From 2815a74a188d71c738d9290f2754c7cebce362be Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Mon, 10 Feb 2025 16:58:57 +0100
Subject: [PATCH] Setup PEB image base

---
 src/common/platform/kernel_mapped.hpp     |  2 +-
 src/windows-emulator/windows_emulator.cpp | 13 +++++--------
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/common/platform/kernel_mapped.hpp b/src/common/platform/kernel_mapped.hpp
index 5d7dcb85..9a18cb21 100644
--- a/src/common/platform/kernel_mapped.hpp
+++ b/src/common/platform/kernel_mapped.hpp
@@ -250,7 +250,7 @@ typedef struct _PEB64
 
     EmulatorTraits<Emu64>::HANDLE Mutant;
 
-    std::uint64_t* ImageBaseAddress;
+    std::uint64_t ImageBaseAddress;
     PPEB_LDR_DATA64 Ldr;
     PRTL_USER_PROCESS_PARAMETERS64 ProcessParameters;
     std::uint64_t* SubSystemData;
diff --git a/src/windows-emulator/windows_emulator.cpp b/src/windows-emulator/windows_emulator.cpp
index ae06004b..3ed9bd45 100644
--- a/src/windows-emulator/windows_emulator.cpp
+++ b/src/windows-emulator/windows_emulator.cpp
@@ -210,7 +210,7 @@ namespace
     }
 
     void setup_context(windows_emulator& win_emu, const application_settings& app_settings,
-                       const emulator_settings& emu_settings)
+                       const emulator_settings& emu_settings, const uint64_t process_image_base)
     {
         auto& emu = win_emu.emu();
         auto& context = win_emu.process;
@@ -290,7 +290,7 @@ namespace
         }
 
         context.peb.access([&](PEB64& peb) {
-            peb.ImageBaseAddress = nullptr;
+            peb.ImageBaseAddress = process_image_base;
             peb.ProcessParameters = context.process_params.ptr();
             peb.ApiSetMap = build_api_set_map(emu, allocator, apiset_loc, win_emu.emulation_root).ptr();
 
@@ -485,14 +485,11 @@ void windows_emulator::setup_process(const application_settings& app_settings, c
 
     auto& context = this->process;
 
-    setup_context(*this, app_settings, emu_settings);
+    auto* exe = this->mod_manager.map_module(app_settings.application, this->log, true);
 
-    context.executable = this->mod_manager.map_module(app_settings.application, this->log, true);
-
-    context.peb.access([&](PEB64& peb) {
-        peb.ImageBaseAddress = reinterpret_cast<std::uint64_t*>(context.executable->image_base); //
-    });
+    setup_context(*this, app_settings, emu_settings, exe->image_base);
 
+    context.executable = exe;
     context.ntdll = this->mod_manager.map_module(R"(C:\Windows\System32\ntdll.dll)", this->log, true);
     context.win32u = this->mod_manager.map_module(R"(C:\Windows\System32\win32u.dll)", this->log, true);