npm - @jshookmcp/jshook - Versions diffs - 0.3.0 → 0.3.2 - Mend

@jshookmcp/jshook 0.3.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (346) hide show

package/LICENSE +661 -661
package/README.md +32 -49
package/README.zh.md +32 -47
package/dist/AntiCheatDetector-B6d4Qe9D.mjs +1 -0
package/dist/BrowserSessionCoordinator-BJ-HOxo0.mjs +1 -0
package/dist/CacheAdapters-CsNtQIR8.mjs +1 -0
package/dist/CodeInjector-Cll_7bLJ.mjs +1 -0
package/dist/ConsoleMonitor-CxDJV15E.mjs +306 -0
package/dist/DOMInspector-C19J4zeq.mjs +95 -0
package/dist/DarwinAPI-ZfQdpLNI.mjs +1 -0
package/dist/DetailedDataManager-DmQ1LT-W.mjs +1 -0
package/dist/EventBus-DL8iLA09.mjs +1 -0
package/dist/EvidenceGraphBridge-BtbwXsLC.mjs +1 -0
package/dist/ExtensionManager-BD724zkO.mjs +1 -0
package/dist/ExtensionManager.tools-oVMJgPcN.mjs +1 -0
package/dist/FingerprintManager-DT0EAUEo.mjs +1 -0
package/dist/HardwareBreakpoint-BUfPdp0f.mjs +1 -0
package/dist/HeapAnalyzer-B_aqY8oj.mjs +1 -0
package/dist/{HookGeneratorBuilders.core.generators.storage-CTbB4Lcx.mjs → HookGeneratorBuilders.core.generators.storage-DzD6dIJd.mjs} +66 -101
package/dist/InstrumentationSession-D_G1ZPyd.mjs +1 -0
package/dist/MCPServer.search.handlers.domain-BbS-6LnX.mjs +1 -0
package/dist/MemoryController-X1XNSn1n.mjs +2 -0
package/dist/MemoryScanSession-DG_F-PjE.mjs +1 -0
package/dist/MemoryScanner-g1_L1ub5.mjs +1 -0
package/dist/NativeMemoryManager.impl-DniBe2wf.mjs +1 -0
package/dist/NativeMemoryManager.utils-BHy1P_jM.mjs +1 -0
package/dist/NetworkMonitor-B_-au6aV.mjs +185 -0
package/dist/PEAnalyzer-yWQaGrcx.mjs +1 -0
package/dist/PageController-Dfsm1_o7.mjs +1 -0
package/dist/PointerChainEngine-BhCUkmxY.mjs +1 -0
package/dist/PrerequisiteError-BjCQA-gK.mjs +1 -0
package/dist/ProcessRegistry-C-bN48oR.mjs +1 -0
package/dist/ResponseBuilder-BfWP-uaT.mjs +1 -0
package/dist/ReverseEvidenceGraph-BhSYYdiI.mjs +2 -0
package/dist/RingBuffer-Dm54ELKT.mjs +1 -0
package/dist/ScriptManager-LWGPTdvD.mjs +7 -0
package/dist/ServerRuntimeState-D2bWHqEE.mjs +1 -0
package/dist/Speedhack-yseDPSZ9.mjs +1 -0
package/dist/StealthVerifier-BmcxfwSF.mjs +1 -0
package/dist/StructureAnalyzer-C5lpuZkg.mjs +2 -0
package/dist/ToolCatalog-CYdD9F5f.mjs +1 -0
package/dist/ToolError-DWU_z7gp.mjs +1 -0
package/dist/ToolProbe-C7ZU2x7M.mjs +1 -0
package/dist/ToolRegistry-C5oB8KP8.mjs +1 -0
package/dist/ToolRouter.policy-CfhJczkt.mjs +4 -0
package/dist/TraceRecorder-BiJWBXHX.mjs +272 -0
package/dist/VersionDetector-CHT36Az0.mjs +9 -0
package/dist/Win32API-eUCF57l_.mjs +1 -0
package/dist/Win32Debug-CYrIQBvr.mjs +1 -0
package/dist/WorkflowEngine-D876meOO.mjs +1 -0
package/dist/analysis-D4swdMvq.mjs +6 -0
package/dist/{antidebug-BRKeyt27.mjs → antidebug-7L3ygj_9.mjs} +8 -259
package/dist/apk-packer-BqXcInnX.mjs +1 -0
package/dist/artifactRetention-BCPQASm7.mjs +1 -0
package/dist/artifacts-CkodUM4j.mjs +1 -0
package/dist/authorization-schema-BOFwSXUN.mjs +1 -0
package/dist/betterSqlite3-Brtq-SIQ.mjs +1 -0
package/dist/binary-instrument-DU7V6TUM.mjs +7 -0
package/dist/binary-secrets-PdMVoyt0.mjs +1 -0
package/dist/bind-helpers-m2U8glkF.mjs +1 -0
package/dist/boringssl-inspector-BBaJwwkU.mjs +2 -0
package/dist/browser-Qqco2rOT.mjs +11 -0
package/dist/capabilities-CyXuKUl1.mjs +1 -0
package/dist/chunk-C_pMuVsO.mjs +1 -0
package/dist/collector-Bpl6qy2L.mjs +1 -0
package/dist/concurrency-DCr8WQ2M.mjs +1 -0
package/dist/constants-BYj8Xek8.mjs +1 -0
package/dist/coordination-CWXW1o8K.mjs +1 -0
package/dist/dart-inspector-7AkPeZ_Q.mjs +0 -0
package/dist/debugger-DyALjYMk.mjs +1 -0
package/dist/definitions-BWxBke3r.mjs +1 -0
package/dist/definitions-BYwATKc-.mjs +1 -0
package/dist/definitions-B_83XfNQ.mjs +1 -0
package/dist/definitions-Bf3H1EwV.mjs +1 -0
package/dist/definitions-BftdXgXI.mjs +1 -0
package/dist/definitions-Bio5XJYy.mjs +1 -0
package/dist/definitions-C3qNgSn1.mjs +1 -0
package/dist/definitions-CB6vmOer.mjs +1 -0
package/dist/definitions-CMZRSy3k.mjs +1 -0
package/dist/definitions-CQd7yCQH.mjs +1 -0
package/dist/definitions-CT8ln6GQ.mjs +1 -0
package/dist/definitions-Cenu6mxo.mjs +1 -0
package/dist/definitions-D4g-MS10.mjs +1 -0
package/dist/definitions-D5wl_8HN.mjs +1 -0
package/dist/definitions-DAQm1Xar.mjs +1 -0
package/dist/definitions-DP1vgxEY.mjs +1 -0
package/dist/definitions-DxFNRQNK2.mjs +1 -0
package/dist/definitions-Ibci7e_L.mjs +1 -0
package/dist/definitions-OeLvmlQy.mjs +1 -0
package/dist/definitions-RZYGD_Ey.mjs +1 -0
package/dist/definitions-Tls8c0A0.mjs +1 -0
package/dist/definitions-bybDvnG0.mjs +26 -0
package/dist/definitions-l7TjdE6V.mjs +1 -0
package/dist/encoding-ycOaz8Vr.mjs +2 -0
package/dist/ensure-browser-core-DxWC-NTp.mjs +1 -0
package/dist/evidence-graph-bridge-CV_UdYqj.mjs +1 -0
package/dist/factory-CKr4fAE1.mjs +1 -0
package/dist/flat-target-session-DvcQX7J5.mjs +1 -0
package/dist/formatAddress-vLA_hOJt.mjs +1 -0
package/dist/graphql-B2TiPEow.mjs +62 -0
package/dist/handlers-0yKLRIfo.mjs +2 -0
package/dist/handlers-8zN_vBIz.mjs +1 -0
package/dist/handlers-B62K4FTc.mjs +1 -0
package/dist/handlers-BpDlVVVU.mjs +1 -0
package/dist/handlers-CMJK7m1c.mjs +31 -0
package/dist/handlers-D2ZOul9p.mjs +54 -0
package/dist/handlers-D5E40ssn.mjs +5 -0
package/dist/handlers-DGbdQAgD.mjs +4 -0
package/dist/handlers-DHO3rjsW.mjs +1 -0
package/dist/handlers-FJ80VzUI.mjs +2 -0
package/dist/handlers-VHWrxbM_.mjs +1 -0
package/dist/handlers-l8QIKqBj.mjs +2 -0
package/dist/handlers-mPFiNPe8.mjs +302 -0
package/dist/{handlers-Dz9PYsCa.mjs → handlers-yo_xYzT8.mjs} +118 -904
package/dist/handlers.impl-D9Hh8Bgl.mjs +1 -0
package/dist/hooks-D4XLfgtV.mjs +600 -0
package/dist/index.mjs +13 -5240
package/dist/jadx-search-B_Yse0Zh.mjs +5 -0
package/dist/logger-sBC6IdRT.mjs +1 -0
package/dist/maintenance-BUpIukhg.mjs +1 -0
package/dist/manifest-0Jpt_AQa.mjs +1 -0
package/dist/manifest-B3fZbSWR.mjs +1 -0
package/dist/manifest-B7NB2rh2.mjs +1 -0
package/dist/manifest-BDi4nbH1.mjs +1 -0
package/dist/manifest-BLDfkE7n.mjs +1 -0
package/dist/manifest-BcXbB4gf.mjs +1 -0
package/dist/manifest-Bdnc_vrc.mjs +1 -0
package/dist/manifest-BuYKgCnp.mjs +1 -0
package/dist/manifest-CBfNnGPV.mjs +1 -0
package/dist/manifest-CPS1Xv69.mjs +1 -0
package/dist/manifest-CQH9FhwI.mjs +1 -0
package/dist/manifest-CRryuZF4.mjs +1 -0
package/dist/manifest-CctIumog.mjs +1 -0
package/dist/manifest-CvTe5ZGV2.mjs +1 -0
package/dist/manifest-D-5GH0DV.mjs +1 -0
package/dist/manifest-D3Ssf3IC.mjs +1 -0
package/dist/manifest-D5ck3NvC.mjs +1 -0
package/dist/manifest-D9jUUJAu.mjs +1 -0
package/dist/manifest-DCx6w2XV.mjs +1 -0
package/dist/manifest-DG19q-Ld.mjs +1 -0
package/dist/manifest-DLMlD0Zc.mjs +1 -0
package/dist/manifest-DYpn8w_h.mjs +1 -0
package/dist/manifest-DYzWI8Xs.mjs +1 -0
package/dist/manifest-D_obs5F4.mjs +1 -0
package/dist/manifest-DujQqEQR.mjs +2 -0
package/dist/manifest-DwL2ik8P.mjs +1 -0
package/dist/manifest-ItF5P8A12.mjs +1 -0
package/dist/manifest-KZphqIyX.mjs +1 -0
package/dist/manifest-LG42zPLY2.mjs +1 -0
package/dist/manifest-LLdI5m4T.mjs +1 -0
package/dist/manifest-QYbQXJn0.mjs +1 -0
package/dist/manifest-RcpX_MyZ.mjs +123 -0
package/dist/manifest-YgVd8Sgz.mjs +1 -0
package/dist/manifest-Zy7Odg5J.mjs +1 -0
package/dist/manifest-ff1H7Pdp.mjs +1 -0
package/dist/manifest-iuhF6pTL2.mjs +1 -0
package/dist/manifest-nXHmtMSp2.mjs +1 -0
package/dist/manifest-xWfu6iLo.mjs +1 -0
package/dist/manifest-yC16OhL2.mjs +1 -0
package/dist/manifest-ztWJoXy4.mjs +1 -0
package/dist/matchesWildcardPattern-BAG6LvX5.mjs +1 -0
package/dist/modules-BPBcSaM-.mjs +333 -0
package/dist/mojo-ipc-BhwsdVUW.mjs +9 -0
package/dist/native/scripts/linux/enum-windows.sh +12 -12
package/dist/native/scripts/macos/enum-windows.applescript +22 -22
package/dist/native-j8l473zn.mjs +961 -0
package/dist/network-T0VRwNPd.mjs +7 -0
package/dist/outputPaths-B4Ic4RZh.mjs +2 -0
package/dist/parse-args-Bw413PlW.mjs +1 -0
package/dist/platform-CzaQtISh.mjs +93 -0
package/dist/playwright-cdp-fallback-DqFdx9-s.mjs +1 -0
package/dist/process-CWhsCWrf.mjs +2 -0
package/dist/proxy-DZFlDsG3.mjs +2 -0
package/dist/registry-DH4sc1dt.mjs +1 -0
package/dist/renderer-pid-9tJnZ_9N.mjs +1 -0
package/dist/response-C7rKQst4.mjs +1 -0
package/dist/search-defaults-lYBVn_3L.mjs +1 -0
package/dist/server/plugin-api.d.mts +19 -36
package/dist/server/plugin-api.mjs +1 -293
package/dist/shared-state-board-BSjXLUV1.mjs +1 -0
package/dist/sourcemap-Dh3Ai_ur.mjs +1 -0
package/dist/ssrf-policy-CsIJGkpd.mjs +1 -0
package/dist/streaming-BcJ0B6ao.mjs +1 -0
package/dist/tool-builder-qif8M9-K.mjs +1 -0
package/dist/transform-DOxzeWPB.mjs +103 -0
package/dist/types-D9EiE5o9.mjs +1 -0
package/dist/types-Fz69RzbZ.mjs +1 -0
package/dist/wasm-CZ_HTfKR.mjs +174 -0
package/dist/webcrack-C1iYG_EX.mjs +46 -0
package/dist/workflow-BdwQmARn.mjs +101 -0
package/package.json +55 -82
package/src/native/scripts/linux/enum-windows.sh +12 -12
package/src/native/scripts/macos/enum-windows.applescript +22 -22
package/dist/AntiCheatDetector-CqGDXmfc.mjs +0 -350
package/dist/CacheAdapters-jJFy20G-.mjs +0 -80
package/dist/CodeInjector-BdjRfNx7.mjs +0 -150
package/dist/ConsoleMonitor-DykL3IAw.mjs +0 -2269
package/dist/DarwinAPI-ETyy0xyo.mjs +0 -363
package/dist/DetailedDataManager-HT49OrvF.mjs +0 -217
package/dist/EventBus-DFKvADm3.mjs +0 -141
package/dist/EvidenceGraphBridge-318Oi0Lf.mjs +0 -153
package/dist/ExtensionManager-BDMsY2Dz.mjs +0 -721
package/dist/FingerprintManager-BN4UQWnX.mjs +0 -96
package/dist/HardwareBreakpoint-Cc2AFq1Y.mjs +0 -239
package/dist/HeapAnalyzer-DruMgsgj.mjs +0 -284
package/dist/InstrumentationSession-DLH0vd-z.mjs +0 -244
package/dist/MemoryController-CMtviNW_.mjs +0 -167
package/dist/MemoryScanSession-ITgb_NMi.mjs +0 -278
package/dist/MemoryScanner-CiL7Z3ey.mjs +0 -428
package/dist/NativeMemoryManager.impl-D9Lkovvn.mjs +0 -485
package/dist/NativeMemoryManager.utils-BBlAixF5.mjs +0 -165
package/dist/PEAnalyzer-DMQ44gen.mjs +0 -385
package/dist/PageController-BPJNqqBN.mjs +0 -431
package/dist/PointerChainEngine-K7wN8Z-w.mjs +0 -325
package/dist/PrerequisiteError-TuyZIs6n.mjs +0 -20
package/dist/ProcessRegistry-zGg12QbE.mjs +0 -74
package/dist/ResponseBuilder-CJXWmWNw.mjs +0 -143
package/dist/ReverseEvidenceGraph-C02-gXOh.mjs +0 -269
package/dist/ScriptManager-ZuWD-0Jg.mjs +0 -3003
package/dist/Speedhack-D-z0umeT.mjs +0 -156
package/dist/StealthVerifier-BWmPgQsv.mjs +0 -135
package/dist/StructureAnalyzer-Cav5AVSL.mjs +0 -429
package/dist/ToolCatalog-5OJdMiF0.mjs +0 -582
package/dist/ToolError-jh9whhMd.mjs +0 -15
package/dist/ToolProbe-DbCFGyrg.mjs +0 -45
package/dist/ToolRegistry-B9krbTtI.mjs +0 -180
package/dist/ToolRouter.policy-BGDAGyeH.mjs +0 -344
package/dist/TraceRecorder-B41Z5XBj.mjs +0 -1286
package/dist/VersionDetector-K3V4vGsw.mjs +0 -104
package/dist/Win32API-C2kjj0ze.mjs +0 -346
package/dist/Win32Debug-CKrGOTpo.mjs +0 -274
package/dist/WorkflowEngine-DJ6M4opp.mjs +0 -569
package/dist/analysis-BHeJW2Nb.mjs +0 -1234
package/dist/artifactRetention-CPXkUJXp.mjs +0 -598
package/dist/artifacts-DkfosXH3.mjs +0 -59
package/dist/authorization-schema-DRqyJMSk.mjs +0 -31
package/dist/betterSqlite3-DLSBZodi.mjs +0 -74
package/dist/binary-instrument--V3MAhJ4.mjs +0 -971
package/dist/bind-helpers-ClV34xdn.mjs +0 -42
package/dist/boringssl-inspector-Bo_LOLaS.mjs +0 -180
package/dist/browser-Dx3_S2cG.mjs +0 -4369
package/dist/capabilities-CcHlvWgK.mjs +0 -33
package/dist/chunk-CjcI7cDX.mjs +0 -15
package/dist/concurrency-Drev_Vz9.mjs +0 -41
package/dist/constants-CDZLOoVv.mjs +0 -534
package/dist/coordination-DgItD9DL.mjs +0 -259
package/dist/debugger-RS3RSAqs.mjs +0 -1288
package/dist/definitions-BEoYofW5.mjs +0 -47
package/dist/definitions-BRaefg3u.mjs +0 -365
package/dist/definitions-BbkvZkiv.mjs +0 -96
package/dist/definitions-BtWSHJ3o.mjs +0 -17
package/dist/definitions-C1gCHO0i.mjs +0 -43
package/dist/definitions-CDOg_b-l.mjs +0 -138
package/dist/definitions-CVPD9hzZ.mjs +0 -54
package/dist/definitions-Cea8Lgl7.mjs +0 -94
package/dist/definitions-DAgIyjxM.mjs +0 -10
package/dist/definitions-DJA27nsL.mjs +0 -66
package/dist/definitions-DKPFU3LW.mjs +0 -25
package/dist/definitions-DPRpZQ96.mjs +0 -47
package/dist/definitions-DUE5gmdn.mjs +0 -18
package/dist/definitions-DYVjOtxa.mjs +0 -26
package/dist/definitions-DcYLVLCo.mjs +0 -37
package/dist/definitions-Pp5LI2H4.mjs +0 -27
package/dist/definitions-j9KdHVNR.mjs +0 -14
package/dist/definitions-uzkjBwa7.mjs +0 -258
package/dist/definitions-va-AnLuQ.mjs +0 -28
package/dist/encoding-DJeqHmpd.mjs +0 -1079
package/dist/evidence-graph-bridge-DcYizFk2.mjs +0 -136
package/dist/factory-C90tBff6.mjs +0 -575
package/dist/flat-target-session-Dgax2Cy3.mjs +0 -29
package/dist/formatAddress-nnMvEohD.mjs +0 -17
package/dist/graphql-CoHrhweh.mjs +0 -1197
package/dist/handlers-4jmR0nMs.mjs +0 -898
package/dist/handlers-BAHPxcch.mjs +0 -789
package/dist/handlers-BOs9b907.mjs +0 -2600
package/dist/handlers-BWXEy6ef.mjs +0 -917
package/dist/handlers-Bndn6QvE.mjs +0 -111
package/dist/handlers-BqC4bD4s.mjs +0 -681
package/dist/handlers-BtYq60bM2.mjs +0 -276
package/dist/handlers-BzgcB4iv.mjs +0 -799
package/dist/handlers-CRyRWj2b.mjs +0 -859
package/dist/handlers-CVv2H1uq.mjs +0 -592
package/dist/handlers-Dl5a7JS4.mjs +0 -572
package/dist/handlers-Dx2d7jt7.mjs +0 -2537
package/dist/handlers-HujRKC3b.mjs +0 -661
package/dist/handlers.impl-XWXkQfyi.mjs +0 -807
package/dist/hooks-B1B8NRHL.mjs +0 -898
package/dist/logger-Dh_xb7_2.mjs +0 -93
package/dist/maintenance-PRMkLVRW.mjs +0 -835
package/dist/manifest-67Bok-Si.mjs +0 -58
package/dist/manifest-6lNTMZAB2.mjs +0 -87
package/dist/manifest-B2duEHiH.mjs +0 -90
package/dist/manifest-B6EY9Vm8.mjs +0 -57
package/dist/manifest-B6nKSbyY.mjs +0 -95
package/dist/manifest-BL8AQNPF.mjs +0 -106
package/dist/manifest-BSZvJJmV.mjs +0 -47
package/dist/manifest-BU7qzUyX.mjs +0 -418
package/dist/manifest-Bl62e8WK.mjs +0 -49
package/dist/manifest-Bo5cXjdt.mjs +0 -82
package/dist/manifest-BpS4gtUK.mjs +0 -1347
package/dist/manifest-Bv65_e2W.mjs +0 -101
package/dist/manifest-BytNIF4Z.mjs +0 -117
package/dist/manifest-C-xtsjS3.mjs +0 -81
package/dist/manifest-CDYl7OhA.mjs +0 -66
package/dist/manifest-CRZ3xmkD.mjs +0 -61
package/dist/manifest-CoW6u4Tp.mjs +0 -132
package/dist/manifest-Cq5zN_8A.mjs +0 -50
package/dist/manifest-D7YZM_2e.mjs +0 -194
package/dist/manifest-DE_VrAeQ.mjs +0 -314
package/dist/manifest-DGsXSCpT.mjs +0 -39
package/dist/manifest-DJ2vfEuW.mjs +0 -156
package/dist/manifest-DPXDYhEu.mjs +0 -80
package/dist/manifest-Dd4fQb0a.mjs +0 -322
package/dist/manifest-Deq6opGg.mjs +0 -223
package/dist/manifest-DfJTafJK.mjs +0 -37
package/dist/manifest-DgOdgN_j.mjs +0 -50
package/dist/manifest-DlbMW4v4.mjs +0 -47
package/dist/manifest-DmVfbH0w.mjs +0 -374
package/dist/manifest-Dog6Ddjr.mjs +0 -109
package/dist/manifest-DvgU5FWb.mjs +0 -58
package/dist/manifest-HsfDBs7j.mjs +0 -50
package/dist/manifest-I8oQHvCG.mjs +0 -186
package/dist/manifest-NvH_a-av.mjs +0 -786
package/dist/manifest-cEJU1v0Z.mjs +0 -129
package/dist/manifest-wOl5XLB12.mjs +0 -112
package/dist/modules-tZozf0LQ.mjs +0 -10635
package/dist/mojo-ipc-DXNEXEqb.mjs +0 -640
package/dist/network-CPVvwvFg.mjs +0 -3852
package/dist/outputPaths-um7lCRY3.mjs +0 -1141
package/dist/parse-args-B4cY5Vx5.mjs +0 -39
package/dist/platform-CYeFoTWp.mjs +0 -2161
package/dist/process-BTbgcVc6.mjs +0 -1306
package/dist/proxy-r8YN6nP1.mjs +0 -192
package/dist/registry-Bl8ZQW61.mjs +0 -34
package/dist/response-CWhh2aLo.mjs +0 -34
package/dist/shared-state-board-BoZnSoj-.mjs +0 -586
package/dist/sourcemap-BIDHUVXy.mjs +0 -934
package/dist/ssrf-policy-Dsqd-DTX.mjs +0 -166
package/dist/streaming-Dal6utPp.mjs +0 -725
package/dist/tool-builder-BHJp32mV.mjs +0 -186
package/dist/transform-DRVgGG90.mjs +0 -1011
package/dist/types-Bx92KJfT.mjs +0 -4
package/dist/types-DDBWs9UP.mjs +0 -37
package/dist/wasm-BYx5UOeG.mjs +0 -1044
package/dist/webcrack-Be0_FccV.mjs +0 -747
package/dist/workflow-BpuKEtvn.mjs +0 -725

package/dist/PEAnalyzer-DMQ44gen.mjs DELETED Viewed

@@ -1,385 +0,0 @@
-import { t as logger } from "./logger-Dh_xb7_2.mjs";
-import { a as GetModuleFileNameEx, b as openProcessForMemory, d as ReadProcessMemory, i as GetModuleBaseName, n as EnumProcessModules, s as GetModuleInformation, t as CloseHandle } from "./Win32API-C2kjj0ze.mjs";
-import { promises } from "node:fs";
-//#region src/native/PEAnalyzer.types.ts
-/** PE section characteristic flags */
-const IMAGE_SCN = {
-	CNT_CODE: 32,
-	CNT_INITIALIZED_DATA: 64,
-	CNT_UNINITIALIZED_DATA: 128,
-	MEM_EXECUTE: 536870912,
-	MEM_READ: 1073741824,
-	MEM_WRITE: 2147483648
-};
-/** Data directory indices */
-const IMAGE_DIRECTORY_ENTRY = {
-	EXPORT: 0,
-	IMPORT: 1,
-	RESOURCE: 2,
-	EXCEPTION: 3,
-	IAT: 12,
-	DELAY_IMPORT: 13
-};
-//#endregion
-//#region src/native/PEAnalyzer.ts
-/**
-* PE Analyzer Engine.
-*
-* Parses PE headers from process memory using ReadProcessMemory.
-* Provides import/export table resolution, inline hook detection,
-* and section anomaly analysis.
-*
-* @module PEAnalyzer
-*/
-const MZ_MAGIC = 23117;
-const PE_SIGNATURE = 17744;
-const PE32PLUS_MAGIC = 523;
-const SECTION_HEADER_SIZE = 40;
-const IMPORT_DESCRIPTOR_SIZE = 20;
-const COMPARE_BYTES = 16;
-var PEAnalyzer = class {
-	/**
-	* Parse PE headers from a module's base address in process memory.
-	*/
-	async parseHeaders(pid, moduleBase) {
-		const base = BigInt(moduleBase);
-		const hProcess = openProcessForMemory(pid);
-		try {
-			const dosData = ReadProcessMemory(hProcess, base, 64);
-			const e_magic = dosData.readUInt16LE(0);
-			if (e_magic !== MZ_MAGIC) throw new Error(`Invalid DOS header: expected 0x5A4D, got 0x${e_magic.toString(16)}`);
-			const e_lfanew = dosData.readUInt32LE(60);
-			const ntData = ReadProcessMemory(hProcess, base + BigInt(e_lfanew), 264);
-			const ntSignature = ntData.readUInt32LE(0);
-			if (ntSignature !== PE_SIGNATURE) throw new Error(`Invalid PE signature: expected 0x4550, got 0x${ntSignature.toString(16)}`);
-			const machine = ntData.readUInt16LE(4);
-			const numberOfSections = ntData.readUInt16LE(6);
-			const timeDateStamp = ntData.readUInt32LE(8);
-			const characteristics = ntData.readUInt16LE(22);
-			const magic = ntData.readUInt16LE(24);
-			const isPE32Plus = magic === PE32PLUS_MAGIC;
-			let imageBase;
-			let entryPoint;
-			let sizeOfImage;
-			let numberOfRvaAndSizes;
-			if (isPE32Plus) {
-				entryPoint = ntData.readUInt32LE(40);
-				imageBase = ntData.readBigUInt64LE(48);
-				sizeOfImage = ntData.readUInt32LE(80);
-				numberOfRvaAndSizes = ntData.readUInt32LE(132);
-			} else {
-				entryPoint = ntData.readUInt32LE(40);
-				imageBase = BigInt(ntData.readUInt32LE(52));
-				sizeOfImage = ntData.readUInt32LE(80);
-				numberOfRvaAndSizes = ntData.readUInt32LE(116);
-			}
-			return {
-				dosHeader: {
-					e_magic,
-					e_lfanew
-				},
-				ntSignature,
-				fileHeader: {
-					machine,
-					numberOfSections,
-					timeDateStamp,
-					characteristics
-				},
-				optionalHeader: {
-					magic,
-					imageBase: `0x${imageBase.toString(16)}`,
-					entryPoint: `0x${entryPoint.toString(16)}`,
-					sizeOfImage,
-					numberOfRvaAndSizes
-				}
-			};
-		} finally {
-			CloseHandle(hProcess);
-		}
-	}
-	/**
-	* List all PE sections with permissions.
-	*/
-	async listSections(pid, moduleBase) {
-		const base = BigInt(moduleBase);
-		const hProcess = openProcessForMemory(pid);
-		try {
-			const headers = await this.readCoreHeaders(hProcess, base);
-			const sections = [];
-			for (let i = 0; i < headers.numSections; i++) {
-				const off = headers.firstSectionOffset + i * SECTION_HEADER_SIZE;
-				const secData = ReadProcessMemory(hProcess, base + BigInt(off), SECTION_HEADER_SIZE);
-				const nameEnd = secData.indexOf(0);
-				const name = secData.subarray(0, nameEnd > 0 && nameEnd <= 8 ? nameEnd : 8).toString("ascii");
-				const virtualSize = secData.readUInt32LE(8);
-				const virtualAddress = secData.readUInt32LE(12);
-				const rawSize = secData.readUInt32LE(16);
-				const chars = secData.readUInt32LE(36);
-				sections.push({
-					name,
-					virtualAddress: `0x${virtualAddress.toString(16)}`,
-					virtualSize,
-					rawSize,
-					characteristics: chars,
-					isExecutable: (chars & IMAGE_SCN.MEM_EXECUTE) !== 0,
-					isWritable: (chars & IMAGE_SCN.MEM_WRITE) !== 0,
-					isReadable: (chars & IMAGE_SCN.MEM_READ) !== 0
-				});
-			}
-			return sections;
-		} finally {
-			CloseHandle(hProcess);
-		}
-	}
-	/**
-	* Parse import table.
-	*/
-	async parseImports(pid, moduleBase) {
-		const base = BigInt(moduleBase);
-		const hProcess = openProcessForMemory(pid);
-		try {
-			const headers = await this.readCoreHeaders(hProcess, base);
-			const importRva = headers.dataDirectories[IMAGE_DIRECTORY_ENTRY.IMPORT];
-			if (!importRva || importRva.rva === 0) return [];
-			const imports = [];
-			let descOffset = importRva.rva;
-			for (let i = 0; i < 500; i++) {
-				const desc = ReadProcessMemory(hProcess, base + BigInt(descOffset), IMPORT_DESCRIPTOR_SIZE);
-				const nameRva = desc.readUInt32LE(12);
-				if (nameRva === 0) break;
-				const nameData = ReadProcessMemory(hProcess, base + BigInt(nameRva), 256);
-				const nullIdx = nameData.indexOf(0);
-				const dllName = nameData.subarray(0, nullIdx > 0 ? nullIdx : 256).toString("ascii");
-				const originalFirstThunkRva = desc.readUInt32LE(0) || desc.readUInt32LE(16);
-				const functions = this.readThunkArray(hProcess, base, originalFirstThunkRva, headers.isPE32Plus);
-				imports.push({
-					dllName,
-					functions
-				});
-				descOffset += IMPORT_DESCRIPTOR_SIZE;
-			}
-			return imports;
-		} finally {
-			CloseHandle(hProcess);
-		}
-	}
-	/**
-	* Parse export table.
-	*/
-	async parseExports(pid, moduleBase) {
-		const base = BigInt(moduleBase);
-		const hProcess = openProcessForMemory(pid);
-		try {
-			const exportDir = (await this.readCoreHeaders(hProcess, base)).dataDirectories[IMAGE_DIRECTORY_ENTRY.EXPORT];
-			if (!exportDir || exportDir.rva === 0) return [];
-			const expData = ReadProcessMemory(hProcess, base + BigInt(exportDir.rva), 40);
-			const numberOfNames = expData.readUInt32LE(24);
-			const addressOfFunctionsRva = expData.readUInt32LE(28);
-			const addressOfNamesRva = expData.readUInt32LE(32);
-			const addressOfNameOrdinalsRva = expData.readUInt32LE(36);
-			const ordinalBase = expData.readUInt32LE(16);
-			const exports = [];
-			const namesBuf = ReadProcessMemory(hProcess, base + BigInt(addressOfNamesRva), numberOfNames * 4);
-			const ordsBuf = ReadProcessMemory(hProcess, base + BigInt(addressOfNameOrdinalsRva), numberOfNames * 2);
-			for (let i = 0; i < Math.min(numberOfNames, 2e3); i++) {
-				const nameRva = namesBuf.readUInt32LE(i * 4);
-				const ordIndex = ordsBuf.readUInt16LE(i * 2);
-				const nameBuf = ReadProcessMemory(hProcess, base + BigInt(nameRva), 256);
-				const nullIdx = nameBuf.indexOf(0);
-				const name = nameBuf.subarray(0, nullIdx > 0 ? nullIdx : 256).toString("ascii");
-				const funcRva = ReadProcessMemory(hProcess, base + BigInt(addressOfFunctionsRva + ordIndex * 4), 4).readUInt32LE(0);
-				let forwardedTo = null;
-				if (funcRva >= exportDir.rva && funcRva < exportDir.rva + exportDir.size) {
-					const fwdBuf = ReadProcessMemory(hProcess, base + BigInt(funcRva), 256);
-					const fwdEnd = fwdBuf.indexOf(0);
-					forwardedTo = fwdBuf.subarray(0, fwdEnd > 0 ? fwdEnd : 256).toString("ascii");
-				}
-				exports.push({
-					name,
-					ordinal: ordinalBase + ordIndex,
-					rva: `0x${funcRva.toString(16)}`,
-					forwardedTo
-				});
-			}
-			return exports;
-		} finally {
-			CloseHandle(hProcess);
-		}
-	}
-	/**
-	* Detect inline hooks by comparing first bytes of exported functions (disk vs memory).
-	*/
-	async detectInlineHooks(pid, moduleName) {
-		const hProcess = openProcessForMemory(pid);
-		const detections = [];
-		try {
-			const modules = this.enumerateModulesInternal(hProcess);
-			const targets = moduleName ? modules.filter((m) => m.name.toLowerCase().includes(moduleName.toLowerCase())) : modules;
-			for (const mod of targets) try {
-				const diskData = await promises.readFile(mod.path);
-				const exports = await this.parseExports(pid, mod.base);
-				for (const exp of exports) {
-					const funcRva = parseInt(exp.rva, 16);
-					if (funcRva === 0 || exp.forwardedTo) continue;
-					const memBytes = ReadProcessMemory(hProcess, BigInt(mod.base) + BigInt(funcRva), COMPARE_BYTES);
-					const diskOffset = this.rvaToFileOffset(diskData, funcRva);
-					if (diskOffset < 0 || diskOffset + COMPARE_BYTES > diskData.length) continue;
-					const diskBytes = diskData.subarray(diskOffset, diskOffset + COMPARE_BYTES);
-					if (!memBytes.equals(diskBytes)) {
-						const hookType = this.classifyHook(memBytes);
-						const jumpTarget = this.decodeJumpTarget(memBytes, BigInt(mod.base) + BigInt(funcRva));
-						detections.push({
-							address: `0x${(BigInt(mod.base) + BigInt(funcRva)).toString(16)}`,
-							moduleName: mod.name,
-							functionName: exp.name,
-							originalBytes: Array.from(diskBytes),
-							currentBytes: Array.from(memBytes),
-							hookType,
-							jumpTarget
-						});
-					}
-				}
-			} catch (e) {
-				logger.debug(`Hook check skipped for ${mod.name}: ${e}`);
-			}
-		} finally {
-			CloseHandle(hProcess);
-		}
-		return detections;
-	}
-	/**
-	* Analyze sections for anomalies (RWX, writable code, etc.).
-	*/
-	async analyzeSections(pid, moduleBase) {
-		const sections = await this.listSections(pid, moduleBase);
-		const anomalies = [];
-		for (const sec of sections) if (sec.isReadable && sec.isWritable && sec.isExecutable) anomalies.push({
-			sectionName: sec.name,
-			anomalyType: "rwx",
-			severity: "high",
-			details: `Section ${sec.name} has Read+Write+Execute permissions — unusual and potentially malicious`
-		});
-		else if (sec.isWritable && sec.isExecutable) anomalies.push({
-			sectionName: sec.name,
-			anomalyType: "writable_code",
-			severity: "high",
-			details: `Section ${sec.name} is writable and executable — code may be self-modifying or packed`
-		});
-		else if (sec.isExecutable && !sec.name.startsWith(".text") && !sec.name.startsWith(".code") && (sec.characteristics & IMAGE_SCN.CNT_INITIALIZED_DATA) !== 0) anomalies.push({
-			sectionName: sec.name,
-			anomalyType: "executable_data",
-			severity: "medium",
-			details: `Data section ${sec.name} has execute permission`
-		});
-		return anomalies;
-	}
-	async readCoreHeaders(hProcess, base) {
-		const e_lfanew = ReadProcessMemory(hProcess, base, 64).readUInt32LE(60);
-		const ntData = ReadProcessMemory(hProcess, base + BigInt(e_lfanew), 264);
-		const numSections = ntData.readUInt16LE(6);
-		const sizeOfOptionalHeader = ntData.readUInt16LE(20);
-		const isPE32Plus = ntData.readUInt16LE(24) === PE32PLUS_MAGIC;
-		const numberOfRvaAndSizes = isPE32Plus ? ntData.readUInt32LE(132) : ntData.readUInt32LE(116);
-		const dataDirectoriesOffset = isPE32Plus ? 136 : 120;
-		const dataDirectories = [];
-		for (let i = 0; i < Math.min(numberOfRvaAndSizes, 16); i++) {
-			const off = dataDirectoriesOffset + i * 8;
-			if (off + 8 <= ntData.length) dataDirectories.push({
-				rva: ntData.readUInt32LE(off),
-				size: ntData.readUInt32LE(off + 4)
-			});
-		}
-		return {
-			numSections,
-			isPE32Plus,
-			firstSectionOffset: e_lfanew + 4 + 20 + sizeOfOptionalHeader,
-			dataDirectories
-		};
-	}
-	readThunkArray(hProcess, base, thunkRva, isPE32Plus) {
-		const thunkSize = isPE32Plus ? 8 : 4;
-		const functions = [];
-		const IMAGE_ORDINAL_FLAG = isPE32Plus ? 9223372036854775808n : 2147483648n;
-		for (let i = 0; i < 2e3; i++) {
-			const thunkData = ReadProcessMemory(hProcess, base + BigInt(thunkRva + i * thunkSize), thunkSize);
-			const thunkValue = isPE32Plus ? thunkData.readBigUInt64LE(0) : BigInt(thunkData.readUInt32LE(0));
-			if (thunkValue === 0n) break;
-			if ((thunkValue & IMAGE_ORDINAL_FLAG) !== 0n) functions.push({
-				name: `Ordinal#${Number(thunkValue & 65535n)}`,
-				ordinal: Number(thunkValue & 65535n),
-				hint: 0,
-				thunkRva: `0x${(thunkRva + i * thunkSize).toString(16)}`
-			});
-			else {
-				const hintNameRva = Number(thunkValue);
-				const hintNameData = ReadProcessMemory(hProcess, base + BigInt(hintNameRva), 258);
-				const hint = hintNameData.readUInt16LE(0);
-				const nullIdx = hintNameData.indexOf(0, 2);
-				const name = hintNameData.subarray(2, nullIdx > 2 ? nullIdx : 258).toString("ascii");
-				functions.push({
-					name,
-					ordinal: 0,
-					hint,
-					thunkRva: `0x${(thunkRva + i * thunkSize).toString(16)}`
-				});
-			}
-		}
-		return functions;
-	}
-	enumerateModulesInternal(hProcess) {
-		const modules = [];
-		try {
-			const { modules: modHandles, count } = EnumProcessModules(hProcess);
-			for (let i = 0; i < count; i++) {
-				const hMod = modHandles[i];
-				const name = GetModuleBaseName(hProcess, hMod);
-				const info = GetModuleInformation(hProcess, hMod);
-				const modulePath = GetModuleFileNameEx(hProcess, hMod) ?? name;
-				if (info.success) modules.push({
-					name,
-					base: `0x${info.info.lpBaseOfDll.toString(16)}`,
-					path: modulePath,
-					size: info.info.SizeOfImage
-				});
-			}
-		} catch (e) {
-			logger.debug(`Module enumeration failed: ${e}`);
-		}
-		return modules;
-	}
-	rvaToFileOffset(peData, rva) {
-		const e_lfanew = peData.readUInt32LE(60);
-		const numSections = peData.readUInt16LE(e_lfanew + 6);
-		const sizeOfOptionalHeader = peData.readUInt16LE(e_lfanew + 20);
-		const secStart = e_lfanew + 24 + sizeOfOptionalHeader;
-		for (let i = 0; i < numSections; i++) {
-			const off = secStart + i * 40;
-			if (off + 40 > peData.length) break;
-			const virtualAddr = peData.readUInt32LE(off + 12);
-			const virtualSize = peData.readUInt32LE(off + 8);
-			const rawOffset = peData.readUInt32LE(off + 20);
-			if (rva >= virtualAddr && rva < virtualAddr + virtualSize) return rawOffset + (rva - virtualAddr);
-		}
-		return -1;
-	}
-	classifyHook(memBytes) {
-		if (memBytes[0] === 233) return "jmp_rel32";
-		if (memBytes[0] === 255 && memBytes[1] === 37) return "jmp_abs64";
-		if (memBytes[0] === 104 && memBytes[5] === 195) return "push_ret";
-		return "unknown";
-	}
-	decodeJumpTarget(memBytes, funcAddr) {
-		if (memBytes[0] === 233) {
-			const rel32 = memBytes.readInt32LE(1);
-			return `0x${(funcAddr + 5n + BigInt(rel32)).toString(16)}`;
-		}
-		if (memBytes[0] === 255 && memBytes[1] === 37) {
-			if (memBytes.length >= 14) return `0x${memBytes.readBigUInt64LE(6).toString(16)}`;
-		}
-		if (memBytes[0] === 104) return `0x${memBytes.readUInt32LE(1).toString(16)}`;
-		return "0x0";
-	}
-};
-const peAnalyzer = new PEAnalyzer();
-//#endregion
-export { PEAnalyzer, peAnalyzer };