
-		const parsed = this.parseSymbolList(result.output);
-		if (parsed.length > 0) return parsed;
-		if (result.error) {
-			session.status = "error";
-			session.lastError = result.error;
-		}
-		return [{
-			name: pattern,
-			address: "0x0",
-			demangled: pattern
-		}];
-	}
-	listSessions() {
-		return Array.from(this.sessions.values()).map((session) => ({
-			id: session.id,
-			target: session.target,
-			pid: session.pid,
-			status: session.status
-		}));
-	}
-	async isAvailable() {
-		return (await this.getAvailability()).available;
-	}
-	async getAvailability() {
-		if (this.fridaProbe) return this.fridaProbe;
-		if (!this.probePromise) this.probePromise = probeCommand("frida");
-		const resolved = await this.probePromise;
-		this.fridaProbe = resolved;
-		this.probePromise = void 0;
-		return resolved;
-	}
-	useSession(sessionId) {
-		if (!this.sessions.has(sessionId)) return false;
-		this.activeSessionId = sessionId;
-		return true;
-	}
-	hasSession(sessionId) {
-		return this.sessions.has(sessionId);
-	}
-	getActiveSessionRecord() {
-		if (!this.activeSessionId) return;
-		return this.sessions.get(this.activeSessionId);
-	}
-	requireActiveSession() {
-		const session = this.getActiveSessionRecord();
-		if (!session) throw new Error("No active Frida session. Call attach() first.");
-		return session;
-	}
-	resolvePid(target) {
-		if (!/^\d+$/.test(target)) return null;
-		const parsed = Number.parseInt(target, 10);
-		return Number.isNaN(parsed) ? null : parsed;
-	}
-	async runFridaCommand(target, script) {
-		const availability = await this.getAvailability();
-		if (!availability.available) return {
-			output: "",
-			error: availability.reason ?? "Frida CLI is not available"
-		};
-		const command = availability.path ?? "frida";
-		const args = [
-			...this.buildTargetArgs(target),
-			"--runtime=v8",
-			"-q",
-			"-e",
-			script
-		];
-		try {
-			const result = await this.execFileUtf8(command, args, FRIDA_TIMEOUT_MS);
-			const output = result.stdout.trim();
-			const error = result.stderr.trim();
-			return error ? {
-				output,
-				error
-			} : { output };
-		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			logger.warn("[binary-instrument] Frida command failed", {
-				target,
-				message
-			});
-			return {
-				output: "",
-				error: message
-			};
-		}
-	}
-	buildTargetArgs(target) {
-		if (/^\d+$/.test(target)) return ["-p", target];
-		if (target.includes("/") || target.includes("\\")) return ["-f", target];
-		return ["-n", target];
-	}
-	createFallbackModule(target) {
-		return {
-			name: this.extractSimpleName(target),
-			base: "0x0",
-			size: 0,
-			path: target
-		};
-	}
-	extractSimpleName(target) {
-		const lastPart = target.split(/[\\/]/).filter((part) => part.length > 0).at(-1);
-		return lastPart && lastPart.length > 0 ? lastPart : target;
-	}
-	parseModuleList(output) {
-		const payload = this.extractJsonPayload(output);
-		if (!Array.isArray(payload)) return [];
-		const modules = [];
-		for (const entry of payload) {
-			if (!this.isRecord(entry)) continue;
-			const name = this.readStringField(entry, "name");
-			const path = this.readStringField(entry, "path");
-			const base = this.normalizeHex(entry["base"]);
-			const size = this.readNumberField(entry, "size");
-			if (!name || !path || !base || size === void 0) continue;
-			modules.push({
-				name,
-				base,
-				size,
-				path
-			});
-		}
-		return modules;
-	}
-	parseFunctionList(output) {
-		const payload = this.extractJsonPayload(output);
-		if (!Array.isArray(payload)) return [];
-		const functions = [];
-		for (const entry of payload) {
-			if (!this.isRecord(entry)) continue;
-			const name = this.readStringField(entry, "name");
-			const address = this.normalizeHex(entry["address"]);
-			const size = this.readNumberField(entry, "size") ?? 0;
-			if (!name || !address) continue;
-			functions.push({
-				name,
-				address,
-				size
-			});
-		}
-		return functions;
-	}
-	parseSymbolList(output) {
-		const payload = this.extractJsonPayload(output);
-		if (!Array.isArray(payload)) return [];
-		const symbols = [];
-		for (const entry of payload) {
-			if (!this.isRecord(entry)) continue;
-			const name = this.readStringField(entry, "name");
-			const address = this.normalizeHex(entry["address"]);
-			const demangled = this.readStringField(entry, "demangled");
-			if (!name || !address) continue;
-			if (demangled) symbols.push({
-				name,
-				address,
-				demangled
-			});
-			else symbols.push({
-				name,
-				address
-			});
-		}
-		return symbols;
-	}
-	extractJsonPayload(output) {
-		const candidates = output.split(/\r?\n/).map((line) => line.trim()).filter((line) => line.startsWith("{") || line.startsWith("[")).toReversed();
-		for (const line of candidates) try {
-			return JSON.parse(line);
-		} catch {
-			continue;
-		}
-	}
-	readStringField(record, key) {
-		const value = record[key];
-		return typeof value === "string" && value.length > 0 ? value : void 0;
-	}
-	readNumberField(record, key) {
-		const value = record[key];
-		return typeof value === "number" && Number.isFinite(value) ? value : void 0;
-	}
-	normalizeHex(value) {
-		if (typeof value === "number" && Number.isFinite(value)) return `0x${value.toString(16)}`;
-		if (typeof value === "string" && value.length > 0) return value.startsWith("0x") ? value : `0x${value}`;
-	}
-	isRecord(value) {
-		return typeof value === "object" && value !== null;
-	}
-	execFileUtf8(file, args, timeoutMs) {
-		return new Promise((resolve, reject) => {
-			execFile(file, args, {
-				timeout: timeoutMs,
-				windowsHide: true,
-				maxBuffer: FRIDA_MAX_BUFFER_BYTES,
-				encoding: "utf8"
-			}, (error, stdout, stderr) => {
-				if (error) {
-					reject(error);
-					return;
-				}
-				resolve({
-					stdout: typeof stdout === "string" ? stdout : "",
-					stderr: typeof stderr === "string" ? stderr : ""
-				});
-			});
-		});
-	}
-};
-//#endregion
-//#region src/modules/binary-instrument/GhidraAnalyzer.ts
-const GHIDRA_MAX_BUFFER_BYTES = 16 * 1024 * 1024;
-var GhidraAnalyzer = class {
-	ghidraProbe;
-	probePromise;
-	async analyze(binaryPath, options) {
-		await access(binaryPath);
-		const fileBuffer = await readFile(binaryPath);
-		const strings = this.extractPrintableStrings(fileBuffer);
-		const imports = this.deriveImports(strings);
-		const exports = this.deriveExports(strings);
-		if (!(await this.getAvailability()).available) return {
-			functions: [],
-			imports,
-			exports,
-			strings
-		};
-		const timeoutMs = typeof options?.timeout === "number" && Number.isFinite(options.timeout) ? options.timeout : GHIDRA_TIMEOUT_MS;
-		const scriptDirectory = await mkdtemp(join(tmpdir(), "jshook-ghidra-script-"));
-		const scriptPath = join(scriptDirectory, "BinaryInstrumentDump.py");
-		try {
-			await writeFile(scriptPath, this.buildDefaultScript(), "utf8");
-			const output = await this.headlessAnalyze(scriptPath, binaryPath, timeoutMs);
-			return {
-				functions: this.parseDecompiledOutput(output),
-				imports,
-				exports,
-				strings
-			};
-		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			logger.warn("[binary-instrument] Ghidra analyze fallback", {
-				binaryPath,
-				message
-			});
-			return {
-				functions: [],
-				imports,
-				exports,
-				strings
-			};
-		} finally {
-			await rm(scriptDirectory, {
-				recursive: true,
-				force: true
-			});
-		}
-	}
-	async headlessAnalyze(scriptPath, binaryPath, timeoutMs = GHIDRA_TIMEOUT_MS) {
-		const availability = await this.getAvailability();
-		if (!availability.available) throw new Error(availability.reason ?? "Ghidra analyzeHeadless is not available");
-		await access(binaryPath);
-		await access(scriptPath);
-		const command = availability.path ?? "analyzeHeadless";
-		const projectDirectory = await mkdtemp(join(tmpdir(), "jshook-ghidra-project-"));
-		const projectName = "binary-instrument";
-		try {
-			const result = await this.execFileUtf8(command, [
-				projectDirectory,
-				projectName,
-				"-import",
-				binaryPath,
-				"-scriptPath",
-				dirname(scriptPath),
-				"-postScript",
-				basename(scriptPath)
-			], timeoutMs);
-			return [result.stdout.trim(), result.stderr.trim()].filter((entry) => entry.length > 0).join("\n");
-		} finally {
-			await rm(projectDirectory, {
-				recursive: true,
-				force: true
-			});
-		}
-	}
-	parseDecompiledOutput(output) {
-		const functions = [];
-		const blockPattern = /FUNCTION_START\s*[\r\n]+NAME:(.+?)\s*[\r\n]+ADDRESS:(.+?)\s*[\r\n]+SIGNATURE:(.+?)\s*[\r\n]+DECOMPILED_START\s*[\r\n]+([\s\S]*?)\s*[\r\n]+DECOMPILED_END\s*[\r\n]+FUNCTION_END/g;
-		let match = blockPattern.exec(output);
-		while (match) {
-			const rawName = match[1] ?? "";
-			const rawAddress = match[2] ?? "";
-			const rawSignature = match[3] ?? "";
-			const rawBody = match[4] ?? "";
-			const name = rawName.trim();
-			const address = this.normalizeHex(rawAddress.trim());
-			const signature = rawSignature.trim();
-			const decompiled = rawBody.trim();
-			if (name.length > 0 && address.length > 0 && signature.length > 0) functions.push({
-				name,
-				address,
-				signature,
-				decompiled
-			});
-			match = blockPattern.exec(output);
-		}
-		return functions;
-	}
-	async isAvailable() {
-		return (await this.getAvailability()).available;
-	}
-	async getAvailability() {
-		if (this.ghidraProbe) return this.ghidraProbe;
-		if (!this.probePromise) this.probePromise = probeCommand("analyzeHeadless", ["-help"]);
-		const resolved = await this.probePromise;
-		this.ghidraProbe = resolved;
-		this.probePromise = void 0;
-		return resolved;
-	}
-	buildDefaultScript() {
-		return [
-			"# @category BinaryInstrument",
-			"from ghidra.app.decompiler import DecompInterface",
-			"",
-			"program = currentProgram",
-			"interface = DecompInterface()",
-			"interface.openProgram(program)",
-			"function_manager = program.getFunctionManager()",
-			"functions = function_manager.getFunctions(True)",
-			"",
-			"for function in functions:",
-			"    print(\"FUNCTION_START\")",
-			"    print(\"NAME:\" + str(function.getName()))",
-			"    print(\"ADDRESS:\" + str(function.getEntryPoint()))",
-			"    try:",
-			"        signature = str(function.getSignature())",
-			"    except:",
-			"        signature = str(function.getName()) + \"()\"",
-			"    print(\"SIGNATURE:\" + signature)",
-			"    print(\"DECOMPILED_START\")",
-			"    try:",
-			"        decompiled = interface.decompileFunction(function, 30, monitor).getDecompiledFunction()",
-			"        if decompiled:",
-			"            print(str(decompiled.getC()))",
-			"        else:",
-			"            print(\"// no decompiled output\")",
-			"    except:",
-			"        print(\"// decompile failed\")",
-			"    print(\"DECOMPILED_END\")",
-			"    print(\"FUNCTION_END\")"
-		].join("\n");
-	}
-	extractPrintableStrings(buffer) {
-		const results = [];
-		let current = "";
-		for (const byte of buffer.values()) {
-			if (byte >= 32 && byte <= 126) {
-				current += String.fromCharCode(byte);
-				continue;
-			}
-			if (current.length >= 4) results.push(current);
-			current = "";
-		}
-		if (current.length >= 4) results.push(current);
-		return Array.from(new Set(results)).slice(0, 1e3);
-	}
-	deriveImports(strings) {
-		return strings.filter((entry) => /(?:\.dll|\.so|\.dylib|kernel32|user32|libc|printf|malloc|LoadLibrary)/i.test(entry)).slice(0, 100);
-	}
-	deriveExports(strings) {
-		return strings.filter((entry) => /^[A-Za-z_][A-Za-z0-9_@?$]{2,}$/.test(entry)).slice(0, 100);
-	}
-	normalizeHex(value) {
-		return value.startsWith("0x") ? value : `0x${value}`;
-	}
-	execFileUtf8(file, args, timeoutMs) {
-		return new Promise((resolve, reject) => {
-			execFile(file, args, {
-				timeout: timeoutMs,
-				windowsHide: true,
-				maxBuffer: GHIDRA_MAX_BUFFER_BYTES,
-				encoding: "utf8"
-			}, (error, stdout, stderr) => {
-				if (error) {
-					reject(error);
-					return;
-				}
-				resolve({
-					stdout: typeof stdout === "string" ? stdout : "",
-					stderr: typeof stderr === "string" ? stderr : ""
-				});
-			});
-		});
-	}
-};
-//#endregion
-//#region src/modules/binary-instrument/HookCodeGenerator.ts
-var HookCodeGenerator = class {
-	generateHooks(input) {
-		const templates = [];
-		for (const fn of input.functions) {
-			const category = this.classifyFunction(fn, input);
-			if (category === "unknown") continue;
-			templates.push({
-				functionName: fn.name,
-				description: this.describeCategory(category, input),
-				hookCode: this.buildHookCode(fn, category),
-				parameters: this.buildParameters(fn)
-			});
-		}
-		return templates;
-	}
-	exportScript(templates, format) {
-		if (format !== "frida") throw new Error("Unsupported export format");
-		const lines = [
-			"// Frida hook script",
-			"// auto-generated by HookCodeGenerator",
-			`// Hook count: ${templates.length}`,
-			""
-		];
-		for (const template of templates) {
-			lines.push(`// ${template.functionName}: ${template.description}`);
-			lines.push(template.hookCode);
-			lines.push("");
-		}
-		return lines.join("\n");
-	}
-	classifyFunction(fn, input) {
-		const name = fn.name.toLowerCase();
-		const imports = input.imports.map((entry) => entry.toLowerCase());
-		const strings = input.strings.map((entry) => entry.toLowerCase());
-		if (fn.name.startsWith("Java_")) return "jni";
-		if (name.includes("aes")) return "aes";
-		if (name.includes("md5")) return "md5";
-		if (name.includes("sha")) return "sha";
-		if (name.includes("rsa")) return "rsa";
-		if (name.includes("base64")) return "base64";
-		if (name.includes("send") || name.includes("recv") || name.includes("socket") || name.includes("http")) return "network";
-		if (name.includes("open") || name.includes("read") || name.includes("write") || name.includes("fopen")) return "file-io";
-		if ((name.includes("decrypt") || name.includes("encrypt")) && strings.some((entry) => entry.includes("obfuscation") || entry.includes("encryption"))) return "obfuscation";
-		if (name.includes("memcpy") || name.includes("strcpy") || name.includes("memmove") || name.includes("string")) return "string";
-		if (imports.some((entry) => entry.includes("aes"))) return "aes";
-		return "unknown";
-	}
-	describeCategory(category, input) {
-		switch (category) {
-			case "jni": return "JNI bridge hook for Java/native boundary inspection";
-			case "aes": return "AES crypto hook for key/plaintext capture";
-			case "md5": return "MD5 crypto hook for digest inspection";
-			case "sha": return "SHA crypto hook for digest inspection";
-			case "rsa": return "RSA crypto hook for key operation tracing";
-			case "base64": return "Base64 transform hook for encoded payload tracing";
-			case "network": return "Network hook for request and payload tracing";
-			case "file-io": return "File I/O hook for filesystem access tracing";
-			case "string": return "String operation hook for buffer tracing";
-			case "obfuscation": return input.strings.some((entry) => entry.toLowerCase().includes("obfuscation")) ? "Potential obfuscation hook for runtime string decryption tracing" : "Potential obfuscation hook";
-			case "unknown": return "Unknown hook";
-		}
-	}
-	buildHookCode(fn, category) {
-		if (category === "jni") return [
-			"Java.perform(function () {",
-			`  const target = ptr("${fn.address}");`,
-			"  Interceptor.attach(target, {",
-			"    onEnter(args) {",
-			`      console.log("[jni] ${fn.name}");`,
-			"    },",
-			"  });",
-			"});"
-		].join("\n");
-		const extraLine = category === "aes" || category === "md5" || category === "sha" || category === "rsa" || category === "base64" ? "      console.log(hexdump(args[0]));" : "      console.log(\"[trace] entering\");";
-		const targetName = fn.name.replace(/[^A-Za-z0-9_]/g, "_");
-		return [
-			`const target_${targetName} = ptr("${fn.address}");`,
-			`Interceptor.attach(target_${targetName}, {`,
-			"  onEnter(args) {",
-			`    console.log("[hook] ${fn.name}");`,
-			extraLine,
-			"  },",
-			"});"
-		].join("\n");
-	}
-	buildParameters(fn) {
-		if (fn.parameters.length > 0) return fn.parameters.map((parameter, index) => ({
-			name: parameter.name || `arg${index}`,
-			type: parameter.type || "pointer",
-			description: `Captured parameter ${index}`
-		}));
-		return [{
-			name: "arg0",
-			type: "pointer",
-			description: "Captured parameter 0"
-		}];
-	}
-};
-//#endregion
-//#region src/modules/binary-instrument/ExtensionBridge.ts
-async function invokePlugin(ctx, config) {
-	const available = getAvailablePlugins(ctx);
-	const normalizedRequested = normalizePluginId(config.pluginId);
-	const actualPluginId = resolvePluginId(normalizedRequested, available);
-	if (!actualPluginId) return {
-		success: false,
-		tool: "binary-instrument",
-		action: config.toolName,
-		error: `Plugin ${normalizedRequested} is not installed`
-	};
-	const runtime = findRuntime(ctx, actualPluginId);
-	if (!runtime?.lifecycleContext) return {
-		success: false,
-		tool: "binary-instrument",
-		action: config.toolName,
-		error: `Plugin ${actualPluginId} is installed but has no runtime`
-	};
-	try {
-		const firstText = (await runtime.lifecycleContext.invokeTool(config.toolName, config.args)).content?.find((item) => item.type === "text")?.text;
-		if (!firstText) return {
-			success: false,
-			tool: "binary-instrument",
-			action: config.toolName,
-			error: "Plugin returned no text content"
-		};
-		try {
-			const parsed = JSON.parse(firstText);
-			if (isResultRecord(parsed)) return {
-				tool: "binary-instrument",
-				action: config.toolName,
-				success: readBoolean(parsed, "success") ?? true,
-				data: parsed["data"],
-				error: readString(parsed, "error")
-			};
-		} catch {
-			return {
-				success: true,
-				tool: "binary-instrument",
-				action: config.toolName,
-				data: firstText
-			};
-		}
-		return {
-			success: true,
-			tool: "binary-instrument",
-			action: config.toolName,
-			data: firstText
-		};
-	} catch (error) {
-		return {
-			success: false,
-			tool: "binary-instrument",
-			action: config.toolName,
-			error: error instanceof Error ? error.message : String(error)
-		};
-	}
-}
-function getAvailablePlugins(ctx) {
-	return Array.from(ctx.extensionPluginsById.keys()).map(normalizePluginId);
-}
-function normalizePluginId(pluginId) {
-	return pluginId.replaceAll("_", "-");
-}
-function resolvePluginId(requested, installed) {
-	const requestedWithoutPrefix = requested.replace(/^plugin-/, "");
-	for (const installedId of installed) {
-		const installedWithoutPrefix = installedId.replace(/^plugin-/, "");
-		if (installedId === requested || installedWithoutPrefix === requestedWithoutPrefix) return installedId;
-	}
-}
-function findRuntime(ctx, normalizedPluginId) {
-	for (const [pluginId, runtime] of ctx.extensionPluginRuntimeById.entries()) if (normalizePluginId(pluginId) === normalizedPluginId) return isPluginRuntime(runtime) ? runtime : void 0;
-}
-function isPluginRuntime(value) {
-	return typeof value === "object" && value !== null;
-}
-function isResultRecord(value) {
-	return typeof value === "object" && value !== null;
-}
-function readBoolean(record, key) {
-	const value = record[key];
-	return typeof value === "boolean" ? value : void 0;
-}
-function readString(record, key) {
-	const value = record[key];
-	return typeof value === "string" ? value : void 0;
-}
-//#endregion
-//#region src/modules/binary-instrument/HookGenerator.ts
-var HookGenerator = class {
-	generateFridaHookScript(symbols, options) {
-		const includeArgs = options?.includeArgs ?? true;
-		const includeRetAddr = options?.includeRetAddr ?? false;
-		const lines = [
-			"'use strict';",
-			"",
-			"function resolveTarget(name) {",
-			"  try {",
-			"    const exported = Module.findExportByName(null, name);",
-			"    if (exported) {",
-			"      return exported;",
-			"    }",
-			"  } catch (error) {}",
-			"  try {",
-			"    const symbol = DebugSymbol.fromName(name);",
-			"    if (symbol && symbol.address) {",
-			"      return symbol.address;",
-			"    }",
-			"  } catch (error) {}",
-			"  return null;",
-			"}",
-			"",
-			"const installedHooks = [];"
-		];
-		for (let index = 0; index < symbols.length; index += 1) {
-			const descriptor = this.toDescriptor(symbols[index]);
-			const varName = `target_${index}`;
-			const label = descriptor.demangled ?? descriptor.name;
-			const addressLine = descriptor.address ? `const ${varName} = ptr("${this.escapeForDoubleQuotes(descriptor.address)}");` : `const ${varName} = resolveTarget("${this.escapeForDoubleQuotes(descriptor.name)}");`;
-			lines.push(addressLine);
-			lines.push(`if (${varName}) {`);
-			lines.push(`  Interceptor.attach(${varName}, {`);
-			lines.push("    onEnter(args) {");
-			if (includeRetAddr) lines.push(`      console.log("[binary-instrument] enter ${this.escapeForDoubleQuotes(label)} ret=" + this.returnAddress);`);
-			else lines.push(`      console.log("[binary-instrument] enter ${this.escapeForDoubleQuotes(label)}");`);
-			if (includeArgs) {
-				lines.push("      const renderedArgs = [];");
-				lines.push("      for (let i = 0; i < 6; i += 1) {");
-				lines.push("        try {");
-				lines.push("          renderedArgs.push(String(args[i]));");
-				lines.push("        } catch (error) {");
-				lines.push("          renderedArgs.push(\"<unreadable>\");");
-				lines.push("        }");
-				lines.push("      }");
-				lines.push("      console.log(\"[binary-instrument] args \" + JSON.stringify(renderedArgs));");
-			}
-			lines.push("    },");
-			lines.push("    onLeave(retval) {");
-			lines.push(`      console.log("[binary-instrument] leave ${this.escapeForDoubleQuotes(label)} retval=" + retval);`);
-			lines.push("    },");
-			lines.push("  });");
-			lines.push(`  installedHooks.push({ name: "${this.escapeForDoubleQuotes(label)}", address: String(${varName}) });`);
-			lines.push("} else {");
-			lines.push(`  console.log("[binary-instrument] unresolved ${this.escapeForDoubleQuotes(label)}");`);
-			lines.push("}");
-			lines.push("");
-		}
-		lines.push("console.log(\"[binary-instrument] hooks=\" + JSON.stringify(installedHooks));");
-		return lines.join("\n");
-	}
-	generateInterceptorScript(targetFuncs) {
-		return this.generateFridaHookScript(targetFuncs, {
-			includeArgs: true,
-			includeRetAddr: false
-		});
-	}
-	toDescriptor(symbol) {
-		if (typeof symbol === "string") return { name: symbol };
-		return symbol;
-	}
-	escapeForDoubleQuotes(value) {
-		return value.replaceAll("\\", "\\\\").replaceAll("\"", "\\\"");
-	}
-};
-//#endregion
-//#region src/modules/binary-instrument/UnidbgRunner.ts
-const UNIDBG_MAX_BUFFER_BYTES = 8 * 1024 * 1024;
-var UnidbgRunner = class {
-	sessions = /* @__PURE__ */ new Map();
-	close() {
-		for (const session of this.sessions.values()) if (session.childProcess) try {
-			process.kill(session.childProcess.pid, "SIGTERM");
-		} catch {}
-		this.sessions.clear();
-	}
-	/**
-	* Launch a .so library in the Unidbg emulator via JVM subprocess.
-	* Returns a sessionId for subsequent call/trace operations.
-	*/
-	async launch(soPath, arch = "arm", jarPath) {
-		const resolvedJar = jarPath ?? process.env["UNIDBG_JAR"];
-		if (!resolvedJar) throw new Error("UNIDBG_JAR is not configured. Set the UNIDBG_JAR env var or pass jarPath.");
-		try {
-			await access(resolvedJar);
-		} catch {
-			throw new Error(`Unidbg JAR not found: ${resolvedJar}`);
-		}
-		try {
-			await access(soPath);
-		} catch {
-			throw new Error(`Shared library not found: ${soPath}`);
-		}
-		const sessionId = randomUUID();
-		const command = this.getJavaCommand();
-		const args = [
-			"-jar",
-			resolvedJar,
-			"--so",
-			soPath,
-			"--arch",
-			arch,
-			"--server"
-		];
-		try {
-			const result = await this.execFileUtf8(command, args, UNIDBG_TIMEOUT_MS);
-			const sessionInfo = this.parseLaunchOutput(result.stdout, sessionId);
-			const session = {
-				id: sessionInfo.id,
-				soPath,
-				arch,
-				startedAt: (/* @__PURE__ */ new Date()).toISOString(),
-				childProcess: sessionInfo.pid ? { pid: sessionInfo.pid } : void 0
-			};
-			this.sessions.set(sessionId, session);
-			return {
-				sessionId,
-				soPath,
-				arch
-			};
-		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			logger.warn("[binary-instrument] Unidbg launch failed, registering stub session", {
-				soPath,
-				message
-			});
-			const session = {
-				id: sessionId,
-				soPath,
-				arch,
-				startedAt: (/* @__PURE__ */ new Date()).toISOString()
-			};
-			this.sessions.set(sessionId, session);
-			return {
-				sessionId,
-				soPath,
-				arch
-			};
-		}
-	}
-	async callFunction(sessionId, functionName, args = {}) {
-		if (!this.sessions.get(sessionId)) throw new Error(`No unidbg session found for ${sessionId}`);
-		const jarPath = process.env["UNIDBG_JAR"];
-		if (!jarPath) return {
-			sessionId,
-			functionName,
-			args,
-			returnValue: "0x0",
-			stdout: "",
-			stderr: "",
-			trace: ["mock-unidbg-unavailable"],
-			_note: "Unidbg emulation requires UNIDBG_JAR to be configured"
-		};
-		const command = this.getJavaCommand();
-		const callArgs = [
-			"-jar",
-			jarPath,
-			"--session",
-			sessionId,
-			"--call",
-			functionName,
-			"--args",
-			JSON.stringify(args)
-		];
-		try {
-			const result = await this.execFileUtf8(command, callArgs, UNIDBG_TIMEOUT_MS);
-			return {
-				sessionId,
-				functionName,
-				args,
-				returnValue: this.extractReturnValue(result.stdout),
-				stdout: result.stdout.trim(),
-				stderr: result.stderr.trim(),
-				trace: []
-			};
-		} catch (error) {
-			return {
-				sessionId,
-				functionName,
-				args,
-				returnValue: "0x0",
-				stdout: "",
-				stderr: error instanceof Error ? error.message : String(error),
-				trace: ["error"]
-			};
-		}
-	}
-	async trace(sessionId) {
-		if (!this.sessions.get(sessionId)) throw new Error(`No unidbg session found for ${sessionId}`);
-		const jarPath = process.env["UNIDBG_JAR"];
-		if (!jarPath) return {
-			sessionId,
-			trace: ["mock-unidbg-unavailable"],
-			_note: "Unidbg tracing requires UNIDBG_JAR to be configured"
-		};
-		const command = this.getJavaCommand();
-		const traceArgs = [
-			"-jar",
-			jarPath,
-			"--session",
-			sessionId,
-			"--trace"
-		];
-		try {
-			const result = await this.execFileUtf8(command, traceArgs, UNIDBG_TIMEOUT_MS);
-			return {
-				sessionId,
-				trace: this.parseTraceOutput(result.stdout),
-				instructionCount: this.countInstructions(result.stdout)
-			};
-		} catch (error) {
-			return {
-				sessionId,
-				trace: ["error"],
-				error: error instanceof Error ? error.message : String(error)
-			};
-		}
-	}
-	/**
-	* Get info about an active Unidbg session.
-	*/
-	getSessionInfo(sessionId) {
-		return this.sessions.get(sessionId);
-	}
-	/**
-	* List all active Unidbg sessions.
-	*/
-	listSessions() {
-		return Array.from(this.sessions.values()).map((s) => ({
-			id: s.id,
-			soPath: s.soPath,
-			arch: s.arch,
-			startedAt: s.startedAt
-		}));
-	}
-	getJavaCommand() {
-		return process.env["JAVA_HOME"] ? `${process.env["JAVA_HOME"]}/bin/java` : "java";
-	}
-	parseLaunchOutput(stdout, fallbackId) {
-		const lines = stdout.split(/\r?\n/).filter((l) => l.trim().length > 0);
-		for (const line of lines.toReversed()) try {
-			const parsed = JSON.parse(line);
-			if (typeof parsed["id"] === "string") return {
-				id: parsed["id"],
-				pid: typeof parsed["pid"] === "number" ? parsed["pid"] : null
-			};
-		} catch {}
-		return {
-			id: fallbackId,
-			pid: null
-		};
-	}
-	extractReturnValue(stdout) {
-		const match = /return[=:\s]+(0x[0-9a-fA-F]+|-?\d+)/.exec(stdout);
-		if (match?.[1]) return match[1];
-		return "0x0";
-	}
-	parseTraceOutput(stdout) {
-		return stdout.split(/\r?\n/).filter((line) => line.trim().length > 0 && !line.startsWith("{")).slice(0, 1e4);
-	}
-	countInstructions(stdout) {
-		return stdout.split(/\r?\n/).filter((line) => line.trim().length > 0 && !line.startsWith("{") && /\b(ldr|str|mov|bl|b|add|sub)\b/i.test(line)).length;
-	}
-	async execFileUtf8(file, args, timeoutMs) {
-		return new Promise((resolve, reject) => {
-			execFile(file, args, {
-				timeout: timeoutMs,
-				windowsHide: true,
-				maxBuffer: UNIDBG_MAX_BUFFER_BYTES,
-				encoding: "utf8"
-			}, (error, stdout, stderr) => {
-				if (error) {
-					reject(error);
-					return;
-				}
-				resolve({
-					stdout: typeof stdout === "string" ? stdout : "",
-					stderr: typeof stderr === "string" ? stderr : "",
-					exitCode: 0
-				});
-			});
-		});
-	}
-};
-//#endregion
-//#region src/modules/binary-instrument/index.ts
-var binary_instrument_exports = /* @__PURE__ */ __exportAll({
-	GhidraAnalyzer: () => GhidraAnalyzer,
-	HookGenerator: () => HookGenerator
-});
-//#endregion
-export { invokePlugin as a, FridaSession as c, getAvailablePlugins as i, UnidbgRunner as n, HookCodeGenerator as o, HookGenerator as r, GhidraAnalyzer as s, binary_instrument_exports as t };