| list_capabilitiesA | List all tools provided by this MCP server.
Returns:
Dictionary with MCP info and available tools organized by category.
|
| get_documentationC | Get documentation and usage examples.
Args:
topic: Documentation topic (general, memory, hooking, scanning, examples)
Returns:
Documentation for the requested topic.
|
| check_installationA | Check if Frida is installed and working.
Returns:
Installation status and version information.
|
| list_processesB | List all running processes.
Args:
filter_name: Optional filter to match process names (case-insensitive)
Returns:
List of processes with PID and name.
|
| attachB | Attach to a running process.
Args:
target: Process name (string) or PID (integer)
Returns:
Session information.
|
| detachC | Detach from the current process.
Returns:
Detach status.
|
| spawnA | Spawn a process suspended for early hooking.
Args:
path: Path to executable
args: Optional command line arguments
Returns:
Spawn information. Call resume() to start execution.
|
| resumeB | Resume a spawned process.
Returns:
Resume status.
|
| get_session_infoA | Get current session information.
Returns:
Session state including attached process, hooks, scan state.
|
| read_memoryB | Read memory at specified address.
Args:
address: Memory address (hex string like "0x401234")
size: Number of bytes to read
format: Output format ("hex", "bytes", "int32", "float", "string")
Returns:
Memory contents in requested format.
|
| write_memoryB | Write data to memory address.
Args:
address: Memory address (hex string like "0x401234")
data: Data to write (hex string, or value if value_type specified)
value_type: Type of data ("bytes", "int32", "float", "string", etc.)
Returns:
Write status.
|
| list_memory_regionsB | List memory regions in the process.
Args:
protection: Filter by protection (e.g., "r-x", "rw-", "rwx")
Returns:
List of memory regions with base, size, and protection.
|
| scan_valueA | Scan memory for exact value (initial scan).
Args:
value: Value to search for
value_type: Type ("int8", "int16", "int32", "int64", "float", "double", "string")
scan_regions: Memory protection to scan (default: "rw-" for data)
Returns:
Number of addresses found.
|
| scan_nextC | Narrow scan results with new value.
Args:
value: New value to search for
Returns:
Number of remaining addresses.
|
| scan_changedB | Find addresses where value has changed since last scan.
Returns:
Number of changed addresses.
|
| scan_unchangedB | Find addresses where value has NOT changed since last scan.
Returns:
Number of unchanged addresses.
|
| scan_patternB | Scan for Array of Bytes (AoB) pattern.
Args:
pattern: Byte pattern like "89 47 44 ?? ?? 5B" (?? = wildcard)
scan_regions: Memory protection to scan (default: "r-x" for code)
Returns:
List of matching addresses.
|
| get_scan_resultsB | Get current scan results with values.
Args:
limit: Maximum results to return (default: 20)
Returns:
List of addresses and their current values.
|
| clear_scanA | Clear current scan results and reset scan state.
Returns:
Confirmation message.
|
| list_modulesA | List all loaded modules (DLLs/shared libraries).
Returns:
List of modules with base address, size, and path.
|
| get_module_infoB | Get detailed information about a specific module.
Args:
module_name: Name of the module (e.g., "game.dll")
Returns:
Module details including base, size, exports count.
|
| get_module_exportsC | List exports from a module.
Args:
module_name: Name of the module
filter_name: Optional filter for export names
Returns:
List of exports with name and address.
|
| get_module_importsB | List imports for a module.
Args:
module_name: Name of the module
filter_name: Optional filter for import names
Returns:
List of imports with name, module, and address.
|
| resolve_symbolB | Resolve a symbol to its address.
Args:
module_name: Name of the module containing the symbol
symbol_name: Name of the symbol/function
Returns:
Address of the symbol.
|
| hook_functionB | Hook a function at the specified address.
Args:
address: Address to hook (hex string)
on_enter: JavaScript code for onEnter (has access to 'args' array)
on_leave: JavaScript code for onLeave (has access to 'retval')
description: Optional description
Returns:
Hook status.
|
| unhook_functionC | Remove a hook from an address.
Args:
address: Address to unhook
Returns:
Unhook status.
|
| replace_functionC | Replace a function to always return a specific value.
Args:
address: Address of function to replace
return_value: Value to return
Returns:
Replacement status.
|
| hook_native_functionB | Hook a native function with explicit calling convention.
Args:
address: Address of function
calling_convention: "default", "stdcall", "fastcall", "thiscall"
arg_types: List of argument types
return_type: Return type
on_enter: JavaScript for onEnter
on_leave: JavaScript for onLeave
Returns:
Hook status.
|
| list_hooksB | List all active hooks.
Returns:
List of active hooks with addresses and descriptions.
|
| intercept_module_functionC | Hook a function by module and function name.
Args:
module_name: Name of the module (e.g., "game.dll")
function_name: Name of the exported function
on_enter: JavaScript for onEnter
on_leave: JavaScript for onLeave
Returns:
Hook status with resolved address.
|
| set_breakpointC | Set a software breakpoint at address.
Args:
address: Address for breakpoint
callback: JavaScript code to execute when hit
Returns:
Breakpoint status.
|
| remove_breakpointB | Remove a breakpoint.
Args:
address: Address of breakpoint to remove
Returns:
Removal status.
|
| list_breakpointsB | List all active breakpoints. |
| read_registersB | Read CPU register values.
Note: Full register context available in hook callbacks via 'this.context'.
Returns:
Basic thread and architecture info.
|
| load_scriptB | Load a custom Frida JavaScript script.
Args:
script_code: JavaScript code to load
name: Name to identify the script
Returns:
Load status.
|
| unload_scriptC | Unload a custom script.
Args:
name: Name of the script to unload
Returns:
Unload status.
|
| call_rpcB | Call an RPC export from a loaded script.
Args:
name: Name of the loaded script
method: RPC method name to call
args: Arguments to pass
Returns:
RPC result.
|
| list_windowsA | List all visible windows.
Args:
filter_name: Optional filter to match window titles (case-insensitive)
Returns:
List of windows with handle, title, and associated PID.
|
| screenshot_windowA | Take a screenshot of a specific window.
Args:
target: Window title (string) or HWND handle (integer)
save_path: Optional path to save the screenshot (PNG). If empty, returns base64.
Returns:
Screenshot info with base64 data or saved file path.
|
| screenshot_screenA | Take a screenshot of the entire screen or a region.
Args:
save_path: Optional path to save the screenshot (PNG). If empty, returns base64.
region: Optional [x, y, width, height] to capture specific region.
Returns:
Screenshot info with base64 data or saved file path.
|
| send_key_to_windowA | Send a keystroke to a specific window.
Args:
target: Window title (string) or HWND handle (integer)
key: Key to send (e.g., "a", "enter", "space", "up", "down", "left", "right")
use_sendinput: If True, use SendInput (requires window focus). If False, use PostMessage.
Returns:
Success status.
|
| focus_windowB | Bring a window to the foreground.
Args:
target: Window title (string) or HWND handle (integer)
Returns:
Success status.
|
