More fixes and progress

momo5502 · Aug 31, 2024 · 2d23abc · 2d23abc
1 parent f57e925
commit 2d23abc
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 47 deletions.
diff --git a/src/windows_emulator/main.cpp b/src/windows_emulator/main.cpp
@@ -575,22 +575,6 @@ namespace
 		(void)entry1;
 		(void)entry2;
 
-		std::unordered_map<uint64_t, std::string> export_remap{};
-		for (const auto& symbol : context.ntdll.exports)
-		{
-			export_remap.try_emplace(symbol.address, symbol.name);
-		}
-
-		for (const auto& exp : export_remap)
-		{
-			auto name = exp.second;
-			emu->hook_memory_execution(exp.first, 0,
-			                           [n = std::move(name)](const uint64_t address, const size_t)
-			                           {
-				                           printf("Executing function: %s (%llX)\n", n.c_str(), address);
-			                           });
-		}
-
 		syscall_dispatcher dispatcher{context.ntdll.exports};
 
 		emu->hook_instruction(x64_hookable_instructions::syscall, [&]

diff --git a/src/windows_emulator/module_mapper.cpp b/src/windows_emulator/module_mapper.cpp
@@ -142,6 +142,27 @@ namespace
 		}
 	}
 
+	void hook_exports(emulator& emu, const mapped_binary& binary, const std::filesystem::path& file)
+	{
+		const auto filename = file.filename().string();
+
+		std::unordered_map<uint64_t, std::string> export_remap{};
+		for (const auto& symbol : binary.exports)
+		{
+			export_remap.try_emplace(symbol.address, symbol.name);
+		}
+
+		for (const auto& exp : export_remap)
+		{
+			auto name = exp.second;
+			emu.hook_memory_execution(exp.first, 0,
+			                          [n = std::move(name), filename](const uint64_t address, const size_t)
+			                          {
+				                          printf("Executing function: %s - %s (%llX)\n",filename.c_str(), n.c_str(), address);
+			                          });
+		}
+	}
+
 	mapped_binary map_module(x64_emulator& emu, const std::vector<uint8_t>& module_data,
 	                         const std::string& name)
 	{
@@ -194,5 +215,9 @@ std::optional<mapped_binary> map_file(x64_emulator& emu, const std::filesystem::
 		return {};
 	}
 
-	return map_module(emu, data, file.generic_string());
+	auto binary = map_module(emu, data, file.generic_string());
+
+	hook_exports(emu, binary, file);
+
+	return binary;
 }
diff --git a/src/windows_emulator/syscalls.cpp b/src/windows_emulator/syscalls.cpp
@@ -18,6 +18,7 @@ namespace
 
 	constexpr uint64_t KNOWN_DLLS_DIRECTORY = DIRECTORY_BIT | PSEUDO_BIT | 0x1337;
 	constexpr uint64_t KNOWN_DLLS_SYMLINK = SYMLINK_BIT | PSEUDO_BIT | 0x1337;
+	constexpr uint64_t SHARED_SECTION = FILE_BIT | PSEUDO_BIT | 0x1337;
 
 	uint64_t get_syscall_argument(x64_emulator& emu, const size_t index)
 	{
@@ -403,51 +404,53 @@ namespace
 	                              const ACCESS_MASK /*desired_access*/,
 	                              const emulator_object<OBJECT_ATTRIBUTES> object_attributes)
 	{
-		uint32_t index = 1;
-		for (;; ++index)
+		const auto attributes = object_attributes.read();
+
+		auto filename = read_unicode_string(c.emu, attributes.ObjectName);
+		printf("Open section: %S\n", filename.c_str());
+
+		if (filename == L"\\Windows\\SharedSection")
 		{
-			if (!c.proc.files.contains(index))
-			{
-				break;
-			}
+			section_handle.write(SHARED_SECTION);
+			return STATUS_SUCCESS;
 		}
 
-		section_handle.write(index | FILE_BIT);
-
-		auto status = STATUS_SUCCESS;
-		std::wstring filename{};
-		object_attributes.access([&](const OBJECT_ATTRIBUTES& attributes)
+		if (reinterpret_cast<uint64_t>(attributes.RootDirectory) != KNOWN_DLLS_DIRECTORY)
 		{
-			if (reinterpret_cast<uint64_t>(attributes.RootDirectory) != KNOWN_DLLS_DIRECTORY)
-			{
-				status = STATUS_NOT_SUPPORTED;
-				return;
-			}
+			puts("Unsupported section");
+			c.emu.stop();
+			return STATUS_NOT_SUPPORTED;
+		}
 
-			filename = read_unicode_string(c.emu, attributes.ObjectName);
-			if (filename.starts_with(L"api-ms-"))
-			{
-				filename = L"C:\\WINDOWS\\System32\\downlevel\\" + filename;
-			}
-			else
-			{
-				filename = L"C:\\WINDOWS\\System32\\" + filename;
-			}
-		});
 
-		if (status != STATUS_SUCCESS)
+		if (filename.starts_with(L"api-ms-"))
+		{
+			filename = L"C:\\WINDOWS\\System32\\downlevel\\" + filename;
+		}
+		else
 		{
-			return status;
+			filename = L"C:\\WINDOWS\\System32\\" + filename;
 		}
 
 		if (!std::filesystem::exists(filename))
 		{
 			return STATUS_FILE_INVALID;
 		}
 
+		uint32_t index = 1;
+		for (;; ++index)
+		{
+			if (!c.proc.files.contains(index))
+			{
+				break;
+			}
+		}
+
+		section_handle.write(index | FILE_BIT);
+
 		c.proc.files.try_emplace(index, std::move(filename));
 
-		return status;
+		return STATUS_SUCCESS;
 	}
 
 	NTSTATUS handle_NtMapViewOfSection(const syscall_context& c, uint64_t section_handle, uint64_t process_handle,
@@ -562,11 +565,33 @@ namespace
 	                                         const emulator_object<uint32_t> return_length)
 	{
 		if (info_class == SystemFlushInformation
-			|| info_class == SystemHypervisorSharedPageInformation)
+			|| info_class == SystemHypervisorSharedPageInformation
+		)
 		{
 			return STATUS_NOT_SUPPORTED;
 		}
 
+		if (info_class == SystemRangeStartInformation)
+		{
+			if (return_length)
+			{
+				return_length.write(sizeof(SYSTEM_RANGE_START_INFORMATION));
+			}
+
+			if (system_information_length != sizeof(SYSTEM_RANGE_START_INFORMATION))
+			{
+				return STATUS_BUFFER_TOO_SMALL;
+			}
+
+			const emulator_object<SYSTEM_RANGE_START_INFORMATION> info_obj{c.emu, system_information};
+
+			info_obj.access([&](SYSTEM_RANGE_START_INFORMATION& info)
+			{
+				info.SystemRangeStart = 0xFFFF800000000000;
+			});
+
+			return STATUS_SUCCESS;
+		}
 		if (info_class == SystemNumaProcessorMap)
 		{
 			if (return_length)