From 6deefb932f02f357cab553de2e14fc862884a08f Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Sun, 20 Apr 2025 16:30:48 -0300 Subject: [PATCH 1/9] Add NtUserGetAtomName syscall --- src/windows-emulator/process_context.cpp | 11 +++++++++++ src/windows-emulator/process_context.hpp | 1 + src/windows-emulator/syscalls.cpp | 20 ++++++++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/src/windows-emulator/process_context.cpp b/src/windows-emulator/process_context.cpp index 36205f3e..f75395a3 100644 --- a/src/windows-emulator/process_context.cpp +++ b/src/windows-emulator/process_context.cpp @@ -312,3 +312,14 @@ bool process_context::delete_atom(uint16_t atom_id) return true; } + +const std::u16string* process_context::get_atom_name(uint16_t atom_id) const +{ + const auto it = atoms.find(atom_id); + if (it == atoms.end()) + { + return nullptr; + } + + return &it->second.name; +} diff --git a/src/windows-emulator/process_context.hpp b/src/windows-emulator/process_context.hpp index ac42f5f1..7fe34f27 100644 --- a/src/windows-emulator/process_context.hpp +++ b/src/windows-emulator/process_context.hpp @@ -68,6 +68,7 @@ struct process_context uint16_t add_or_find_atom(std::u16string name); bool delete_atom(const std::u16string& name); bool delete_atom(uint16_t atom_id); + const std::u16string* get_atom_name(uint16_t atom_id) const; void serialize(utils::buffer_serializer& buffer) const; void deserialize(utils::buffer_deserializer& buffer); diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index 605f000e..0152cefa 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -548,6 +548,25 @@ namespace syscalls return STATUS_SUCCESS; } + NTSTATUS handle_NtUserGetAtomName(const syscall_context& c, const RTL_ATOM atom, const uint64_t atom_name, + const ULONG length) + { + const auto* name = c.proc.get_atom_name(atom); + if (!name) + { + return STATUS_INVALID_PARAMETER; + } + + if (length < name->size()) + { + return STATUS_BUFFER_TOO_SMALL; + } + + c.emu.write_memory(atom_name, name->data(), name->size()); + + return STATUS_SUCCESS; + } + NTSTATUS handle_NtQueryDebugFilterState() { return FALSE; @@ -719,6 +738,7 @@ void syscall_dispatcher::add_handlers(std::map& ha add_handler(NtAddAtomEx); add_handler(NtAddAtom); add_handler(NtDeleteAtom); + add_handler(NtUserGetAtomName); add_handler(NtInitializeNlsFiles); add_handler(NtUnmapViewOfSection); add_handler(NtUnmapViewOfSectionEx); From 039b276fb7c8f5c7b1984a69a0059b563059fce9 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Tue, 22 Apr 2025 01:23:27 -0300 Subject: [PATCH 2/9] Add 3 new syscall stubs --- src/windows-emulator/syscalls.cpp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index 0152cefa..a03e525f 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -673,6 +673,21 @@ namespace syscalls { return c.proc.delete_atom(read_unicode_string(c.emu, class_name)); } + + NTSTATUS handle_NtUserSetWindowsHookEx() + { + return STATUS_NOT_SUPPORTED; + } + + NTSTATUS handle_NtUserUnhookWindowsHookEx() + { + return STATUS_NOT_SUPPORTED; + } + + NTSTATUS handle_NtUserCreateWindowEx() + { + return STATUS_NOT_SUPPORTED; + } } void syscall_dispatcher::add_handlers(std::map& handler_mapping) @@ -826,6 +841,9 @@ void syscall_dispatcher::add_handlers(std::map& ha add_handler(NtUserGetProcessWindowStation); add_handler(NtUserRegisterClassExWOW); add_handler(NtUserUnregisterClass); + add_handler(NtUserSetWindowsHookEx); + add_handler(NtUserUnhookWindowsHookEx); + add_handler(NtUserCreateWindowEx); #undef add_handler } \ No newline at end of file From 08098da53870bf2211a7e2453d73db94ea2603f3 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Tue, 22 Apr 2025 01:25:15 -0300 Subject: [PATCH 3/9] Skip ThreadAffinityMask in NtSetInformationThread --- src/windows-emulator/syscalls/thread.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/windows-emulator/syscalls/thread.cpp b/src/windows-emulator/syscalls/thread.cpp index 4952759e..a0f4af92 100644 --- a/src/windows-emulator/syscalls/thread.cpp +++ b/src/windows-emulator/syscalls/thread.cpp @@ -18,7 +18,8 @@ namespace syscalls return STATUS_INVALID_HANDLE; } - if (info_class == ThreadSchedulerSharedDataSlot || info_class == ThreadBasePriority) + if (info_class == ThreadSchedulerSharedDataSlot || info_class == ThreadBasePriority || + info_class == ThreadAffinityMask) { return STATUS_SUCCESS; } From 7e93f5d7f6ddb413b94c81a9c49247b7fad4b748 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Tue, 22 Apr 2025 01:48:52 -0300 Subject: [PATCH 4/9] Improvements to locale syscalls and fix TimeZone query --- src/common/platform/kernel_mapped.hpp | 38 +++++++++++ src/windows-emulator/process_context.hpp | 3 + src/windows-emulator/syscalls.cpp | 17 ++++- src/windows-emulator/syscalls/locale.cpp | 37 ++++++++++- src/windows-emulator/syscalls/port.cpp | 57 ++++++++++++++++- src/windows-emulator/syscalls/section.cpp | 36 ++++++++--- src/windows-emulator/syscalls/system.cpp | 77 +++++++++++++++++++++++ 7 files changed, 247 insertions(+), 18 deletions(-) diff --git a/src/common/platform/kernel_mapped.hpp b/src/common/platform/kernel_mapped.hpp index 221545fb..f0677a3f 100644 --- a/src/common/platform/kernel_mapped.hpp +++ b/src/common/platform/kernel_mapped.hpp @@ -862,6 +862,44 @@ typedef struct _SYSTEM_TIMEOFDAY_INFORMATION64 ULONGLONG SleepTimeBias; } SYSTEM_TIMEOFDAY_INFORMATION64, *PSYSTEM_TIMEOFDAY_INFORMATION64; +#ifndef OS_WINDOWS +typedef struct _SYSTEMTIME +{ + WORD wYear; + WORD wMonth; + WORD wDayOfWeek; + WORD wDay; + WORD wHour; + WORD wMinute; + WORD wSecond; + WORD wMilliseconds; +} SYSTEMTIME, *PSYSTEMTIME, *LPSYSTEMTIME; +#endif + +typedef struct _SYSTEM_TIMEZONE_INFORMATION +{ + LONG Bias; + ARRAY_CONTAINER StandardName; + SYSTEMTIME StandardDate; + LONG StandardBias; + ARRAY_CONTAINER DaylightName; + SYSTEMTIME DaylightDate; + LONG DaylightBias; +} SYSTEM_TIMEZONE_INFORMATION, *PSYSTEM_TIMEZONE_INFORMATION; + +typedef struct _SYSTEM_DYNAMIC_TIMEZONE_INFORMATION +{ + LONG Bias; + ARRAY_CONTAINER StandardName; + SYSTEMTIME StandardDate; + LONG StandardBias; + ARRAY_CONTAINER DaylightName; + SYSTEMTIME DaylightDate; + LONG DaylightBias; + ARRAY_CONTAINER TimeZoneKeyName; + BOOLEAN DynamicDaylightTimeDisabled; +} SYSTEM_DYNAMIC_TIMEZONE_INFORMATION, *PSYSTEM_DYNAMIC_TIMEZONE_INFORMATION; + typedef struct _PROCESS_BASIC_INFORMATION64 { NTSTATUS ExitStatus; diff --git a/src/windows-emulator/process_context.hpp b/src/windows-emulator/process_context.hpp index 7fe34f27..b6aa8e30 100644 --- a/src/windows-emulator/process_context.hpp +++ b/src/windows-emulator/process_context.hpp @@ -80,7 +80,10 @@ struct process_context uint64_t current_ip{0}; uint64_t previous_ip{0}; + uint64_t shared_section_address{0}; + uint64_t shared_section_size{0}; uint64_t dbwin_buffer{0}; + uint64_t dbwin_buffer_size{0}; std::optional exception_rip{}; std::optional exit_status{}; diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index a03e525f..358128c3 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -118,11 +118,14 @@ namespace syscalls emulator_object /*default_casing_table_size*/); NTSTATUS handle_NtQueryDefaultLocale(const syscall_context&, BOOLEAN /*user_profile*/, emulator_object default_locale_id); - NTSTATUS handle_NtGetNlsSectionPtr(); + NTSTATUS handle_NtGetNlsSectionPtr(const syscall_context& c, ULONG section_type, ULONG section_data, + emulator_pointer /*context_data*/, emulator_object section_pointer, + emulator_object section_size); NTSTATUS handle_NtGetMUIRegistryInfo(); NTSTATUS handle_NtIsUILanguageComitted(); NTSTATUS handle_NtUserGetKeyboardLayout(); - NTSTATUS handle_NtQueryInstallUILanguage(); + NTSTATUS handle_NtQueryDefaultUILanguage(const syscall_context&, emulator_object language_id); + NTSTATUS handle_NtQueryInstallUILanguage(const syscall_context&, emulator_object language_id); // syscalls/memory.cpp: NTSTATUS handle_NtQueryVirtualMemory(const syscall_context& c, handle process_handle, uint64_t base_address, @@ -180,6 +183,14 @@ namespace syscalls emulator_object /*server_shared_memory*/, emulator_object /*maximum_message_length*/, emulator_pointer connection_info, emulator_object connection_info_length); + NTSTATUS handle_NtSecureConnectPort(const syscall_context& c, emulator_object client_port_handle, + emulator_object>> server_port_name, + emulator_object security_qos, + emulator_object client_shared_memory, + emulator_object /*server_sid*/, + emulator_object server_shared_memory, + emulator_object maximum_message_length, emulator_pointer connection_info, + emulator_object connection_info_length); NTSTATUS handle_NtAlpcSendWaitReceivePort(const syscall_context& c, handle port_handle, ULONG /*flags*/, emulator_object /*send_message*/, emulator_object @@ -732,6 +743,7 @@ void syscall_dispatcher::add_handlers(std::map& ha add_handler(NtApphelpCacheControl); add_handler(NtCreateSection); add_handler(NtConnectPort); + add_handler(NtSecureConnectPort); add_handler(NtCreateFile); add_handler(NtDeviceIoControlFile); add_handler(NtQueryWnfStateData); @@ -769,6 +781,7 @@ void syscall_dispatcher::add_handlers(std::map& ha add_handler(NtOpenEvent); add_handler(NtGetMUIRegistryInfo); add_handler(NtIsUILanguageComitted); + add_handler(NtQueryDefaultUILanguage); add_handler(NtQueryInstallUILanguage); add_handler(NtUpdateWnfStateData); add_handler(NtRaiseException); diff --git a/src/windows-emulator/syscalls/locale.cpp b/src/windows-emulator/syscalls/locale.cpp index c1768148..cb4fac79 100644 --- a/src/windows-emulator/syscalls/locale.cpp +++ b/src/windows-emulator/syscalls/locale.cpp @@ -34,8 +34,32 @@ namespace syscalls return STATUS_SUCCESS; } - NTSTATUS handle_NtGetNlsSectionPtr() + NTSTATUS handle_NtGetNlsSectionPtr(const syscall_context& c, ULONG section_type, ULONG section_data, + emulator_pointer /*context_data*/, emulator_object section_pointer, + emulator_object section_size) { + if (section_type == 11) + { + c.win_emu.log.print(color::dark_gray, "--> Code Page: %d\n", section_data); + + const auto file_path = std::format(R"(C:\Windows\System32\C_{}.NLS)", section_data); + const auto locale_file = utils::io::read_file(c.win_emu.file_sys.translate(file_path)); + if (locale_file.empty()) + { + return STATUS_OBJECT_NAME_NOT_FOUND; + } + + const auto size = static_cast(page_align_up(locale_file.size())); + const auto section_memory = c.win_emu.memory.allocate_memory(size, memory_permission::read); + c.emu.write_memory(section_memory, locale_file.data(), locale_file.size()); + + section_pointer.write_if_valid(section_memory); + section_size.write_if_valid(static_cast(size)); + + return STATUS_SUCCESS; + } + + c.win_emu.log.print(color::gray, "Unsupported section type: %X\n", section_type); return STATUS_NOT_SUPPORTED; } @@ -54,8 +78,15 @@ namespace syscalls return STATUS_NOT_SUPPORTED; } - NTSTATUS handle_NtQueryInstallUILanguage() + NTSTATUS handle_NtQueryDefaultUILanguage(const syscall_context&, emulator_object language_id) { - return STATUS_NOT_SUPPORTED; + language_id.write(0x407); + return STATUS_SUCCESS; + } + + NTSTATUS handle_NtQueryInstallUILanguage(const syscall_context&, emulator_object language_id) + { + language_id.write(0x407); + return STATUS_SUCCESS; } } diff --git a/src/windows-emulator/syscalls/port.cpp b/src/windows-emulator/syscalls/port.cpp index bfade094..a2a765d2 100644 --- a/src/windows-emulator/syscalls/port.cpp +++ b/src/windows-emulator/syscalls/port.cpp @@ -4,6 +4,18 @@ namespace syscalls { + struct CSR_API_CONNECTINFO + { + uint64_t SharedSectionBase; + uint64_t SharedStaticServerData; + uint64_t SharedSectionHeap; + ULONG DebugFlags; + ULONG SizeOfPebData; + ULONG SizeOfTebData; + ULONG NumberOfServerDllNames; + EMULATOR_CAST(uint64_t, HANDLE) ServerProcessId; + }; + NTSTATUS handle_NtConnectPort(const syscall_context& c, const emulator_object client_port_handle, const emulator_object>> server_port_name, const emulator_object /*security_qos*/, @@ -21,9 +33,34 @@ namespace syscalls if (connection_info) { - std::vector zero_mem{}; - zero_mem.resize(connection_info_length.read(), 0); - c.emu.write_memory(connection_info, zero_mem.data(), zero_mem.size()); + if (p.name == u"\\Windows\\ApiPort") + { + CSR_API_CONNECTINFO connect_info{}; + + const auto expected_connect_length = connection_info_length.read(); + if (expected_connect_length < sizeof(CSR_API_CONNECTINFO)) + { + return STATUS_BUFFER_TOO_SMALL; + } + + // TODO: Use client_shared_memory to get the section entry and get the address from it? + connect_info.SharedSectionBase = c.proc.shared_section_address; + c.emu.write_memory(c.proc.shared_section_address + 2504, + 0xFFFFFFFF); // BaseStaticServerData->TermsrvClientTimeZoneId + + const auto static_server_data = + c.win_emu.memory.allocate_memory(0x10000, memory_permission::read_write); + connect_info.SharedStaticServerData = static_server_data; + c.emu.write_memory(static_server_data + 8, connect_info.SharedSectionBase); + + c.emu.write_memory(connection_info, &connect_info, sizeof(connect_info)); + } + else + { + std::vector zero_mem{}; + zero_mem.resize(connection_info_length.read(), 0); + c.emu.write_memory(connection_info, zero_mem.data(), zero_mem.size()); + } } client_shared_memory.access([&](PORT_VIEW64& view) { @@ -39,6 +76,20 @@ namespace syscalls return STATUS_SUCCESS; } + NTSTATUS handle_NtSecureConnectPort(const syscall_context& c, emulator_object client_port_handle, + emulator_object>> server_port_name, + emulator_object security_qos, + emulator_object client_shared_memory, + emulator_object /*server_sid*/, + emulator_object server_shared_memory, + emulator_object maximum_message_length, emulator_pointer connection_info, + emulator_object connection_info_length) + { + return handle_NtConnectPort(c, client_port_handle, server_port_name, security_qos, client_shared_memory, + server_shared_memory, maximum_message_length, connection_info, + connection_info_length); + } + NTSTATUS handle_NtAlpcSendWaitReceivePort(const syscall_context& c, const handle port_handle, const ULONG /*flags*/, const emulator_object /*send_message*/, const emulator_object diff --git a/src/windows-emulator/syscalls/section.cpp b/src/windows-emulator/syscalls/section.cpp index bb0aa437..586de935 100644 --- a/src/windows-emulator/syscalls/section.cpp +++ b/src/windows-emulator/syscalls/section.cpp @@ -64,12 +64,26 @@ namespace syscalls if (filename == u"\\Windows\\SharedSection") { + constexpr auto shared_section_size = 0x10000; + + const auto address = c.win_emu.memory.find_free_allocation_base(shared_section_size); + c.win_emu.memory.allocate_memory(address, shared_section_size, memory_permission::read_write); + c.proc.shared_section_address = address; + c.proc.shared_section_size = shared_section_size; + section_handle.write(SHARED_SECTION); return STATUS_SUCCESS; } if (filename == u"DBWIN_BUFFER") { + constexpr auto dbwin_buffer_section_size = 0x1000; + + const auto address = c.win_emu.memory.find_free_allocation_base(dbwin_buffer_section_size); + c.win_emu.memory.allocate_memory(address, dbwin_buffer_section_size, memory_permission::read_write); + c.proc.dbwin_buffer = address; + c.proc.dbwin_buffer_size = dbwin_buffer_section_size; + section_handle.write(DBWIN_BUFFER); return STATUS_SUCCESS; } @@ -120,10 +134,8 @@ namespace syscalls if (section_handle == SHARED_SECTION) { - constexpr auto shared_section_size = 0x10000; - - const auto address = c.win_emu.memory.find_free_allocation_base(shared_section_size); - c.win_emu.memory.allocate_memory(address, shared_section_size, memory_permission::read_write); + const auto shared_section_size = c.proc.shared_section_size; + const auto address = c.proc.shared_section_address; const std::u16string_view windows_dir = c.proc.kusd.get().NtSystemRoot.arr; const auto windows_dir_size = windows_dir.size() * 2; @@ -168,11 +180,8 @@ namespace syscalls if (section_handle == DBWIN_BUFFER) { - constexpr auto dbwin_buffer_section_size = 0x1000; - - const auto address = c.win_emu.memory.find_free_allocation_base(dbwin_buffer_section_size); - c.win_emu.memory.allocate_memory(address, dbwin_buffer_section_size, memory_permission::read_write); - c.proc.dbwin_buffer = address; + const auto dbwin_buffer_section_size = c.proc.dbwin_buffer_size; + const auto address = c.proc.dbwin_buffer; if (view_size) { @@ -255,10 +264,17 @@ namespace syscalls return STATUS_INVALID_PARAMETER; } + if (base_address == c.proc.shared_section_address) + { + c.proc.shared_section_address = 0; + c.win_emu.memory.release_memory(base_address, c.proc.shared_section_size); + return STATUS_SUCCESS; + } + if (base_address == c.proc.dbwin_buffer) { c.proc.dbwin_buffer = 0; - c.win_emu.memory.release_memory(base_address, 0x1000); + c.win_emu.memory.release_memory(base_address, c.proc.dbwin_buffer_size); return STATUS_SUCCESS; } diff --git a/src/windows-emulator/syscalls/system.cpp b/src/windows-emulator/syscalls/system.cpp index 2d443891..37ead1ef 100644 --- a/src/windows-emulator/syscalls/system.cpp +++ b/src/windows-emulator/syscalls/system.cpp @@ -115,10 +115,87 @@ namespace syscalls return handle_query(c.emu, system_information, system_information_length, return_length, [&](SYSTEM_TIMEOFDAY_INFORMATION64& info) { + memset(&info, 0, sizeof(info)); info.BootTime.QuadPart = 0; + info.TimeZoneId = 0x00000002; // TODO: Fill }); + case SystemTimeZoneInformation: + case SystemCurrentTimeZoneInformation: + return handle_query( + c.emu, system_information, system_information_length, return_length, [&](SYSTEM_TIMEZONE_INFORMATION& tzi) { + memset(&tzi, 0, sizeof(tzi)); + + tzi.Bias = -60; + tzi.StandardBias = 0; + tzi.DaylightBias = -60; + + constexpr std::u16string_view std_name{u"W. Europe Standard Time"}; + memcpy(&tzi.StandardName.arr[0], std_name.data(), std_name.size() * sizeof(char16_t)); + + constexpr std::u16string_view dlt_name{u"W. Europe Daylight Time"}; + memcpy(&tzi.DaylightName.arr[0], dlt_name.data(), dlt_name.size() * sizeof(char16_t)); + + // Standard Time: Last Sunday in October, 03:00 + tzi.StandardDate.wMonth = 10; + tzi.StandardDate.wDayOfWeek = 0; + tzi.StandardDate.wDay = 5; + tzi.StandardDate.wHour = 3; + tzi.StandardDate.wMinute = 0; + tzi.StandardDate.wSecond = 0; + tzi.StandardDate.wMilliseconds = 0; + + // Daylight Time: Last Sunday in March, 02:00 + tzi.DaylightDate.wMonth = 3; + tzi.DaylightDate.wDayOfWeek = 0; + tzi.DaylightDate.wDay = 5; + tzi.DaylightDate.wHour = 2; + tzi.DaylightDate.wMinute = 0; + tzi.DaylightDate.wSecond = 0; + tzi.DaylightDate.wMilliseconds = 0; + }); + + case SystemDynamicTimeZoneInformation: + return handle_query( + c.emu, system_information, system_information_length, return_length, + [&](SYSTEM_DYNAMIC_TIMEZONE_INFORMATION& dtzi) { + memset(&dtzi, 0, sizeof(dtzi)); + + dtzi.Bias = -60; + dtzi.StandardBias = 0; + dtzi.DaylightBias = -60; + + constexpr std::u16string_view std_name{u"W. Europe Standard Time"}; + memcpy(&dtzi.StandardName.arr[0], std_name.data(), std_name.size() * sizeof(char16_t)); + + constexpr std::u16string_view dlt_name{u"W. Europe Daylight Time"}; + memcpy(&dtzi.DaylightName.arr[0], dlt_name.data(), dlt_name.size() * sizeof(char16_t)); + + constexpr std::u16string_view key_name{u"W. Europe Standard Time"}; + memcpy(&dtzi.TimeZoneKeyName.arr[0], key_name.data(), key_name.size() * sizeof(char16_t)); + + // Standard Time: Last Sunday in October, 03:00 + dtzi.StandardDate.wMonth = 10; + dtzi.StandardDate.wDayOfWeek = 0; + dtzi.StandardDate.wDay = 5; + dtzi.StandardDate.wHour = 3; + dtzi.StandardDate.wMinute = 0; + dtzi.StandardDate.wSecond = 0; + dtzi.StandardDate.wMilliseconds = 0; + + // Daylight Time: Last Sunday in March, 02:00 + dtzi.DaylightDate.wMonth = 3; + dtzi.DaylightDate.wDayOfWeek = 0; + dtzi.DaylightDate.wDay = 5; + dtzi.DaylightDate.wHour = 2; + dtzi.DaylightDate.wMinute = 0; + dtzi.DaylightDate.wSecond = 0; + dtzi.DaylightDate.wMilliseconds = 0; + + dtzi.DynamicDaylightTimeDisabled = FALSE; + }); + case SystemRangeStartInformation: return handle_query(c.emu, system_information, system_information_length, return_length, From bd8818c335da210fd465c674207adf6a2e803e96 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Tue, 22 Apr 2025 02:35:54 -0300 Subject: [PATCH 5/9] Fix failing checks --- src/common/platform/kernel_mapped.hpp | 1 + src/windows-emulator/syscalls.cpp | 2 +- src/windows-emulator/syscalls/locale.cpp | 2 +- src/windows-emulator/syscalls/port.cpp | 2 +- src/windows-emulator/syscalls/system.cpp | 3 ++- 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/common/platform/kernel_mapped.hpp b/src/common/platform/kernel_mapped.hpp index f0677a3f..e58e3b3b 100644 --- a/src/common/platform/kernel_mapped.hpp +++ b/src/common/platform/kernel_mapped.hpp @@ -453,6 +453,7 @@ union TEB_SAME_TEB_FLAGS_UNION #ifndef OS_WINDOWS using LCID = DWORD; +using LANGID = WORD; #endif typedef struct _TEB64 diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index 358128c3..fce2ce37 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -187,7 +187,7 @@ namespace syscalls emulator_object>> server_port_name, emulator_object security_qos, emulator_object client_shared_memory, - emulator_object /*server_sid*/, + emulator_pointer /*server_sid*/, emulator_object server_shared_memory, emulator_object maximum_message_length, emulator_pointer connection_info, emulator_object connection_info_length); diff --git a/src/windows-emulator/syscalls/locale.cpp b/src/windows-emulator/syscalls/locale.cpp index cb4fac79..0cf09022 100644 --- a/src/windows-emulator/syscalls/locale.cpp +++ b/src/windows-emulator/syscalls/locale.cpp @@ -42,7 +42,7 @@ namespace syscalls { c.win_emu.log.print(color::dark_gray, "--> Code Page: %d\n", section_data); - const auto file_path = std::format(R"(C:\Windows\System32\C_{}.NLS)", section_data); + const auto file_path = R"(C:\Windows\System32\C_)" + std::to_string(section_data) + ".NLS"; const auto locale_file = utils::io::read_file(c.win_emu.file_sys.translate(file_path)); if (locale_file.empty()) { diff --git a/src/windows-emulator/syscalls/port.cpp b/src/windows-emulator/syscalls/port.cpp index a2a765d2..c557c15d 100644 --- a/src/windows-emulator/syscalls/port.cpp +++ b/src/windows-emulator/syscalls/port.cpp @@ -80,7 +80,7 @@ namespace syscalls emulator_object>> server_port_name, emulator_object security_qos, emulator_object client_shared_memory, - emulator_object /*server_sid*/, + emulator_pointer /*server_sid*/, emulator_object server_shared_memory, emulator_object maximum_message_length, emulator_pointer connection_info, emulator_object connection_info_length) diff --git a/src/windows-emulator/syscalls/system.cpp b/src/windows-emulator/syscalls/system.cpp index 37ead1ef..991f1aa9 100644 --- a/src/windows-emulator/syscalls/system.cpp +++ b/src/windows-emulator/syscalls/system.cpp @@ -124,7 +124,8 @@ namespace syscalls case SystemTimeZoneInformation: case SystemCurrentTimeZoneInformation: return handle_query( - c.emu, system_information, system_information_length, return_length, [&](SYSTEM_TIMEZONE_INFORMATION& tzi) { + c.emu, system_information, system_information_length, return_length, + [&](SYSTEM_TIMEZONE_INFORMATION& tzi) { memset(&tzi, 0, sizeof(tzi)); tzi.Bias = -60; From 5f2c15e642d523b16db18fd813aa27c564804389 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Tue, 22 Apr 2025 02:51:19 -0300 Subject: [PATCH 6/9] Fix x86 build --- src/windows-emulator/process_context.hpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/windows-emulator/process_context.hpp b/src/windows-emulator/process_context.hpp index b6aa8e30..ddad04a0 100644 --- a/src/windows-emulator/process_context.hpp +++ b/src/windows-emulator/process_context.hpp @@ -81,9 +81,9 @@ struct process_context uint64_t previous_ip{0}; uint64_t shared_section_address{0}; - uint64_t shared_section_size{0}; + size_t shared_section_size{0}; uint64_t dbwin_buffer{0}; - uint64_t dbwin_buffer_size{0}; + size_t dbwin_buffer_size{0}; std::optional exception_rip{}; std::optional exit_status{}; @@ -115,4 +115,4 @@ struct process_context uint32_t spawned_thread_count{0}; handle_store threads{}; emulator_thread* active_thread{nullptr}; -}; \ No newline at end of file +}; From 657bf6121a739c2caea1e952495904d3d4ab35bc Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Tue, 22 Apr 2025 03:44:45 -0300 Subject: [PATCH 7/9] Apply suggested changes --- src/windows-emulator/process_context.cpp | 6 ++++++ src/windows-emulator/process_context.hpp | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/windows-emulator/process_context.cpp b/src/windows-emulator/process_context.cpp index f75395a3..1ff0eb66 100644 --- a/src/windows-emulator/process_context.cpp +++ b/src/windows-emulator/process_context.cpp @@ -129,7 +129,10 @@ void process_context::serialize(utils::buffer_serializer& buffer) const { buffer.write(this->current_ip); buffer.write(this->previous_ip); + buffer.write(this->shared_section_address); + buffer.write(this->shared_section_size); buffer.write(this->dbwin_buffer); + buffer.write(this->dbwin_buffer_size); buffer.write_optional(this->exception_rip); buffer.write_optional(this->exit_status); buffer.write(this->base_allocator); @@ -164,7 +167,10 @@ void process_context::deserialize(utils::buffer_deserializer& buffer) { buffer.read(this->current_ip); buffer.read(this->previous_ip); + buffer.read(this->shared_section_address); + buffer.read(this->shared_section_size); buffer.read(this->dbwin_buffer); + buffer.read(this->dbwin_buffer_size); buffer.read_optional(this->exception_rip); buffer.read_optional(this->exit_status); buffer.read(this->base_allocator); diff --git a/src/windows-emulator/process_context.hpp b/src/windows-emulator/process_context.hpp index ddad04a0..02d4cf17 100644 --- a/src/windows-emulator/process_context.hpp +++ b/src/windows-emulator/process_context.hpp @@ -81,9 +81,9 @@ struct process_context uint64_t previous_ip{0}; uint64_t shared_section_address{0}; - size_t shared_section_size{0}; + uint64_t shared_section_size{0}; uint64_t dbwin_buffer{0}; - size_t dbwin_buffer_size{0}; + uint64_t dbwin_buffer_size{0}; std::optional exception_rip{}; std::optional exit_status{}; From b5abcce65dfb995e7aabd7917a7ac0b73aa49b39 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Tue, 22 Apr 2025 03:45:52 -0300 Subject: [PATCH 8/9] Fix NtUserGetAtomName signature --- src/windows-emulator/syscalls.cpp | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index fce2ce37..92d45db8 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -559,8 +559,8 @@ namespace syscalls return STATUS_SUCCESS; } - NTSTATUS handle_NtUserGetAtomName(const syscall_context& c, const RTL_ATOM atom, const uint64_t atom_name, - const ULONG length) + NTSTATUS handle_NtUserGetAtomName(const syscall_context& c, const RTL_ATOM atom, + const emulator_object>> atom_name) { const auto* name = c.proc.get_atom_name(atom); if (!name) @@ -568,14 +568,22 @@ namespace syscalls return STATUS_INVALID_PARAMETER; } - if (length < name->size()) - { - return STATUS_BUFFER_TOO_SMALL; - } + const size_t name_length = name->size() * 2; + const size_t max_length = name_length + 2; - c.emu.write_memory(atom_name, name->data(), name->size()); + bool too_small = false; + atom_name.access([&](UNICODE_STRING>& str) { + if (str.MaximumLength < max_length) + { + too_small = true; + return; + } - return STATUS_SUCCESS; + str.Length = static_cast(name_length); + c.emu.write_memory(str.Buffer, name->data(), max_length); + }); + + return too_small ? STATUS_BUFFER_TOO_SMALL : STATUS_SUCCESS; } NTSTATUS handle_NtQueryDebugFilterState() From 8970c4b1e60c062a5e082b17db82c85c17b57513 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Tue, 22 Apr 2025 03:54:13 -0300 Subject: [PATCH 9/9] Fix x86 build (again) --- src/windows-emulator/syscalls/section.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/windows-emulator/syscalls/section.cpp b/src/windows-emulator/syscalls/section.cpp index 586de935..eb7b837a 100644 --- a/src/windows-emulator/syscalls/section.cpp +++ b/src/windows-emulator/syscalls/section.cpp @@ -267,14 +267,14 @@ namespace syscalls if (base_address == c.proc.shared_section_address) { c.proc.shared_section_address = 0; - c.win_emu.memory.release_memory(base_address, c.proc.shared_section_size); + c.win_emu.memory.release_memory(base_address, static_cast(c.proc.shared_section_size)); return STATUS_SUCCESS; } if (base_address == c.proc.dbwin_buffer) { c.proc.dbwin_buffer = 0; - c.win_emu.memory.release_memory(base_address, c.proc.dbwin_buffer_size); + c.win_emu.memory.release_memory(base_address, static_cast(c.proc.dbwin_buffer_size)); return STATUS_SUCCESS; }