Log debug strings

2026-01-11 16:46:16 +00:00 · 2025-04-07 21:03:57 +02:00
parent 62c972333a
commit 3c58c1af98
4 changed files with 62 additions and 0 deletions
--- a/src/windows-emulator/handles.hpp
+++ b/src/windows-emulator/handles.hpp
@@ -407,6 +407,8 @@ constexpr auto SHARED_SECTION = make_pseudo_handle(0x1, handle_types::section);
 constexpr auto DBWIN_BUFFER = make_pseudo_handle(0x2, handle_types::section);

 constexpr auto WER_PORT_READY = make_pseudo_handle(0x1, handle_types::event);
+constexpr auto DBWIN_DATA_READY = make_pseudo_handle(0x2, handle_types::event);
+constexpr auto DBWIN_BUFFER_READY = make_pseudo_handle(0x3, handle_types::event);

 constexpr auto CONSOLE_HANDLE = make_pseudo_handle(0x1, handle_types::file);
 constexpr auto STDOUT_HANDLE = make_pseudo_handle(0x2, handle_types::file);
--- a/src/windows-emulator/process_context.cpp
+++ b/src/windows-emulator/process_context.cpp
@@ -127,6 +127,7 @@ void process_context::serialize(utils::buffer_serializer& buffer) const
 {
    buffer.write(this->current_ip);
    buffer.write(this->previous_ip);
+    buffer.write(this->dbwin_buffer);
    buffer.write_optional(this->exception_rip);
    buffer.write_optional(this->exit_status);
    buffer.write(this->base_allocator);
@@ -160,6 +161,7 @@ void process_context::deserialize(utils::buffer_deserializer& buffer)
 {
    buffer.read(this->current_ip);
    buffer.read(this->previous_ip);
+    buffer.read(this->dbwin_buffer);
    buffer.read_optional(this->exception_rip);
    buffer.read_optional(this->exit_status);
    buffer.read(this->base_allocator);
--- a/src/windows-emulator/process_context.hpp
+++ b/src/windows-emulator/process_context.hpp
@@ -59,6 +59,8 @@ struct process_context
    uint64_t current_ip{0};
    uint64_t previous_ip{0};

+    uint64_t dbwin_buffer{0};
+
    std::optional<uint64_t> exception_rip{};
    std::optional<NTSTATUS> exit_status{};

--- a/src/windows-emulator/syscalls.cpp
+++ b/src/windows-emulator/syscalls.cpp
@@ -375,6 +375,18 @@ namespace
    NTSTATUS handle_NtSetEvent(const syscall_context& c, const uint64_t handle,
                               const emulator_object<LONG> previous_state)
    {
+        if (handle == DBWIN_DATA_READY)
+        {
+            if (c.proc.dbwin_buffer)
+            {
+                constexpr auto pid_length = 4;
+                const auto debug_data = read_string<char>(c.win_emu.memory, c.proc.dbwin_buffer + pid_length);
+                c.win_emu.log.info("--> Debug string: %s\n", debug_data.c_str());
+            }
+
+            return STATUS_SUCCESS;
+        }
+
        auto* entry = c.proc.events.get(handle);
        if (!entry)
        {
@@ -488,6 +500,7 @@ namespace
            {
                name = read_unicode_string(
                    c.emu, emulator_object<UNICODE_STRING<EmulatorTraits<Emu64>>>{c.emu, attributes.ObjectName});
+                c.win_emu.log.print(color::dark_gray, "--> Mutant name: %s\n", u16_to_u8(name).c_str());
            }
        }

@@ -580,6 +593,7 @@ namespace
        const auto attributes = object_attributes.read();
        const auto name =
            read_unicode_string(c.emu, reinterpret_cast<UNICODE_STRING<EmulatorTraits<Emu64>>*>(attributes.ObjectName));
+        c.win_emu.log.print(color::dark_gray, "--> Event name: %s\n", u16_to_u8(name).c_str());

        if (name == u"\\KernelObjects\\SystemErrorPortReady")
        {
@@ -587,6 +601,18 @@ namespace
            return STATUS_SUCCESS;
        }

+        if (name == u"DBWIN_DATA_READY")
+        {
+            event_handle.write(DBWIN_DATA_READY.bits);
+            return STATUS_SUCCESS;
+        }
+
+        if (name == u"DBWIN_BUFFER_READY")
+        {
+            event_handle.write(DBWIN_BUFFER_READY.bits);
+            return STATUS_SUCCESS;
+        }
+
        for (auto& entry : c.proc.events)
        {
            if (entry.second.name == name)
@@ -763,6 +789,24 @@ namespace
            return STATUS_SUCCESS;
        }

+        if (section_handle == DBWIN_BUFFER)
+        {
+            constexpr auto dbwin_buffer_section_size = 0x1000;
+
+            const auto address = c.win_emu.memory.find_free_allocation_base(dbwin_buffer_section_size);
+            c.win_emu.memory.allocate_memory(address, dbwin_buffer_section_size, memory_permission::read_write);
+            c.proc.dbwin_buffer = address;
+
+            if (view_size)
+            {
+                view_size.write(dbwin_buffer_section_size);
+            }
+
+            base_address.write(address);
+
+            return STATUS_SUCCESS;
+        }
+
        auto* section_entry = c.proc.sections.get(section_handle);
        if (!section_entry)
        {
@@ -3537,6 +3581,18 @@ namespace
            return STATUS_NOT_SUPPORTED;
        }

+        if (!base_address)
+        {
+            return STATUS_INVALID_PARAMETER;
+        }
+
+        if (base_address == c.proc.dbwin_buffer)
+        {
+            c.proc.dbwin_buffer = 0;
+            c.win_emu.memory.release_memory(base_address, 0x1000);
+            return STATUS_SUCCESS;
+        }
+
        const auto* mod = c.win_emu.mod_manager.find_by_address(base_address);
        if (!mod)
        {