noham/archived-Reclass
1
0
Fork 0
mirror of https://github.com/NohamR/Reclass.git synced 2026-05-10 19:59:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix process memory provider base address sync and live refresh

Browse Source 
Provider base address now stays in sync with tree base address when
changed via ChangeBase command, fixing reads from arbitrary memory
regions like KUSER_SHARED_DATA at 0x7FFE0000. ReadProcessMemory
handles partial reads gracefully. Snapshot extent uses tree-based
calculation instead of provider size to avoid oversized reads.
MCP source.switch gains pid parameter for programmatic process attach.
MCP server starts by default with logging and slow mode support.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
IChooseYou
2026-02-10 13:04:28 -07:00
committed by sysadmin
parent 6bd61a6b78
commit 5f1fd56171
9 changed files with 88 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/providers/process_provider.h
View File

@@ -38,10 +38,13 @@ public:
bool isReadable(uint64_t, int len) const override { return len >= 0; }
bool read(uint64_t addr, void* buf, int len) const override {
if (!m_handle || len <= 0) return false;
SIZE_T got = 0;
BOOL ok = ReadProcessMemory(m_handle,
ReadProcessMemory(m_handle,
(LPCVOID)(m_base + addr), buf, len, &got);
return ok && (int)got == len;
if ((int)got < len)
memset((char*)buf + got, 0, len - got);
return got > 0;
}
bool isWritable() const override { return true; }
@@ -73,6 +76,8 @@ public:
HANDLE handle() const { return m_handle; }
uint64_t baseAddress() const { return m_base; }
uint64_t base() const override { return m_base; }
void setBase(uint64_t b) override { m_base = b; }
void refreshModules() { m_modules.clear(); cacheModules(); }
private:

5
src/providers/provider.h
View File

@@ -33,6 +33,11 @@ public:
// Examples: "File", "Process", "Socket"
virtual QString kind() const { return QStringLiteral("File"); }
// Base address for providers that offset reads (e.g. process memory).
// For file/buffer providers this is always 0.
virtual uint64_t base() const { return 0; }
virtual void setBase(uint64_t newBase) { Q_UNUSED(newBase); }
// Resolve an absolute address to a symbol name.
// Returns empty string if no symbol is known.
// ProcessProvider: "ntdll.dll+0x1A30"