Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| list_capabilities | List all tools provided by this MCP server.
Returns:
Dictionary with MCP info and available tools organized by category. |
| get_documentation | Get documentation and usage examples.
Args:
topic: Documentation topic (general, memory, hooking, scanning, examples)
Returns:
Documentation for the requested topic. |
| check_installation | Check if Frida is installed and working.
Returns:
Installation status and version information. |
| list_processes | List all running processes.
Args:
filter_name: Optional filter to match process names (case-insensitive)
Returns:
List of processes with PID and name. |
| attach | Attach to a running process.
Args:
target: Process name (string) or PID (integer)
Returns:
Session information. |
| detach | Detach from the current process.
Returns:
Detach status. |
| spawn | Spawn a process suspended for early hooking.
Args:
path: Path to executable
args: Optional command line arguments
Returns:
Spawn information. Call resume() to start execution. |
| resume | Resume a spawned process.
Returns:
Resume status. |
| get_session_info | Get current session information.
Returns:
Session state including attached process, hooks, scan state. |
| read_memory | Read memory at specified address.
Args:
address: Memory address (hex string like "0x401234")
size: Number of bytes to read
format: Output format ("hex", "bytes", "int32", "float", "string")
Returns:
Memory contents in requested format. |
| write_memory | Write data to memory address.
Args:
address: Memory address (hex string like "0x401234")
data: Data to write (hex string, or value if value_type specified)
value_type: Type of data ("bytes", "int32", "float", "string", etc.)
Returns:
Write status. |
| list_memory_regions | List memory regions in the process.
Args:
protection: Filter by protection (e.g., "r-x", "rw-", "rwx")
Returns:
List of memory regions with base, size, and protection. |
| scan_value | Scan memory for exact value (initial scan).
Args:
value: Value to search for
value_type: Type ("int8", "int16", "int32", "int64", "float", "double", "string")
scan_regions: Memory protection to scan (default: "rw-" for data)
Returns:
Number of addresses found. |
| scan_next | Narrow scan results with new value.
Args:
value: New value to search for
Returns:
Number of remaining addresses. |
| scan_changed | Find addresses where value has changed since last scan.
Returns:
Number of changed addresses. |
| scan_unchanged | Find addresses where value has NOT changed since last scan.
Returns:
Number of unchanged addresses. |
| scan_pattern | Scan for Array of Bytes (AoB) pattern.
Args:
pattern: Byte pattern like "89 47 44 ?? ?? 5B" (?? = wildcard)
scan_regions: Memory protection to scan (default: "r-x" for code)
Returns:
List of matching addresses. |
| get_scan_results | Get current scan results with values.
Args:
limit: Maximum results to return (default: 20)
Returns:
List of addresses and their current values. |
| clear_scan | Clear current scan results and reset scan state.
Returns:
Confirmation message. |
| list_modules | List all loaded modules (DLLs/shared libraries).
Returns:
List of modules with base address, size, and path. |
| get_module_info | Get detailed information about a specific module.
Args:
module_name: Name of the module (e.g., "game.dll")
Returns:
Module details including base, size, exports count. |
| get_module_exports | List exports from a module.
Args:
module_name: Name of the module
filter_name: Optional filter for export names
Returns:
List of exports with name and address. |
| get_module_imports | List imports for a module.
Args:
module_name: Name of the module
filter_name: Optional filter for import names
Returns:
List of imports with name, module, and address. |
| resolve_symbol | Resolve a symbol to its address.
Args:
module_name: Name of the module containing the symbol
symbol_name: Name of the symbol/function
Returns:
Address of the symbol. |
| hook_function | Hook a function at the specified address.
Args:
address: Address to hook (hex string)
on_enter: JavaScript code for onEnter (has access to 'args' array)
on_leave: JavaScript code for onLeave (has access to 'retval')
description: Optional description
Returns:
Hook status. |
| unhook_function | Remove a hook from an address.
Args:
address: Address to unhook
Returns:
Unhook status. |
| replace_function | Replace a function to always return a specific value.
Args:
address: Address of function to replace
return_value: Value to return
Returns:
Replacement status. |
| hook_native_function | Hook a native function with explicit calling convention.
Args:
address: Address of function
calling_convention: "default", "stdcall", "fastcall", "thiscall"
arg_types: List of argument types
return_type: Return type
on_enter: JavaScript for onEnter
on_leave: JavaScript for onLeave
Returns:
Hook status. |
| list_hooks | List all active hooks.
Returns:
List of active hooks with addresses and descriptions. |
| intercept_module_function | Hook a function by module and function name.
Args:
module_name: Name of the module (e.g., "game.dll")
function_name: Name of the exported function
on_enter: JavaScript for onEnter
on_leave: JavaScript for onLeave
Returns:
Hook status with resolved address. |
| set_breakpoint | Set a software breakpoint at address.
Args:
address: Address for breakpoint
callback: JavaScript code to execute when hit
Returns:
Breakpoint status. |
| remove_breakpoint | Remove a breakpoint.
Args:
address: Address of breakpoint to remove
Returns:
Removal status. |
| list_breakpoints | List all active breakpoints. |
| read_registers | Read CPU register values.
Note: Full register context available in hook callbacks via 'this.context'.
Returns:
Basic thread and architecture info. |
| load_script | Load a custom Frida JavaScript script.
Args:
script_code: JavaScript code to load
name: Name to identify the script
Returns:
Load status. |
| unload_script | Unload a custom script.
Args:
name: Name of the script to unload
Returns:
Unload status. |
| call_rpc | Call an RPC export from a loaded script.
Args:
name: Name of the loaded script
method: RPC method name to call
args: Arguments to pass
Returns:
RPC result. |
| list_windows | List all visible windows.
Args:
filter_name: Optional filter to match window titles (case-insensitive)
Returns:
List of windows with handle, title, and associated PID. |
| screenshot_window | Take a screenshot of a specific window.
Args:
target: Window title (string) or HWND handle (integer)
save_path: Optional path to save the screenshot (PNG). If empty, returns base64.
Returns:
Screenshot info with base64 data or saved file path. |
| screenshot_screen | Take a screenshot of the entire screen or a region.
Args:
save_path: Optional path to save the screenshot (PNG). If empty, returns base64.
region: Optional [x, y, width, height] to capture specific region.
Returns:
Screenshot info with base64 data or saved file path. |
| send_key_to_window | Send a keystroke to a specific window.
Args:
target: Window title (string) or HWND handle (integer)
key: Key to send (e.g., "a", "enter", "space", "up", "down", "left", "right")
use_sendinput: If True, use SendInput (requires window focus). If False, use PostMessage.
Returns:
Success status. |
| focus_window | Bring a window to the foreground.
Args:
target: Window title (string) or HWND handle (integer)
Returns:
Success status. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |