Final cleanup

2026-01-20 04:03:57 +00:00 · 2025-06-07 08:00:27 +02:00
parent da4a4f90c9
commit 05c5f0a085
4 changed files with 31 additions and 21 deletions
--- a/src/analyzer/analysis.cpp
+++ b/src/analyzer/analysis.cpp
@@ -63,6 +63,27 @@ namespace
                             address, address + length, get_permission_string(permission).c_str());
    }

+    void handle_memory_violate(const analysis_context& c, const uint64_t address, const uint64_t size,
+                               const memory_operation operation, const memory_violation_type type)
+    {
+        const auto permission = get_permission_string(operation);
+        const auto ip = c.win_emu->emu().read_instruction_pointer();
+        const char* name = c.win_emu->mod_manager.find_name(ip);
+
+        if (type == memory_violation_type::protection)
+        {
+            c.win_emu->log.print(color::gray,
+                                 "Protection violation: 0x%" PRIx64 " (%" PRIx64 ") - %s at 0x%" PRIx64 " (%s)\n",
+                                 address, size, permission.c_str(), ip, name);
+        }
+        else if (type == memory_violation_type::unmapped)
+        {
+            c.win_emu->log.print(color::gray,
+                                 "Mapping violation: 0x%" PRIx64 " (%" PRIx64 ") - %s at 0x%" PRIx64 " (%s)\n", address,
+                                 size, permission.c_str(), ip, name);
+        }
+    }
+
    void handle_ioctrl(const analysis_context& c, const io_device&, const std::u16string_view device_name,
                       const ULONG code)
    {
@@ -236,6 +257,7 @@ void register_analysis_callbacks(analysis_context& c)
    cb.on_ioctrl = make_callback(c, handle_ioctrl);

    cb.on_memory_protect = make_callback(c, handle_memory_protect);
+    cb.on_memory_violate = make_callback(c, handle_memory_violate);
    cb.on_memory_allocate = make_callback(c, handle_memory_allocate);

    cb.on_module_load = make_callback(c, handle_module_load);
--- a/src/windows-emulator/syscalls/thread.cpp
+++ b/src/windows-emulator/syscalls/thread.cpp
@@ -324,14 +324,15 @@ namespace syscalls
    }

    NTSTATUS handle_NtAlertThreadByThreadIdEx(const syscall_context& c, const uint64_t thread_id,
-                                              const emulator_object<EMU_RTL_SRWLOCK<EmulatorTraits<Emu64>>> lock)
+                                              const emulator_object<EMU_RTL_SRWLOCK<EmulatorTraits<Emu64>>> /*lock*/)
    {
-        if (lock.value())
+        // TODO: Support lock
+        /*if (lock.value())
        {
-            c.win_emu.log.warn("NtAlertThreadByThreadIdEx with lock not supported yet!\n");
-            // c.emu.stop();
-            // return STATUS_NOT_SUPPORTED;
-        }
+             c.win_emu.log.warn("NtAlertThreadByThreadIdEx with lock not supported yet!\n");
+            //  c.emu.stop();
+            //  return STATUS_NOT_SUPPORTED;
+        }*/

        return handle_NtAlertThreadByThreadId(c, thread_id);
    }
--- a/src/windows-emulator/windows_emulator.cpp
+++ b/src/windows-emulator/windows_emulator.cpp
@@ -499,21 +499,7 @@ void windows_emulator::setup_hooks()

    this->emu().hook_memory_violation([&](const uint64_t address, const size_t size, const memory_operation operation,
                                          const memory_violation_type type) {
-        const auto permission = get_permission_string(operation);
-        const auto ip = this->emu().read_instruction_pointer();
-        const char* name = this->mod_manager.find_name(ip);
-
-        if (type == memory_violation_type::protection)
-        {
-            this->log.print(color::gray, "Protection violation: 0x%" PRIx64 " (%zX) - %s at 0x%" PRIx64 " (%s)\n",
-                            address, size, permission.c_str(), ip, name);
-        }
-        else if (type == memory_violation_type::unmapped)
-        {
-            this->log.print(color::gray, "Mapping violation: 0x%" PRIx64 " (%zX) - %s at 0x%" PRIx64 " (%s)\n", address,
-                            size, permission.c_str(), ip, name);
-        }
-
+        this->callbacks.on_memory_violate(address, size, operation, type);
        dispatch_access_violation(this->emu(), this->process, address, operation);
        return memory_violation_continuation::resume;
    });
--- a/src/windows-emulator/windows_emulator.hpp
+++ b/src/windows-emulator/windows_emulator.hpp
@@ -25,6 +25,7 @@ struct emulator_callbacks : module_manager::callbacks, process_context::callback

    opt_func<void(uint64_t address, uint64_t length, memory_permission)> on_memory_protect{};
    opt_func<void(uint64_t address, uint64_t length, memory_permission, bool commit)> on_memory_allocate{};
+    opt_func<void(uint64_t address, uint64_t length, memory_operation, memory_violation_type type)> on_memory_violate{};

    opt_func<continuation(uint32_t syscall_id, std::string_view syscall_name)> on_syscall{};
    opt_func<void(std::string_view data)> on_stdout{};