noham/archived-Reclass
1
0
Fork 0
mirror of https://github.com/NohamR/Reclass.git synced 2026-05-10 19:59:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add process.info MCP tool for PEB/TEB enumeration

Browse Source 
Expose PEB address via provider interface and query it in the
ProcessMemory plugin using NtQueryInformationProcess. The new
process.info MCP tool returns the PEB VA and enumerates TEBs by
querying thread information via NtQuerySystemInformation and
NtQueryInformationThread for each thread in the target process.
This commit is contained in:
noita-player
2026-03-06 23:21:10 -08:00
parent 3ab6affa5e
commit 81f1e4319f
5 changed files with 178 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/ProcessMemory/ProcessMemoryPlugin.h
View File

@@ -41,6 +41,8 @@ public:
// Process-specific helpers
uint32_t pid() const { return m_pid; }
void refreshModules() { m_modules.clear(); cacheModules(); }
uint64_t peb() const override { return m_peb; }
QVector<ThreadInfo> tebs() const override;
private:
void cacheModules();
@@ -56,6 +58,7 @@ private:
bool m_writable;
uint64_t m_base;
int m_pointerSize = 8;
uint64_t m_peb = 0;
struct ModuleInfo {
QString name;