Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-24 06:01:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix stack alignment

Browse Source
This commit is contained in:
momo5502
2024-09-06 19:44:35 +02:00
parent daeea58c91
commit 2022513bbe
3 changed files with 33 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/windows_emulator/main.cpp
View File

@@ -135,6 +135,13 @@ namespace
return {emu, new_sp};
}
void unalign_stack(x64_emulator& emu)
{
auto sp = emu.reg(x64_register::rsp);
sp = align_down(sp - 0x10, 0x10) + 8;
emu.reg(x64_register::rsp, sp);
}
void setup_stack(x64_emulator& emu, const uint64_t stack_base, const size_t stack_size)
{
emu.allocate_memory(stack_base, stack_size, memory_permission::read_write);
@@ -701,6 +708,7 @@ namespace
emu.reg(x64_register::rcx, reinterpret_cast<uint64_t>(pointers.ExceptionRecord));
emu.reg(x64_register::rdx, reinterpret_cast<uint64_t>(pointers.ContextRecord));
emu.reg(x64_register::rip, dispatcher);
unalign_stack(emu);
}
void dispatch_access_violation(x64_emulator& emu, uint64_t dispatcher, const uint64_t address,
@@ -716,7 +724,7 @@ namespace
auto context = setup_context(*emu);
context.executable = *map_file(*emu, R"(C:\Users\mauri\Desktop\ConsoleApplication6.exe)");
context.executable = *map_file(*emu, R"(C:\Users\Maurice\Desktop\ConsoleApplication6.exe)");
context.peb.access([&](PEB& peb)
{
@@ -753,7 +761,7 @@ namespace
emu->hook_interrupt([&](int interrupt)
{
printf("Interrupt: %i\n", interrupt);
printf("Interrupt: %i %llX\n", interrupt, emu->read_instruction_pointer());
});
emu->hook_memory_violation([&](const uint64_t address, const size_t size, const memory_operation operation,
@@ -781,11 +789,11 @@ namespace
watch_object(*emu, context.process_params);
watch_object(*emu, context.kusd);
*/
/*emu->hook_memory_execution(0, std::numeric_limits<size_t>::max(), [&](const uint64_t address, const size_t)
emu->hook_memory_execution(0, std::numeric_limits<size_t>::max(), [&](const uint64_t address, const size_t)
{
if (address == 0x1800D52F4)
if (!context.verbose)
{
//emu->stop();
return;
}
printf(
@@ -794,11 +802,13 @@ namespace
emu->reg(x64_register::rax), emu->reg(x64_register::rbx), emu->reg(x64_register::rcx),
emu->reg(x64_register::rdx), emu->reg(x64_register::r8), emu->reg(x64_register::r9),
emu->reg(x64_register::rdi), emu->reg(x64_register::rsi));
});*/
});
CONTEXT ctx{};
ctx.ContextFlags = CONTEXT_ALL;
unalign_stack(*emu);
context_frame::save(*emu, ctx);
ctx.Rip = rtl_user_thread_start;
@@ -807,6 +817,8 @@ namespace
const auto ctx_obj = allocate_object_on_stack<CONTEXT>(*emu);
ctx_obj.write(ctx);
unalign_stack(*emu);
emu->reg(x64_register::rcx, ctx_obj.value());
emu->reg(x64_register::rdx, context.ntdll.image_base);
emu->reg(x64_register::rip, ldr_initialize_thunk);

2
src/windows_emulator/process_context.hpp
View File

@@ -51,4 +51,6 @@ struct process_context
std::map<uint32_t, HANDLE> os_handles{};
std::map<uint32_t, std::wstring> files{};
emulator_allocator gs_segment{};
bool verbose{false};
};

16
src/windows_emulator/syscalls.cpp
View File

@@ -123,23 +123,33 @@ namespace
return resolve_argument<T>(emu, index++);
}
void write_status(const syscall_context& c, const NTSTATUS status)
void write_status(const syscall_context& c, const NTSTATUS status, const uint64_t initial_ip)
{
if (c.write_status)
{
c.emu.reg<uint64_t>(x64_register::rax, static_cast<uint64_t>(status));
}
const auto new_ip = c.emu.read_instruction_pointer();
if (initial_ip != new_ip)
{
c.emu.reg(x64_register::rip, new_ip - 2);
}
}
void forward(const syscall_context& c, NTSTATUS (*handler)())
{
const auto ip = c.emu.read_instruction_pointer();
const auto ret = handler();
write_status(c, ret);
write_status(c, ret, ip);
}
template <typename... Args>
void forward(const syscall_context& c, NTSTATUS (*handler)(const syscall_context&, Args...))
{
const auto ip = c.emu.read_instruction_pointer();
size_t index = 0;
std::tuple<const syscall_context&, Args...> func_args
{
@@ -148,7 +158,7 @@ namespace
};
const auto ret = std::apply(handler, std::move(func_args));
write_status(c, ret);
write_status(c, ret, ip);
}
NTSTATUS handle_NtQueryPerformanceCounter(const syscall_context&,