From 5c70f780d10cb878bfb20291d967d27cd045b818 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sat, 19 Apr 2025 08:01:47 +0200
Subject: [PATCH 01/14] Archive more dlls

---
 src/tools/create-root.bat | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/tools/create-root.bat b/src/tools/create-root.bat
index 6bd1bd34..79c92815 100644
--- a/src/tools/create-root.bat
+++ b/src/tools/create-root.bat
@@ -111,6 +111,12 @@ CALL :collect shcore.dll
 CALL :collect diagnosticdatasettings.dll
 CALL :collect mswsock.dll
 CALL :collect umpdc.dll
+CALL :collect pdh.dll
+CALL :collect dxva2.dll
+CALL :collect propsys.dll
+CALL :collect wintypes.dll
+CALL :collect slwga.dll
+CALL :collect sppc.dll
 
 CALL :collect locale.nls
 

From 22c3d0bc7ce3ce29339a412fbda75c5e86fac008 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sat, 19 Apr 2025 08:02:03 +0200
Subject: [PATCH 02/14] Watch objects in detail only with verbose logging

---
 src/analyzer/main.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/analyzer/main.cpp b/src/analyzer/main.cpp
index 1b9ce5a4..96fb1a67 100644
--- a/src/analyzer/main.cpp
+++ b/src/analyzer/main.cpp
@@ -252,7 +252,7 @@ namespace
         win_emu->log.log("Using emulator: %s\n", win_emu->emu().get_name().c_str());
 
         (void)&watch_system_objects;
-        watch_system_objects(*win_emu, options.modules, options.concise_logging);
+        watch_system_objects(*win_emu, options.modules, !options.verbose_logging);
         win_emu->buffer_stdout = options.buffer_stdout;
 
         if (options.silent)

From 662db697a772f1084ed7c535446b04a1abe143e6 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sat, 19 Apr 2025 08:13:31 +0200
Subject: [PATCH 03/14] Watch system objects everywhere

---
 src/analyzer/main.cpp | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/analyzer/main.cpp b/src/analyzer/main.cpp
index 96fb1a67..353682e4 100644
--- a/src/analyzer/main.cpp
+++ b/src/analyzer/main.cpp
@@ -56,11 +56,6 @@ namespace
     void watch_system_objects(windows_emulator& win_emu, const std::set<std::string, std::less<>>& modules,
                               const bool cache_logging)
     {
-        (void)win_emu;
-        (void)modules;
-        (void)cache_logging;
-
-#ifdef OS_WINDOWS
         watch_object(win_emu, modules, *win_emu.current_thread().teb, cache_logging);
         watch_object(win_emu, modules, win_emu.process.peb, cache_logging);
         watch_object(win_emu, modules, emulator_object<KUSER_SHARED_DATA64>{win_emu.emu(), kusd_mmio::address()},
@@ -84,7 +79,6 @@ namespace
                     params_hook = watch_object(win_emu, modules, obj, cache_logging);
                 }
             });
-#endif
     }
 
     bool read_yes_no_answer()

From 2d7aecc3f40646d765209850bc698b5fd24cc323 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sat, 19 Apr 2025 08:25:47 +0200
Subject: [PATCH 04/14] Fix warnings

---
 src/analyzer/object_watching.hpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/analyzer/object_watching.hpp b/src/analyzer/object_watching.hpp
index 4d700d4c..79f94614 100644
--- a/src/analyzer/object_watching.hpp
+++ b/src/analyzer/object_watching.hpp
@@ -32,8 +32,8 @@ emulator_hook* watch_object(windows_emulator& emu, const std::set<std::string, s
 
             const auto offset = address - object.value();
             emu.log.print(is_main_access ? color::green : color::dark_gray,
-                          "Object access: %s - 0x%llX (%s) at 0x%llX (%s)\n", i.get_type_name().c_str(), offset,
-                          i.get_member_name(static_cast<size_t>(offset)).c_str(), rip,
+                          "Object access: %s - 0x%" PRIx64 " (%s) at 0x" PRIx64 " (%s)\n", i.get_type_name().c_str(),
+                          offset, i.get_member_name(static_cast<size_t>(offset)).c_str(), rip,
                           mod ? mod->name.c_str() : "<N/A>");
         });
 }

From b5c37e6a928fa366ed1e580b596b2761d71f1b27 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sat, 19 Apr 2025 08:25:58 +0200
Subject: [PATCH 05/14] Disable object watching for GCC

---
 src/analyzer/main.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/analyzer/main.cpp b/src/analyzer/main.cpp
index 353682e4..ec943fa0 100644
--- a/src/analyzer/main.cpp
+++ b/src/analyzer/main.cpp
@@ -56,6 +56,11 @@ namespace
     void watch_system_objects(windows_emulator& win_emu, const std::set<std::string, std::less<>>& modules,
                               const bool cache_logging)
     {
+        (void)win_emu;
+        (void)modules;
+        (void)cache_logging;
+
+#if !defined(__GNUC__) || defined(__clang__)
         watch_object(win_emu, modules, *win_emu.current_thread().teb, cache_logging);
         watch_object(win_emu, modules, win_emu.process.peb, cache_logging);
         watch_object(win_emu, modules, emulator_object<KUSER_SHARED_DATA64>{win_emu.emu(), kusd_mmio::address()},
@@ -79,6 +84,7 @@ namespace
                     params_hook = watch_object(win_emu, modules, obj, cache_logging);
                 }
             });
+#endif
     }
 
     bool read_yes_no_answer()

From 3e53325c03481a2f6cc146bb4c88c2385bfa9ebd Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sat, 19 Apr 2025 08:35:50 +0200
Subject: [PATCH 06/14] Fix compilation

---
 src/analyzer/object_watching.hpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/analyzer/object_watching.hpp b/src/analyzer/object_watching.hpp
index 79f94614..dd77c4b3 100644
--- a/src/analyzer/object_watching.hpp
+++ b/src/analyzer/object_watching.hpp
@@ -2,6 +2,7 @@
 
 #include "reflect_type_info.hpp"
 #include <set>
+#include <cinttypes>
 
 template <typename T>
 emulator_hook* watch_object(windows_emulator& emu, const std::set<std::string, std::less<>>& modules,
@@ -31,9 +32,12 @@ emulator_hook* watch_object(windows_emulator& emu, const std::set<std::string, s
             }
 
             const auto offset = address - object.value();
+            const auto* mod_name = mod ? mod->name.c_str() : "<N/A>";
+            const auto& type_name = i.get_type_name();
+            const auto member_name = i.get_member_name(static_cast<size_t>(offset));
+
             emu.log.print(is_main_access ? color::green : color::dark_gray,
-                          "Object access: %s - 0x%" PRIx64 " (%s) at 0x" PRIx64 " (%s)\n", i.get_type_name().c_str(),
-                          offset, i.get_member_name(static_cast<size_t>(offset)).c_str(), rip,
-                          mod ? mod->name.c_str() : "<N/A>");
+                          "Object access: %s - 0x%" PRIx64 " (%s) at 0x%" PRIx64 " (%s)\n", type_name.c_str(), offset,
+                          member_name.c_str(), rip, mod_name);
         });
 }

From 5b09ec1aad83d6ac6a6813ef9af983a6d9db93bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 19 Apr 2025 06:58:06 +0000
Subject: [PATCH 07/14] Bump deps/reflect from `e85c958` to `68d8fd0`

Bumps [deps/reflect](https://github.com/qlibs/reflect) from `e85c958` to `68d8fd0`.
- [Release notes](https://github.com/qlibs/reflect/releases)
- [Commits](https://github.com/qlibs/reflect/compare/e85c958d22b3ca3cb79cc91f7e547f2e5eb0872f...68d8fd0913711c1ac161af273f0bc1a4153601f8)

---
updated-dependencies:
- dependency-name: deps/reflect
  dependency-version: 68d8fd0913711c1ac161af273f0bc1a4153601f8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 deps/reflect | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deps/reflect b/deps/reflect
index e85c958d..68d8fd09 160000
--- a/deps/reflect
+++ b/deps/reflect
@@ -1 +1 @@
-Subproject commit e85c958d22b3ca3cb79cc91f7e547f2e5eb0872f
+Subproject commit 68d8fd0913711c1ac161af273f0bc1a4153601f8

From 056eccd8c0475e6d50e32373dadccd91d9ffef7b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 19 Apr 2025 06:58:07 +0000
Subject: [PATCH 08/14] Bump deps/googletest from `e90fe24` to `155b337`

Bumps [deps/googletest](https://github.com/google/googletest) from `e90fe24` to `155b337`.
- [Release notes](https://github.com/google/googletest/releases)
- [Commits](https://github.com/google/googletest/compare/e90fe2485641bab0d6af4500192dc503384950d1...155b337c938a2953e5675f9dc18c99f05f4c85d0)

---
updated-dependencies:
- dependency-name: deps/googletest
  dependency-version: 155b337c938a2953e5675f9dc18c99f05f4c85d0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 deps/googletest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deps/googletest b/deps/googletest
index e90fe248..155b337c 160000
--- a/deps/googletest
+++ b/deps/googletest
@@ -1 +1 @@
-Subproject commit e90fe2485641bab0d6af4500192dc503384950d1
+Subproject commit 155b337c938a2953e5675f9dc18c99f05f4c85d0

From a8d25b0a5c6163d11b5c53c11ea744c17013a8c6 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sat, 19 Apr 2025 09:23:01 +0200
Subject: [PATCH 09/14] Save another DLL

---
 src/tools/create-root.bat | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tools/create-root.bat b/src/tools/create-root.bat
index 79c92815..975b7bea 100644
--- a/src/tools/create-root.bat
+++ b/src/tools/create-root.bat
@@ -117,6 +117,7 @@ CALL :collect propsys.dll
 CALL :collect wintypes.dll
 CALL :collect slwga.dll
 CALL :collect sppc.dll
+CALL :collect kernel.appcore.dll
 
 CALL :collect locale.nls
 

From 30a750dea584bf97c468a1d3aac61a1194dc0f69 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sat, 19 Apr 2025 09:41:27 +0200
Subject: [PATCH 10/14] Allow consuming up to 4gb of memory with emscripten

---
 cmake/compiler-env.cmake | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmake/compiler-env.cmake b/cmake/compiler-env.cmake
index d9d09c5c..2840e536 100644
--- a/cmake/compiler-env.cmake
+++ b/cmake/compiler-env.cmake
@@ -100,6 +100,7 @@ if(CMAKE_SYSTEM_NAME MATCHES "Emscripten")
     -sASSERTIONS
     -sWASM_BIGINT
     -sUSE_OFFSET_CONVERTER
+    -sMAXIMUM_MEMORY=4gb
     #-sEXCEPTION_CATCHING_ALLOWED=[..]
     -sEXIT_RUNTIME
     #-sASYNCIFY
@@ -109,7 +110,6 @@ if(CMAKE_SYSTEM_NAME MATCHES "Emscripten")
     add_link_options(
       -lnodefs.js -sNODERAWFS=1
       -sENVIRONMENT=node
-      -sMAXIMUM_MEMORY=4gb
       --pre-js ${CMAKE_CURRENT_LIST_DIR}/misc/node-pre-script.js
     )
   else() 

From 5d19803020e876ca5d075f26f279893d9554f52b Mon Sep 17 00:00:00 2001
From: Igor Pissolati <igo08an@hotmail.com>
Date: Sat, 19 Apr 2025 16:29:47 -0300
Subject: [PATCH 11/14] Fix NtOpenSection

---
 src/windows-emulator/syscalls/section.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/windows-emulator/syscalls/section.cpp b/src/windows-emulator/syscalls/section.cpp
index 3bcaaa90..bb0aa437 100644
--- a/src/windows-emulator/syscalls/section.cpp
+++ b/src/windows-emulator/syscalls/section.cpp
@@ -82,7 +82,8 @@ namespace syscalls
             return STATUS_NOT_SUPPORTED;
         }
 
-        if (attributes.RootDirectory != KNOWN_DLLS_DIRECTORY)
+        if (attributes.RootDirectory != KNOWN_DLLS_DIRECTORY &&
+            attributes.RootDirectory != BASE_NAMED_OBJECTS_DIRECTORY)
         {
             c.win_emu.log.error("Unsupported section\n");
             c.emu.stop();

From c702bedaee6db0ba34b9e5c3866b8f223981d8c1 Mon Sep 17 00:00:00 2001
From: Igor Pissolati <igo08an@hotmail.com>
Date: Sat, 19 Apr 2025 16:33:34 -0300
Subject: [PATCH 12/14] Add 3 new syscall handlers

---
 src/windows-emulator/syscalls.cpp        | 15 ++++++++++++++-
 src/windows-emulator/syscalls/file.cpp   | 20 +++++++++++++++++++-
 src/windows-emulator/syscalls/thread.cpp |  7 +++++++
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp
index bf18f69c..77830139 100644
--- a/src/windows-emulator/syscalls.cpp
+++ b/src/windows-emulator/syscalls.cpp
@@ -109,6 +109,8 @@ namespace syscalls
                                     emulator_object<IO_STATUS_BLOCK<EmulatorTraits<Emu64>>> io_status_block,
                                     ULONG fs_control_code, uint64_t input_buffer, ULONG input_buffer_length,
                                     uint64_t output_buffer, ULONG output_buffer_length);
+    NTSTATUS handle_NtFlushBuffersFile(const syscall_context& c, handle file_handle,
+                                       emulator_object<IO_STATUS_BLOCK<EmulatorTraits<Emu64>>> /*io_status_block*/);
 
     // syscalls/locale.cpp:
     NTSTATUS handle_NtInitializeNlsFiles(const syscall_context& c, emulator_object<uint64_t> base_address,
@@ -269,6 +271,9 @@ namespace syscalls
     NTSTATUS handle_NtQueryInformationThread(const syscall_context& c, handle thread_handle, uint32_t info_class,
                                              uint64_t thread_information, uint32_t thread_information_length,
                                              emulator_object<uint32_t> return_length);
+    NTSTATUS handle_NtOpenThread(const syscall_context&, handle thread_handle, ACCESS_MASK /*desired_access*/,
+                                 emulator_object<OBJECT_ATTRIBUTES<EmulatorTraits<Emu64>>> /*object_attributes*/,
+                                 emulator_pointer /*client_id*/);
     NTSTATUS handle_NtOpenThreadToken(const syscall_context&, handle thread_handle, ACCESS_MASK /*desired_access*/,
                                       BOOLEAN /*open_as_self*/, emulator_object<handle> token_handle);
     NTSTATUS handle_NtOpenThreadTokenEx(const syscall_context& c, handle thread_handle, ACCESS_MASK desired_access,
@@ -643,6 +648,11 @@ namespace syscalls
     {
         return 0;
     }
+
+    NTSTATUS handle_NtUserGetProcessWindowStation()
+    {
+        return NULL;
+    }
 }
 
 void syscall_dispatcher::add_handlers(std::map<std::string, syscall_handler>& handler_mapping)
@@ -663,6 +673,7 @@ void syscall_dispatcher::add_handlers(std::map<std::string, syscall_handler>& ha
     add_handler(NtSetInformationVirtualMemory);
     add_handler(NtFreeVirtualMemory);
     add_handler(NtQueryVirtualMemory);
+    add_handler(NtOpenThread);
     add_handler(NtOpenThreadToken);
     add_handler(NtOpenThreadTokenEx);
     add_handler(NtQueryPerformanceCounter);
@@ -788,6 +799,8 @@ void syscall_dispatcher::add_handlers(std::map<std::string, syscall_handler>& ha
     add_handler(NtCreateNamedPipeFile);
     add_handler(NtFsControlFile);
     add_handler(NtQueryFullAttributesFile);
+    add_handler(NtFlushBuffersFile);
+    add_handler(NtUserGetProcessWindowStation);
 
 #undef add_handler
-}
+}
\ No newline at end of file
diff --git a/src/windows-emulator/syscalls/file.cpp b/src/windows-emulator/syscalls/file.cpp
index 006e3ba2..730b6e9e 100644
--- a/src/windows-emulator/syscalls/file.cpp
+++ b/src/windows-emulator/syscalls/file.cpp
@@ -846,4 +846,22 @@ namespace syscalls
 
         return STATUS_NOT_SUPPORTED;
     }
-}
+
+    NTSTATUS handle_NtFlushBuffersFile(const syscall_context& c, const handle file_handle,
+                                       const emulator_object<IO_STATUS_BLOCK<EmulatorTraits<Emu64>>> /*io_status_block*/)
+    {
+        if (file_handle == STDOUT_HANDLE)
+        {
+            return STATUS_SUCCESS;
+        }
+
+        const auto* f = c.proc.files.get(file_handle);
+        if (!f)
+        {
+            return STATUS_INVALID_HANDLE;
+        }
+
+        (void)fflush(f->handle);
+        return STATUS_SUCCESS;
+    }
+}
\ No newline at end of file
diff --git a/src/windows-emulator/syscalls/thread.cpp b/src/windows-emulator/syscalls/thread.cpp
index 827dc0e1..4952759e 100644
--- a/src/windows-emulator/syscalls/thread.cpp
+++ b/src/windows-emulator/syscalls/thread.cpp
@@ -239,6 +239,13 @@ namespace syscalls
         return STATUS_NOT_SUPPORTED;
     }
 
+    NTSTATUS handle_NtOpenThread(const syscall_context&, handle /*thread_handle*/, ACCESS_MASK /*desired_access*/,
+                                 emulator_object<OBJECT_ATTRIBUTES<EmulatorTraits<Emu64>>> /*object_attributes*/,
+                                 emulator_pointer /*client_id*/)
+    {
+        return STATUS_NOT_SUPPORTED;
+    }
+
     NTSTATUS handle_NtOpenThreadToken(const syscall_context&, const handle thread_handle,
                                       const ACCESS_MASK /*desired_access*/, const BOOLEAN /*open_as_self*/,
                                       const emulator_object<handle> token_handle)

From d8f8bd07f9ef632b799b11578cdf53ffab39c159 Mon Sep 17 00:00:00 2001
From: Igor Pissolati <igo08an@hotmail.com>
Date: Sat, 19 Apr 2025 17:12:27 -0300
Subject: [PATCH 13/14] Fix failed check

---
 src/windows-emulator/syscalls.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp
index 77830139..5e2e9aff 100644
--- a/src/windows-emulator/syscalls.cpp
+++ b/src/windows-emulator/syscalls.cpp
@@ -651,7 +651,7 @@ namespace syscalls
 
     NTSTATUS handle_NtUserGetProcessWindowStation()
     {
-        return NULL;
+        return 0;
     }
 }
 

From 8e48793f47e71aa08cbd96b1483e030cf3a07319 Mon Sep 17 00:00:00 2001
From: Igor Pissolati <igo08an@hotmail.com>
Date: Sat, 19 Apr 2025 17:12:41 -0300
Subject: [PATCH 14/14] Fix formatting

---
 src/windows-emulator/syscalls/file.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/windows-emulator/syscalls/file.cpp b/src/windows-emulator/syscalls/file.cpp
index 730b6e9e..17e07e0c 100644
--- a/src/windows-emulator/syscalls/file.cpp
+++ b/src/windows-emulator/syscalls/file.cpp
@@ -847,8 +847,9 @@ namespace syscalls
         return STATUS_NOT_SUPPORTED;
     }
 
-    NTSTATUS handle_NtFlushBuffersFile(const syscall_context& c, const handle file_handle,
-                                       const emulator_object<IO_STATUS_BLOCK<EmulatorTraits<Emu64>>> /*io_status_block*/)
+    NTSTATUS handle_NtFlushBuffersFile(
+        const syscall_context& c, const handle file_handle,
+        const emulator_object<IO_STATUS_BLOCK<EmulatorTraits<Emu64>>> /*io_status_block*/)
     {
         if (file_handle == STDOUT_HANDLE)
         {