From 05c5f0a085395ba6b88eae4973e1f547da3e09f4 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sat, 7 Jun 2025 08:00:27 +0200
Subject: [PATCH] Final cleanup

---
 src/analyzer/analysis.cpp                 | 22 ++++++++++++++++++++++
 src/windows-emulator/syscalls/thread.cpp  | 13 +++++++------
 src/windows-emulator/windows_emulator.cpp | 16 +---------------
 src/windows-emulator/windows_emulator.hpp |  1 +
 4 files changed, 31 insertions(+), 21 deletions(-)

diff --git a/src/analyzer/analysis.cpp b/src/analyzer/analysis.cpp
index 005a914b..aaf4d9d9 100644
--- a/src/analyzer/analysis.cpp
+++ b/src/analyzer/analysis.cpp
@@ -63,6 +63,27 @@ namespace
                              address, address + length, get_permission_string(permission).c_str());
     }
 
+    void handle_memory_violate(const analysis_context& c, const uint64_t address, const uint64_t size,
+                               const memory_operation operation, const memory_violation_type type)
+    {
+        const auto permission = get_permission_string(operation);
+        const auto ip = c.win_emu->emu().read_instruction_pointer();
+        const char* name = c.win_emu->mod_manager.find_name(ip);
+
+        if (type == memory_violation_type::protection)
+        {
+            c.win_emu->log.print(color::gray,
+                                 "Protection violation: 0x%" PRIx64 " (%" PRIx64 ") - %s at 0x%" PRIx64 " (%s)\n",
+                                 address, size, permission.c_str(), ip, name);
+        }
+        else if (type == memory_violation_type::unmapped)
+        {
+            c.win_emu->log.print(color::gray,
+                                 "Mapping violation: 0x%" PRIx64 " (%" PRIx64 ") - %s at 0x%" PRIx64 " (%s)\n", address,
+                                 size, permission.c_str(), ip, name);
+        }
+    }
+
     void handle_ioctrl(const analysis_context& c, const io_device&, const std::u16string_view device_name,
                        const ULONG code)
     {
@@ -236,6 +257,7 @@ void register_analysis_callbacks(analysis_context& c)
     cb.on_ioctrl = make_callback(c, handle_ioctrl);
 
     cb.on_memory_protect = make_callback(c, handle_memory_protect);
+    cb.on_memory_violate = make_callback(c, handle_memory_violate);
     cb.on_memory_allocate = make_callback(c, handle_memory_allocate);
 
     cb.on_module_load = make_callback(c, handle_module_load);
diff --git a/src/windows-emulator/syscalls/thread.cpp b/src/windows-emulator/syscalls/thread.cpp
index d11b40c1..39098480 100644
--- a/src/windows-emulator/syscalls/thread.cpp
+++ b/src/windows-emulator/syscalls/thread.cpp
@@ -324,14 +324,15 @@ namespace syscalls
     }
 
     NTSTATUS handle_NtAlertThreadByThreadIdEx(const syscall_context& c, const uint64_t thread_id,
-                                              const emulator_object<EMU_RTL_SRWLOCK<EmulatorTraits<Emu64>>> lock)
+                                              const emulator_object<EMU_RTL_SRWLOCK<EmulatorTraits<Emu64>>> /*lock*/)
     {
-        if (lock.value())
+        // TODO: Support lock
+        /*if (lock.value())
         {
-            c.win_emu.log.warn("NtAlertThreadByThreadIdEx with lock not supported yet!\n");
-            // c.emu.stop();
-            // return STATUS_NOT_SUPPORTED;
-        }
+             c.win_emu.log.warn("NtAlertThreadByThreadIdEx with lock not supported yet!\n");
+            //  c.emu.stop();
+            //  return STATUS_NOT_SUPPORTED;
+        }*/
 
         return handle_NtAlertThreadByThreadId(c, thread_id);
     }
diff --git a/src/windows-emulator/windows_emulator.cpp b/src/windows-emulator/windows_emulator.cpp
index 34e9394d..9433e08a 100644
--- a/src/windows-emulator/windows_emulator.cpp
+++ b/src/windows-emulator/windows_emulator.cpp
@@ -499,21 +499,7 @@ void windows_emulator::setup_hooks()
 
     this->emu().hook_memory_violation([&](const uint64_t address, const size_t size, const memory_operation operation,
                                           const memory_violation_type type) {
-        const auto permission = get_permission_string(operation);
-        const auto ip = this->emu().read_instruction_pointer();
-        const char* name = this->mod_manager.find_name(ip);
-
-        if (type == memory_violation_type::protection)
-        {
-            this->log.print(color::gray, "Protection violation: 0x%" PRIx64 " (%zX) - %s at 0x%" PRIx64 " (%s)\n",
-                            address, size, permission.c_str(), ip, name);
-        }
-        else if (type == memory_violation_type::unmapped)
-        {
-            this->log.print(color::gray, "Mapping violation: 0x%" PRIx64 " (%zX) - %s at 0x%" PRIx64 " (%s)\n", address,
-                            size, permission.c_str(), ip, name);
-        }
-
+        this->callbacks.on_memory_violate(address, size, operation, type);
         dispatch_access_violation(this->emu(), this->process, address, operation);
         return memory_violation_continuation::resume;
     });
diff --git a/src/windows-emulator/windows_emulator.hpp b/src/windows-emulator/windows_emulator.hpp
index 1ca10dcd..c6732a30 100644
--- a/src/windows-emulator/windows_emulator.hpp
+++ b/src/windows-emulator/windows_emulator.hpp
@@ -25,6 +25,7 @@ struct emulator_callbacks : module_manager::callbacks, process_context::callback
 
     opt_func<void(uint64_t address, uint64_t length, memory_permission)> on_memory_protect{};
     opt_func<void(uint64_t address, uint64_t length, memory_permission, bool commit)> on_memory_allocate{};
+    opt_func<void(uint64_t address, uint64_t length, memory_operation, memory_violation_type type)> on_memory_violate{};
 
     opt_func<continuation(uint32_t syscall_id, std::string_view syscall_name)> on_syscall{};
     opt_func<void(std::string_view data)> on_stdout{};