Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-19 03:33:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Minidump can load pages with C permission set. Minor instrumentation.

Browse Source
This commit is contained in:
CarlTSpeak
2025-10-18 14:19:53 +01:00
parent babde1da63
commit 1f5afe4c74
4 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/analyzer/analysis.cpp
View File

@@ -204,6 +204,17 @@ namespace
emu.reg(x86_register::rsp, emu.reg(x86_register::rsp) + 8);
emu.reg(x86_register::rax, 1);
}
else if (function == "VirtualQuery")
{
auto& emu = c.win_emu->emu();
const auto lpAddress = emu.reg(x86_register::rcx);
const auto lpBuffer = emu.reg(x86_register::rdx);
const auto dwLength = emu.reg(x86_register::r8);
c.win_emu->log.print(color::yellow,
"VirtualQuery called: lpAddress=0x%" PRIx64 ", lpBuffer=0x%" PRIx64 ", dwLength=%" PRIu64 "\n", lpAddress,
lpBuffer, dwLength);
}
else if (function == "lstrcmp" || function == "lstrcmpi")
{
print_arg_as_string(*c.win_emu, 0);

4
src/windows-emulator/memory_utils.hpp
View File

@@ -51,8 +51,10 @@ inline std::optional<nt_memory_permission> try_map_nt_to_emulator_protection(uin
case PAGE_EXECUTE_READWRITE:
common = memory_permission::all;
break;
case 0:
case PAGE_EXECUTE_WRITECOPY:
common = memory_permission::all;
break;
case 0:
default:
return std::nullopt;
}

19
src/windows-emulator/windows_emulator.cpp
View File

@@ -328,7 +328,7 @@ windows_emulator::windows_emulator(std::unique_ptr<x86_64_emulator> emu, const e
this->map_port(mapping.first, mapping.second);
}
this->setup_hooks();
this->setup_hooks();
}
windows_emulator::~windows_emulator() = default;
@@ -434,6 +434,9 @@ void windows_emulator::on_instruction_execution(const uint64_t address)
void windows_emulator::setup_hooks()
{
uint64_t tsc_base = splitmix64(0xCAFEBABEDEADBEEFull);
constexpr uint64_t tick_scale = 50;
this->emu().hook_instruction(x86_hookable_instructions::syscall, [&] {
this->dispatcher.dispatch(*this);
return instruction_hook_continuation::skip_instruction;
@@ -442,9 +445,10 @@ void windows_emulator::setup_hooks()
this->emu().hook_instruction(x86_hookable_instructions::rdtscp, [&] {
this->callbacks.on_rdtscp();
const auto ticks = this->clock_->timestamp_counter();
this->emu().reg(x86_register::rax, ticks & 0xFFFFFFFF);
this->emu().reg(x86_register::rdx, (ticks >> 32) & 0xFFFFFFFF);
const uint64_t retired = this->executed_instructions_;
const uint64_t ticks = tsc_base + (retired * tick_scale);
this->emu().reg(x86_register::rax, static_cast<uint32_t>(ticks));
this->emu().reg(x86_register::rdx, static_cast<uint32_t>(ticks >> 32));
// Return the IA32_TSC_AUX value in RCX (low 32 bits)
auto tsc_aux = 0; // Need to replace this with proper CPUID later
@@ -456,9 +460,10 @@ void windows_emulator::setup_hooks()
this->emu().hook_instruction(x86_hookable_instructions::rdtsc, [&] {
this->callbacks.on_rdtsc();
const auto ticks = this->clock_->timestamp_counter();
this->emu().reg(x86_register::rax, ticks & 0xFFFFFFFF);
this->emu().reg(x86_register::rdx, (ticks >> 32) & 0xFFFFFFFF);
const uint64_t retired = this->executed_instructions_;
const uint64_t ticks = tsc_base + (retired * tick_scale);
this->emu().reg(x86_register::rax, static_cast<uint32_t>(ticks));
this->emu().reg(x86_register::rdx, static_cast<uint32_t>(ticks >> 32));
return instruction_hook_continuation::skip_instruction;
});

8
src/windows-emulator/windows_emulator.hpp
View File

@@ -225,3 +225,11 @@ class windows_emulator
void register_factories(utils::buffer_deserializer& buffer);
};
static inline uint64_t splitmix64(uint64_t x) noexcept
{
x += 0x9E3779B97F4A7C15ull;
x = (x ^ (x >> 30)) * 0xBF58476D1CE4E5B9ull;
x = (x ^ (x >> 27)) * 0x94D049BB133111EBull;
return x ^ (x >> 31);
}