npm - windows-exe-decompiler-mcp-server - Versions diffs - 0.1.0 - Mend

windows-exe-decompiler-mcp-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (190) hide show

package/CODEX_INSTALLATION.md +69 -0
package/COPILOT_INSTALLATION.md +77 -0
package/LICENSE +21 -0
package/README.md +314 -0
package/bin/windows-exe-decompiler-mcp-server.js +3 -0
package/dist/analysis-provenance.d.ts +184 -0
package/dist/analysis-provenance.js +74 -0
package/dist/analysis-task-runner.d.ts +31 -0
package/dist/analysis-task-runner.js +160 -0
package/dist/artifact-inventory.d.ts +23 -0
package/dist/artifact-inventory.js +175 -0
package/dist/cache-manager.d.ts +128 -0
package/dist/cache-manager.js +454 -0
package/dist/confidence-semantics.d.ts +66 -0
package/dist/confidence-semantics.js +122 -0
package/dist/config.d.ts +335 -0
package/dist/config.js +193 -0
package/dist/database.d.ts +227 -0
package/dist/database.js +601 -0
package/dist/decompiler-worker.d.ts +441 -0
package/dist/decompiler-worker.js +1962 -0
package/dist/dynamic-trace.d.ts +95 -0
package/dist/dynamic-trace.js +629 -0
package/dist/env-validator.d.ts +15 -0
package/dist/env-validator.js +249 -0
package/dist/error-handler.d.ts +28 -0
package/dist/error-handler.example.d.ts +22 -0
package/dist/error-handler.example.js +141 -0
package/dist/error-handler.js +139 -0
package/dist/ghidra-analysis-status.d.ts +49 -0
package/dist/ghidra-analysis-status.js +178 -0
package/dist/ghidra-config.d.ts +134 -0
package/dist/ghidra-config.js +464 -0
package/dist/index.d.ts +9 -0
package/dist/index.js +200 -0
package/dist/job-queue.d.ts +169 -0
package/dist/job-queue.js +407 -0
package/dist/logger.d.ts +106 -0
package/dist/logger.js +176 -0
package/dist/policy-guard.d.ts +115 -0
package/dist/policy-guard.js +243 -0
package/dist/process-output.d.ts +15 -0
package/dist/process-output.js +90 -0
package/dist/prompts/function-explanation-review.d.ts +5 -0
package/dist/prompts/function-explanation-review.js +64 -0
package/dist/prompts/semantic-name-review.d.ts +5 -0
package/dist/prompts/semantic-name-review.js +63 -0
package/dist/runtime-correlation.d.ts +34 -0
package/dist/runtime-correlation.js +279 -0
package/dist/runtime-paths.d.ts +3 -0
package/dist/runtime-paths.js +11 -0
package/dist/selection-diff.d.ts +667 -0
package/dist/selection-diff.js +53 -0
package/dist/semantic-name-suggestion-artifacts.d.ts +116 -0
package/dist/semantic-name-suggestion-artifacts.js +314 -0
package/dist/server.d.ts +129 -0
package/dist/server.js +578 -0
package/dist/tools/artifact-read.d.ts +235 -0
package/dist/tools/artifact-read.js +317 -0
package/dist/tools/artifacts-diff.d.ts +728 -0
package/dist/tools/artifacts-diff.js +304 -0
package/dist/tools/artifacts-list.d.ts +515 -0
package/dist/tools/artifacts-list.js +389 -0
package/dist/tools/attack-map.d.ts +290 -0
package/dist/tools/attack-map.js +519 -0
package/dist/tools/cache-observability.d.ts +4 -0
package/dist/tools/cache-observability.js +36 -0
package/dist/tools/code-function-cfg.d.ts +50 -0
package/dist/tools/code-function-cfg.js +102 -0
package/dist/tools/code-function-decompile.d.ts +55 -0
package/dist/tools/code-function-decompile.js +103 -0
package/dist/tools/code-function-disassemble.d.ts +43 -0
package/dist/tools/code-function-disassemble.js +185 -0
package/dist/tools/code-function-explain-apply.d.ts +255 -0
package/dist/tools/code-function-explain-apply.js +225 -0
package/dist/tools/code-function-explain-prepare.d.ts +535 -0
package/dist/tools/code-function-explain-prepare.js +276 -0
package/dist/tools/code-function-explain-review.d.ts +397 -0
package/dist/tools/code-function-explain-review.js +589 -0
package/dist/tools/code-function-rename-apply.d.ts +248 -0
package/dist/tools/code-function-rename-apply.js +220 -0
package/dist/tools/code-function-rename-prepare.d.ts +506 -0
package/dist/tools/code-function-rename-prepare.js +279 -0
package/dist/tools/code-function-rename-review.d.ts +574 -0
package/dist/tools/code-function-rename-review.js +761 -0
package/dist/tools/code-functions-list.d.ts +37 -0
package/dist/tools/code-functions-list.js +91 -0
package/dist/tools/code-functions-rank.d.ts +34 -0
package/dist/tools/code-functions-rank.js +90 -0
package/dist/tools/code-functions-reconstruct.d.ts +2725 -0
package/dist/tools/code-functions-reconstruct.js +2807 -0
package/dist/tools/code-functions-search.d.ts +39 -0
package/dist/tools/code-functions-search.js +90 -0
package/dist/tools/code-reconstruct-export.d.ts +1212 -0
package/dist/tools/code-reconstruct-export.js +4002 -0
package/dist/tools/code-reconstruct-plan.d.ts +274 -0
package/dist/tools/code-reconstruct-plan.js +342 -0
package/dist/tools/dotnet-metadata-extract.d.ts +541 -0
package/dist/tools/dotnet-metadata-extract.js +355 -0
package/dist/tools/dotnet-reconstruct-export.d.ts +567 -0
package/dist/tools/dotnet-reconstruct-export.js +1151 -0
package/dist/tools/dotnet-types-list.d.ts +325 -0
package/dist/tools/dotnet-types-list.js +201 -0
package/dist/tools/dynamic-dependencies.d.ts +115 -0
package/dist/tools/dynamic-dependencies.js +213 -0
package/dist/tools/dynamic-memory-import.d.ts +10 -0
package/dist/tools/dynamic-memory-import.js +567 -0
package/dist/tools/dynamic-trace-import.d.ts +10 -0
package/dist/tools/dynamic-trace-import.js +235 -0
package/dist/tools/entrypoint-fallback-disasm.d.ts +30 -0
package/dist/tools/entrypoint-fallback-disasm.js +89 -0
package/dist/tools/ghidra-analyze.d.ts +88 -0
package/dist/tools/ghidra-analyze.js +208 -0
package/dist/tools/ghidra-health.d.ts +37 -0
package/dist/tools/ghidra-health.js +212 -0
package/dist/tools/ioc-export.d.ts +209 -0
package/dist/tools/ioc-export.js +542 -0
package/dist/tools/packer-detect.d.ts +165 -0
package/dist/tools/packer-detect.js +284 -0
package/dist/tools/pe-exports-extract.d.ts +175 -0
package/dist/tools/pe-exports-extract.js +253 -0
package/dist/tools/pe-fingerprint.d.ts +234 -0
package/dist/tools/pe-fingerprint.js +269 -0
package/dist/tools/pe-imports-extract.d.ts +105 -0
package/dist/tools/pe-imports-extract.js +245 -0
package/dist/tools/report-generate.d.ts +157 -0
package/dist/tools/report-generate.js +457 -0
package/dist/tools/report-summarize.d.ts +2131 -0
package/dist/tools/report-summarize.js +596 -0
package/dist/tools/runtime-detect.d.ts +135 -0
package/dist/tools/runtime-detect.js +247 -0
package/dist/tools/sample-ingest.d.ts +94 -0
package/dist/tools/sample-ingest.js +327 -0
package/dist/tools/sample-profile-get.d.ts +183 -0
package/dist/tools/sample-profile-get.js +121 -0
package/dist/tools/sandbox-execute.d.ts +441 -0
package/dist/tools/sandbox-execute.js +392 -0
package/dist/tools/strings-extract.d.ts +375 -0
package/dist/tools/strings-extract.js +314 -0
package/dist/tools/strings-floss-decode.d.ts +143 -0
package/dist/tools/strings-floss-decode.js +259 -0
package/dist/tools/system-health.d.ts +434 -0
package/dist/tools/system-health.js +446 -0
package/dist/tools/task-cancel.d.ts +21 -0
package/dist/tools/task-cancel.js +70 -0
package/dist/tools/task-status.d.ts +27 -0
package/dist/tools/task-status.js +106 -0
package/dist/tools/task-sweep.d.ts +22 -0
package/dist/tools/task-sweep.js +77 -0
package/dist/tools/tool-help.d.ts +340 -0
package/dist/tools/tool-help.js +261 -0
package/dist/tools/yara-scan.d.ts +554 -0
package/dist/tools/yara-scan.js +313 -0
package/dist/types.d.ts +266 -0
package/dist/types.js +41 -0
package/dist/worker-pool.d.ts +204 -0
package/dist/worker-pool.js +650 -0
package/dist/workflows/deep-static.d.ts +104 -0
package/dist/workflows/deep-static.js +276 -0
package/dist/workflows/function-explanation-review.d.ts +655 -0
package/dist/workflows/function-explanation-review.js +440 -0
package/dist/workflows/reconstruct.d.ts +2053 -0
package/dist/workflows/reconstruct.js +666 -0
package/dist/workflows/semantic-name-review.d.ts +2418 -0
package/dist/workflows/semantic-name-review.js +521 -0
package/dist/workflows/triage.d.ts +659 -0
package/dist/workflows/triage.js +1374 -0
package/dist/workspace-manager.d.ts +150 -0
package/dist/workspace-manager.js +411 -0
package/ghidra_scripts/DecompileFunction.java +487 -0
package/ghidra_scripts/DecompileFunction.py +150 -0
package/ghidra_scripts/ExtractCFG.java +256 -0
package/ghidra_scripts/ExtractCFG.py +233 -0
package/ghidra_scripts/ExtractFunctions.java +442 -0
package/ghidra_scripts/ExtractFunctions.py +101 -0
package/ghidra_scripts/README.md +125 -0
package/ghidra_scripts/SearchFunctionReferences.java +380 -0
package/helpers/DotNetMetadataProbe/DotNetMetadataProbe.csproj +9 -0
package/helpers/DotNetMetadataProbe/Program.cs +566 -0
package/install-to-codex.ps1 +178 -0
package/install-to-copilot.ps1 +303 -0
package/package.json +101 -0
package/requirements.txt +9 -0
package/workers/requirements-dynamic.txt +11 -0
package/workers/requirements.txt +8 -0
package/workers/speakeasy_compat.py +175 -0
package/workers/static_worker.py +5183 -0
package/workers/yara_rules/default.yar +33 -0
package/workers/yara_rules/malware_families.yar +93 -0
package/workers/yara_rules/packers.yar +80 -0

package/dist/tools/sandbox-execute.js ADDED Viewed

@@ -0,0 +1,392 @@
+/**
+ * sandbox.execute tool
+ * Dynamic-analysis execution entrypoint supporting simulation-first and Speakeasy user-mode emulation.
+ */
+import { spawn } from 'child_process';
+import fs from 'fs/promises';
+import path from 'path';
+import { createHash, randomUUID } from 'crypto';
+import { v4 as uuidv4 } from 'uuid';
+import { z } from 'zod';
+import { normalizeDynamicTraceArtifactPayload } from '../dynamic-trace.js';
+import { resolvePackagePath } from '../runtime-paths.js';
+const TOOL_NAME = 'sandbox.execute';
+const TOOL_VERSION = '0.1.0';
+export const SandboxExecuteInputSchema = z.object({
+    sample_id: z.string().describe('Sample ID (format: sha256:<hex>)'),
+    mode: z
+        .enum(['safe_simulation', 'memory_guided', 'speakeasy', 'live_local'])
+        .optional()
+        .default('safe_simulation')
+        .describe('Dynamic analysis backend mode'),
+    timeout_sec: z.number().int().min(5).max(180).optional().default(20),
+    network: z
+        .enum(['disabled', 'fake', 'enabled'])
+        .optional()
+        .default('disabled')
+        .describe('Network policy for dynamic run'),
+    max_scan_bytes: z
+        .number()
+        .int()
+        .min(256 * 1024)
+        .max(20 * 1024 * 1024)
+        .optional()
+        .default(5 * 1024 * 1024)
+        .describe('Simulation scan window for fast behavioral extraction'),
+    approved: z
+        .boolean()
+        .optional()
+        .default(false)
+        .describe('Explicit approval flag required by PolicyGuard'),
+    require_user_approval: z
+        .boolean()
+        .optional()
+        .default(false)
+        .describe('Compatibility approval flag accepted by PolicyGuard'),
+    persist_artifact: z
+        .boolean()
+        .optional()
+        .default(true)
+        .describe('Persist sandbox run result as report artifact'),
+});
+const TimelineEventSchema = z.object({
+    event_type: z.string(),
+    category: z.string(),
+    indicator: z.string(),
+    confidence: z.number(),
+});
+const CapabilitySchema = z.object({
+    name: z.string(),
+    evidence_count: z.number(),
+    confidence: z.number(),
+});
+const MemoryRegionSchema = z.object({
+    region_type: z.string(),
+    purpose: z.string(),
+    source: z.string(),
+    confidence: z.number(),
+    start_offset: z.number().int().nonnegative().optional(),
+    end_offset: z.number().int().nonnegative().optional(),
+    indicators: z.array(z.string()),
+});
+const APIResolutionSchema = z.object({
+    api: z.string(),
+    provenance: z.string(),
+    confidence: z.number(),
+    sources: z.array(z.string()),
+});
+const ExecutionHypothesisSchema = z.object({
+    stage: z.string(),
+    description: z.string(),
+    source: z.string(),
+    confidence: z.number(),
+    indicators: z.array(z.string()),
+});
+export const SandboxExecuteOutputSchema = z.object({
+    ok: z.boolean(),
+    data: z
+        .object({
+        run_id: z.string(),
+        status: z.enum(['completed', 'failed', 'timeout', 'denied']),
+        mode: z.string(),
+        backend: z.string(),
+        simulated: z.boolean(),
+        timeout_sec: z.number(),
+        event_count: z.number(),
+        timeline: z.array(TimelineEventSchema),
+        iocs: z.record(z.array(z.string())),
+        capabilities: z.array(CapabilitySchema),
+        memory_regions: z.array(MemoryRegionSchema).optional(),
+        api_resolution: z.array(APIResolutionSchema).optional(),
+        execution_hypotheses: z.array(ExecutionHypothesisSchema).optional(),
+        risk: z.object({
+            score: z.number(),
+            level: z.enum(['clean', 'low', 'medium', 'high']),
+            confidence: z.number(),
+        }),
+        environment: z.object({
+            network_policy: z.string(),
+            executed: z.boolean(),
+            isolation: z.string(),
+        }),
+        evidence: z.record(z.any()),
+        inference: z.object({
+            classification: z.string(),
+            summary: z.string(),
+        }),
+    })
+        .optional(),
+    warnings: z.array(z.string()).optional(),
+    errors: z.array(z.string()).optional(),
+    artifacts: z.array(z.any()).optional(),
+    metrics: z
+        .object({
+        elapsed_ms: z.number(),
+        tool: z.string(),
+    })
+        .optional(),
+});
+export const sandboxExecuteToolDefinition = {
+    name: TOOL_NAME,
+    description: 'Execute dynamic-analysis workflow in safe simulation mode (default), memory-guided mode, or Speakeasy user-mode emulation and return timeline/IOC/risk outputs.',
+    inputSchema: SandboxExecuteInputSchema,
+    outputSchema: SandboxExecuteOutputSchema,
+};
+async function callStaticWorker(request) {
+    return new Promise((resolve, reject) => {
+        const workerPath = resolvePackagePath('workers', 'static_worker.py');
+        const pythonCommand = process.platform === 'win32' ? 'python' : 'python3';
+        const child = spawn(pythonCommand, [workerPath], {
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        let stdout = '';
+        let stderr = '';
+        child.stdout.on('data', (data) => {
+            stdout += data.toString();
+        });
+        child.stderr.on('data', (data) => {
+            stderr += data.toString();
+        });
+        child.on('error', (error) => {
+            reject(new Error(`Failed to spawn Python worker: ${error.message}`));
+        });
+        child.on('close', (code) => {
+            if (code !== 0) {
+                reject(new Error(`Python worker exited with code ${code}. stderr: ${stderr}`));
+                return;
+            }
+            try {
+                const lines = stdout.trim().split('\n');
+                const lastLine = lines[lines.length - 1];
+                resolve(JSON.parse(lastLine));
+            }
+            catch (error) {
+                reject(new Error(`Failed to parse worker response: ${error.message}. stdout: ${stdout}`));
+            }
+        });
+        try {
+            child.stdin.write(JSON.stringify(request) + '\n');
+            child.stdin.end();
+        }
+        catch (error) {
+            reject(new Error(`Failed to write to worker stdin: ${error.message}`));
+        }
+    });
+}
+function mergeWarnings(...warningLists) {
+    const merged = warningLists.flatMap((list) => list || []);
+    if (merged.length === 0) {
+        return undefined;
+    }
+    return Array.from(new Set(merged));
+}
+export function createSandboxExecuteHandler(workspaceManager, database, policyGuard) {
+    return async (args) => {
+        const startTime = Date.now();
+        try {
+            const input = SandboxExecuteInputSchema.parse(args);
+            const sample = database.findSample(input.sample_id);
+            if (!sample) {
+                return {
+                    ok: false,
+                    errors: [`Sample not found: ${input.sample_id}`],
+                    metrics: {
+                        elapsed_ms: Date.now() - startTime,
+                        tool: TOOL_NAME,
+                    },
+                };
+            }
+            const policyDecision = await policyGuard.checkPermission({
+                type: 'dynamic_execution',
+                tool: TOOL_NAME,
+                args: {
+                    mode: input.mode,
+                    network: input.network,
+                    approved: input.approved,
+                    require_user_approval: input.require_user_approval,
+                },
+            }, {
+                sampleId: input.sample_id,
+                timestamp: new Date().toISOString(),
+            });
+            await policyGuard.auditLog({
+                timestamp: new Date().toISOString(),
+                operation: TOOL_NAME,
+                sampleId: input.sample_id,
+                decision: policyDecision.allowed ? 'allow' : 'deny',
+                reason: policyDecision.reason,
+                metadata: {
+                    mode: input.mode,
+                    network: input.network,
+                },
+            });
+            if (!policyDecision.allowed) {
+                const approvalHint = policyDecision.requiresApproval
+                    ? 'Set `approved=true` (and run only in isolated environment) to continue.'
+                    : undefined;
+                return {
+                    ok: false,
+                    errors: [policyDecision.reason || 'Dynamic execution denied by policy guard.'],
+                    warnings: approvalHint ? [approvalHint] : undefined,
+                    metrics: {
+                        elapsed_ms: Date.now() - startTime,
+                        tool: TOOL_NAME,
+                    },
+                };
+            }
+            const workspace = await workspaceManager.getWorkspace(input.sample_id);
+            const files = await fs.readdir(workspace.original);
+            if (files.length === 0) {
+                return {
+                    ok: false,
+                    errors: ['Sample file not found in workspace/original'],
+                    metrics: {
+                        elapsed_ms: Date.now() - startTime,
+                        tool: TOOL_NAME,
+                    },
+                };
+            }
+            const samplePath = path.join(workspace.original, files[0]);
+            const request = {
+                job_id: uuidv4(),
+                tool: TOOL_NAME,
+                sample: {
+                    sample_id: input.sample_id,
+                    path: samplePath,
+                },
+                args: {
+                    mode: input.mode,
+                    timeout_sec: input.timeout_sec,
+                    network: input.network,
+                    max_scan_bytes: input.max_scan_bytes,
+                },
+                context: {
+                    request_time_utc: new Date().toISOString(),
+                    policy: {
+                        allow_dynamic: true,
+                        allow_network: input.network !== 'disabled',
+                    },
+                    versions: {
+                        tool_version: TOOL_VERSION,
+                    },
+                },
+            };
+            const workerResponse = await callStaticWorker(request);
+            if (!workerResponse.ok) {
+                return {
+                    ok: false,
+                    errors: workerResponse.errors,
+                    warnings: workerResponse.warnings,
+                    metrics: {
+                        ...workerResponse.metrics,
+                        elapsed_ms: Date.now() - startTime,
+                        tool: TOOL_NAME,
+                    },
+                };
+            }
+            const payload = workerResponse.data;
+            const artifacts = workerResponse.artifacts;
+            const persistedArtifacts = [];
+            if (input.persist_artifact) {
+                const reportDir = path.join(workspace.reports, 'dynamic');
+                await fs.mkdir(reportDir, { recursive: true });
+                const persistTimestamp = Date.now();
+                const fileName = `sandbox_${persistTimestamp}.json`;
+                const absPath = path.join(reportDir, fileName);
+                const serialized = JSON.stringify(payload, null, 2);
+                await fs.writeFile(absPath, serialized, 'utf-8');
+                const artifactId = randomUUID();
+                const artifactSha256 = createHash('sha256').update(serialized).digest('hex');
+                const relativePath = `reports/dynamic/${fileName}`;
+                database.insertArtifact({
+                    id: artifactId,
+                    sample_id: input.sample_id,
+                    type: 'sandbox_trace_json',
+                    path: relativePath,
+                    sha256: artifactSha256,
+                    mime: 'application/json',
+                    created_at: new Date().toISOString(),
+                });
+                const persistedArtifact = {
+                    id: artifactId,
+                    type: 'sandbox_trace_json',
+                    path: relativePath,
+                    sha256: artifactSha256,
+                    mime: 'application/json',
+                };
+                persistedArtifacts.push(persistedArtifact);
+                artifacts.push(persistedArtifact);
+                const normalizedTrace = normalizeDynamicTraceArtifactPayload(payload);
+                if (normalizedTrace) {
+                    const normalizedFileName = `dynamic_trace_${persistTimestamp}.json`;
+                    const normalizedAbsPath = path.join(reportDir, normalizedFileName);
+                    const normalizedSerialized = JSON.stringify(normalizedTrace, null, 2);
+                    await fs.writeFile(normalizedAbsPath, normalizedSerialized, 'utf-8');
+                    const normalizedArtifactId = randomUUID();
+                    const normalizedSha256 = createHash('sha256').update(normalizedSerialized).digest('hex');
+                    const normalizedRelativePath = `reports/dynamic/${normalizedFileName}`;
+                    database.insertArtifact({
+                        id: normalizedArtifactId,
+                        sample_id: input.sample_id,
+                        type: 'dynamic_trace_json',
+                        path: normalizedRelativePath,
+                        sha256: normalizedSha256,
+                        mime: 'application/json',
+                        created_at: new Date().toISOString(),
+                    });
+                    const normalizedArtifact = {
+                        id: normalizedArtifactId,
+                        type: 'dynamic_trace_json',
+                        path: normalizedRelativePath,
+                        sha256: normalizedSha256,
+                        mime: 'application/json',
+                    };
+                    persistedArtifacts.push(normalizedArtifact);
+                    artifacts.push(normalizedArtifact);
+                }
+            }
+            const warnings = mergeWarnings(workerResponse.warnings, payload.warnings);
+            if (persistedArtifacts.length > 0) {
+                const persistedWarning = `Sandbox trace persisted as artifact(s) ${persistedArtifacts
+                    .map((item) => `${item.type}:${item.id}`)
+                    .join(', ')}`;
+                const merged = warnings ? [...warnings, persistedWarning] : [persistedWarning];
+                return {
+                    ok: true,
+                    data: payload,
+                    warnings: Array.from(new Set(merged)),
+                    artifacts,
+                    metrics: {
+                        ...workerResponse.metrics,
+                        ...(payload.metrics || {}),
+                        elapsed_ms: Date.now() - startTime,
+                        tool: TOOL_NAME,
+                    },
+                };
+            }
+            return {
+                ok: true,
+                data: payload,
+                warnings,
+                artifacts,
+                metrics: {
+                    ...workerResponse.metrics,
+                    ...(payload.metrics || {}),
+                    elapsed_ms: Date.now() - startTime,
+                    tool: TOOL_NAME,
+                },
+            };
+        }
+        catch (error) {
+            return {
+                ok: false,
+                errors: [error.message],
+                metrics: {
+                    elapsed_ms: Date.now() - startTime,
+                    tool: TOOL_NAME,
+                },
+            };
+        }
+    };
+}
+//# sourceMappingURL=sandbox-execute.js.map