This release includes 3 security fixes for security teams reviewing exposed deployments.
Topics
+13 more
Summary
AI summaryPE binary analysis tools now accept VA parameters for automatic address conversion and symbol annotation.
Full changelog
Quick Start
- Download the binary for your OS below
- Run
agent-tool install(oragent-tool install claude) - Restart your IDE
- Done -- all tools work immediately, no permission popups
Or just ask your AI agent:
"Download agent-tool from https://github.com/knewstimek/agent-tool/releases/latest and run
agent-tool install"
Any capable AI coding agent (Claude Code, Codex, etc.) can handle the full download -> install -> restart flow automatically.
Tip: Add this to your CLAUDE.md or AGENTS.md so your agent prefers agent-tool over built-in tools:
Strict mode:
ALWAYS use agent-tool MCP tools (mcp__agent-tool__*) instead of built-in file tools. agent-tool preserves file encoding and respects .editorconfig indentation settings.
Soft mode:
Prefer agent-tool MCP tools (mcp__agent-tool__*) over built-in file tools when available.
What's New in v0.7.6
analyze tool: PE binary analysis enhancements
VA parameter for PE files -- Use va instead of offset+base_addr for automatic VA-to-offset conversion, correct address display, and symbol annotation:
disassemblewithva="0x140001000"-- auto-detects mode (32/64), sets base address, annotates known symbolsfunction_atwithva="0x140001000"-- finds function boundaries and auto-disassemblesstringswithva="0x140001000"-- shows VA addresses instead of file offsetspattern_searchwithva="0x140001000"-- shows VA addresses for pattern matcheshexdumpwithva="0x140001000"-- reads from the correct file offset and displays VA addresses
xref -- Find all code references (CALL, JMP, Jcc, LEA, indirect) to a target address in PE executables. Supports both x86 and x64.
function_at -- Find function boundaries via PE .pdata (x64) or heuristic prologue/epilogue detection (x86/stripped binaries). Auto-disassembles the function body.
Heuristic function boundary detection -- When .pdata is unavailable (x86 PE, stripped/packed x64), falls back to prologue pattern matching (push rbp/ebp; mov rbp/ebp, rsp/esp) and epilogue detection (ret + int3/nop padding). Reports confidence level (high/medium/low).
pe_info enhancements:
- .text section auto-disassembly at entry point with correct VA display
- Imports table shows IAT VA addresses
- Symbol annotation in disassembly output (call/jmp targets resolved to function names)
Agent-friendly error messages -- All error messages now include what went wrong, why, and actionable suggestions for the agent to try next.
bash tool: heredoc EOF fix
- Fixed heredoc terminator not being recognized when sentinel was appended on same line with
; - Changed command-sentinel separator from
;to newline across all shell backends (bash, git-bash, pwsh, PS 5.1)
Internal: shared VA resolver
- Extracted
resolveVA()common helper for VA-to-file-offset conversion (prevents future VA bugs across operations)
Security fixes (from audit)
- PS 5.1 Write-Host quote injection prevention in Tokenize wrapper
- .pdata VirtualAddress bounds check before slicing
- .pdata entry count overflow prevention (uint32 -> int conversion)
Security Fixes
- PS 5.1 Write-Host quote injection prevention in Tokenize wrapper
- .pdata VirtualAddress bounds check before slicing
- .pdata entry count overflow prevention (uint32 → int conversion)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About knewstimek/agent-tool
Encoding-aware, indentation-smart file tools for AI coding agents. 20+ tools including read/edit with automatic encoding detection, smart indentation conversion, SSH, SFTP, process management, and system utilities. Preserves file encoding (UTF-8, EUC-KR, Shift_JIS, etc.) and respects .editorconfig settings.
Related context
Beta — feedback welcome: [email protected]