Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-11 16:46:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added additional vmp compatibility

Browse Source
This commit is contained in:
thejanit0r
2026-01-04 09:33:54 +01:00
parent 0de53515ed
commit 29b8ec4072
4 changed files with 39 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/windows-emulator/memory_utils.hpp
View File

@@ -31,6 +31,10 @@ inline std::optional<nt_memory_permission> try_map_nt_to_emulator_protection(uin
ext = memory_permission_ext::guard; ext = memory_permission_ext::guard;
} }
// Remove the highest nibble since we are not currently handling those memory protection constants
// https://github.com/winsiderss/phnt/blob/master/ntmmapi.h#L26
nt_protection &= ~0xF0000000;
memory_permission common = memory_permission::none; memory_permission common = memory_permission::none;
switch (nt_protection) switch (nt_protection)
{ {

4
src/windows-emulator/syscalls/object.cpp
View File

@@ -8,8 +8,10 @@ namespace syscalls
{ {
const auto value = h.value; const auto value = h.value;
if (h.h == 0xDEADC0DE) if (h.h == 0xDEADC0DE || h.h == 0xDEADBEEF)
{ {
c.win_emu.callbacks.on_suspicious_activity("Anti-debug check with invalid handle");
return STATUS_INVALID_HANDLE; return STATUS_INVALID_HANDLE;
} }

31
src/windows-emulator/syscalls/process.cpp
View File

@@ -15,6 +15,8 @@ namespace syscalls
return STATUS_NOT_SUPPORTED; return STATUS_NOT_SUPPORTED;
} }
const auto return_length_info = c.win_emu.memory.get_region_info(return_length.value());
switch (info_class) switch (info_class)
{ {
case ProcessExecuteFlags: case ProcessExecuteFlags:
@@ -62,6 +64,24 @@ namespace syscalls
}); });
case ProcessDebugObjectHandle: case ProcessDebugObjectHandle:
c.win_emu.callbacks.on_suspicious_activity("Anti-debug check with ProcessDebugObjectHandle");
if ((process_information & 3) != 0)
{
return STATUS_DATATYPE_MISALIGNMENT;
}
if (return_length.value() == 0)
{
return STATUS_PORT_NOT_SET;
}
if (!return_length_info.is_reserved)
{
return STATUS_ACCESS_VIOLATION;
}
return handle_query<handle>(c.emu, process_information, process_information_length, return_length, [](handle& h) { return handle_query<handle>(c.emu, process_information, process_information_length, return_length, [](handle& h) {
h = NULL_HANDLE; h = NULL_HANDLE;
return STATUS_PORT_NOT_SET; return STATUS_PORT_NOT_SET;
@@ -75,6 +95,13 @@ namespace syscalls
}); });
case ProcessDebugPort: case ProcessDebugPort:
c.win_emu.callbacks.on_suspicious_activity("Anti-debug check with ProcessDebugPort");
return handle_query<EmulatorTraits<Emu64>::PVOID>(c.emu, process_information, process_information_length, return_length,
[](EmulatorTraits<Emu64>::PVOID& ptr) {
ptr = 0; //
});
case ProcessDeviceMap: case ProcessDeviceMap:
return handle_query<EmulatorTraits<Emu64>::PVOID>(c.emu, process_information, process_information_length, return_length, return handle_query<EmulatorTraits<Emu64>::PVOID>(c.emu, process_information, process_information_length, return_length,
[](EmulatorTraits<Emu64>::PVOID& ptr) { [](EmulatorTraits<Emu64>::PVOID& ptr) {
@@ -202,7 +229,8 @@ namespace syscalls
|| info_class == ProcessDynamicFunctionTableInformation // || info_class == ProcessDynamicFunctionTableInformation //
|| info_class == ProcessPriorityBoost // || info_class == ProcessPriorityBoost //
|| info_class == ProcessPriorityClassEx // || info_class == ProcessPriorityClassEx //
|| info_class == ProcessPriorityClass) || info_class == ProcessPriorityClass
|| info_class == ProcessAffinityMask)
{ {
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
@@ -333,6 +361,7 @@ namespace syscalls
PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION info; PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION info;
c.emu.read_memory(process_information, &info, sizeof(PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION)); c.emu.read_memory(process_information, &info, sizeof(PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION));
c.win_emu.callbacks.on_suspicious_activity("Setting ProcessInstrumentationCallback");
c.proc.instrumentation_callback = info.Callback; c.proc.instrumentation_callback = info.Callback;

2
src/windows-emulator/syscalls/thread.cpp
View File

@@ -309,6 +309,8 @@ namespace syscalls
const emulator_object<BOOLEAN> info{c.emu, thread_information}; const emulator_object<BOOLEAN> info{c.emu, thread_information};
info.write(cur_emulator_thread.debugger_hide); info.write(cur_emulator_thread.debugger_hide);
c.win_emu.callbacks.on_suspicious_activity("Checking if the thread is hidden from the debugger");
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }