Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-19 11:43:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Comprehensive WOW64 subsystem implementation (#555)

Browse Source 
# Major Features Implemented
**Core WOW64 Architecture**
1. Full TEB, PEB, and Windows structure implementations for 32-bit
processes
2. Proper thread context switching with 32-bit stack allocation
3. Configurable memory allocation with 32-bit/64-bit address space
handling
4. Automatic WOW64 process identification and handling
5. Heaven's Gate Implementation for handling exceptions

**Enhanced Emulation Features**
1. Fixed GDT setup and segment management for WOW64
2. Multi-architecture PE loading with proper import resolution
3. Segment-aware disassembly with WOW64 debugging capabilities

**Testing & Validation**
**32-bit Test Sample**: Minimal "hello" executable with full ASM source

# TODO
Needs more testing, currently in very early stages.
This commit is contained in:
Maurice Heumann
2025-10-21 20:13:01 +02:00
committed by GitHub
parent 8ef9349c37 65eecf1cfd
commit 304dbcc661
51 changed files with 3772 additions and 283 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/windows-emulator/syscalls.cpp
View File

@@ -226,6 +226,9 @@ namespace syscalls
ULONG allocation_attributes, handle file_handle);
NTSTATUS handle_NtOpenSection(const syscall_context& c, emulator_object<handle> section_handle, ACCESS_MASK /*desired_access*/,
emulator_object<OBJECT_ATTRIBUTES<EmulatorTraits<Emu64>>> object_attributes);
NTSTATUS handle_NtQuerySection(const syscall_context& c, handle section_handle, SECTION_INFORMATION_CLASS section_information_class,
uint64_t section_information, EmulatorTraits<Emu64>::SIZE_T section_information_length,
emulator_object<EmulatorTraits<Emu64>::SIZE_T> result_length);
NTSTATUS handle_NtMapViewOfSection(const syscall_context& c, handle section_handle, handle process_handle,
emulator_object<uint64_t> base_address,
EMULATOR_CAST(EmulatorTraits<Emu64>::ULONG_PTR, ULONG_PTR) /*zero_bits*/,
@@ -233,6 +236,12 @@ namespace syscalls
emulator_object<LARGE_INTEGER> /*section_offset*/,
emulator_object<EMULATOR_CAST(EmulatorTraits<Emu64>::SIZE_T, SIZE_T)> view_size,
SECTION_INHERIT /*inherit_disposition*/, ULONG /*allocation_type*/, ULONG /*win32_protect*/);
NTSTATUS handle_NtMapViewOfSectionEx(const syscall_context& c, handle section_handle, handle process_handle,
emulator_object<uint64_t> base_address, emulator_object<LARGE_INTEGER> section_offset,
emulator_object<EMULATOR_CAST(EmulatorTraits<Emu64>::SIZE_T, SIZE_T)> view_size,
ULONG allocation_type, ULONG page_protection,
uint64_t extended_parameters, // PMEM_EXTENDED_PARAMETER
ULONG extended_parameter_count);
NTSTATUS handle_NtUnmapViewOfSection(const syscall_context& c, handle process_handle, uint64_t base_address);
NTSTATUS handle_NtUnmapViewOfSectionEx(const syscall_context& c, handle process_handle, uint64_t base_address, ULONG /*flags*/);
NTSTATUS handle_NtAreMappedFilesTheSame();
@@ -495,7 +504,7 @@ namespace syscalls
NTSTATUS handle_NtGdiInit(const syscall_context& c)
{
c.proc.peb.access([&](PEB64& peb) {
c.proc.peb64.access([&](PEB64& peb) {
if (!peb.GdiSharedHandleTable)
{
const auto shared_memory = c.proc.base_allocator.reserve<GDI_SHARED_MEMORY64>();
@@ -976,6 +985,7 @@ void syscall_dispatcher::add_handlers(std::map<std::string, syscall_handler>& ha
add_handler(NtManageHotPatch);
add_handler(NtOpenSection);
add_handler(NtMapViewOfSection);
add_handler(NtMapViewOfSectionEx);
add_handler(NtOpenSymbolicLinkObject);
add_handler(NtQuerySymbolicLinkObject);
add_handler(NtQuerySystemInformationEx);
@@ -983,6 +993,7 @@ void syscall_dispatcher::add_handlers(std::map<std::string, syscall_handler>& ha
add_handler(NtQueryVolumeInformationFile);
add_handler(NtApphelpCacheControl);
add_handler(NtCreateSection);
add_handler(NtQuerySection);
add_handler(NtConnectPort);
add_handler(NtSecureConnectPort);
add_handler(NtCreateFile);