Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-02-01 19:15:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

More syscalls

Browse Source
This commit is contained in:
momo5502
2024-08-31 21:20:20 +02:00
parent 477eef2d6a
commit 3ead613d2c
2 changed files with 74 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/windows_emulator/main.cpp
View File

@@ -282,7 +282,7 @@ namespace
context.process_params.access([&](RTL_USER_PROCESS_PARAMETERS& proc_params) context.process_params.access([&](RTL_USER_PROCESS_PARAMETERS& proc_params)
{ {
proc_params.Length = sizeof(proc_params); proc_params.Length = sizeof(proc_params);
proc_params.Flags = 0x6001 | 0x80000000; // Prevent CsrClientConnectToServer proc_params.Flags = 0x6001 | 0x80000000; // Prevent CsrClientConnectToServer
proc_params.ConsoleHandle = reinterpret_cast<HANDLE>(CONSOLE_HANDLE); proc_params.ConsoleHandle = reinterpret_cast<HANDLE>(CONSOLE_HANDLE);
proc_params.StandardOutput = reinterpret_cast<HANDLE>(STDOUT_HANDLE); proc_params.StandardOutput = reinterpret_cast<HANDLE>(STDOUT_HANDLE);
@@ -578,10 +578,6 @@ namespace
const auto entry1 = find_exported_function(context.ntdll.exports, "LdrInitializeThunk"); const auto entry1 = find_exported_function(context.ntdll.exports, "LdrInitializeThunk");
const auto entry2 = find_exported_function(context.ntdll.exports, "RtlUserThreadStart"); const auto entry2 = find_exported_function(context.ntdll.exports, "RtlUserThreadStart");
(void)entry1;
(void)entry2;
syscall_dispatcher dispatcher{context.ntdll.exports}; syscall_dispatcher dispatcher{context.ntdll.exports};
emu->hook_instruction(x64_hookable_instructions::syscall, [&] emu->hook_instruction(x64_hookable_instructions::syscall, [&]
@@ -610,6 +606,11 @@ namespace
});*/ });*/
const auto execution_context = context.gs_segment.reserve<CONTEXT>(); const auto execution_context = context.gs_segment.reserve<CONTEXT>();
execution_context.access([&](CONTEXT& c)
{
c.Rip = entry2;
c.Rsp = emu->reg(x64_register::rsp);
});
emu->reg(x64_register::rcx, execution_context.value()); emu->reg(x64_register::rcx, execution_context.value());
emu->reg(x64_register::rdx, context.ntdll.image_base); emu->reg(x64_register::rdx, context.ntdll.image_base);

70
src/windows_emulator/syscalls.cpp
View File

@@ -27,7 +27,6 @@ namespace
} }
} }
bool is_uppercase(const char character) bool is_uppercase(const char character)
{ {
return toupper(character) == character; return toupper(character) == character;
@@ -178,6 +177,28 @@ namespace
c.emu.reg<int64_t>(x64_register::rax, ret); c.emu.reg<int64_t>(x64_register::rax, ret);
} }
void apply_context(x64_emulator& emu, const CONTEXT& context)
{
emu.reg(x64_register::rax, context.Rax);
emu.reg(x64_register::rbx, context.Rbx);
emu.reg(x64_register::rcx, context.Rcx);
emu.reg(x64_register::rdx, context.Rdx);
emu.reg(x64_register::rsp, context.Rsp);
emu.reg(x64_register::rbp, context.Rbp);
emu.reg(x64_register::rsi, context.Rsi);
emu.reg(x64_register::rdi, context.Rdi);
emu.reg(x64_register::r8, context.R8);
emu.reg(x64_register::r9, context.R9);
emu.reg(x64_register::r10, context.R10);
emu.reg(x64_register::r11, context.R11);
emu.reg(x64_register::r12, context.R12);
emu.reg(x64_register::r13, context.R13);
emu.reg(x64_register::r14, context.R14);
emu.reg(x64_register::r15, context.R15);
emu.reg(x64_register::rip, context.Rip);
}
NTSTATUS handle_NtQueryPerformanceCounter(const syscall_context&, NTSTATUS handle_NtQueryPerformanceCounter(const syscall_context&,
const emulator_object<LARGE_INTEGER> performance_counter, const emulator_object<LARGE_INTEGER> performance_counter,
const emulator_object<LARGE_INTEGER> performance_frequency) const emulator_object<LARGE_INTEGER> performance_frequency)
@@ -1021,12 +1042,51 @@ namespace
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
NTSTATUS handle_NtDeviceIoControlFile(const syscall_context& c) NTSTATUS handle_NtDeviceIoControlFile()
{ {
puts("NtDeviceIoControlFile not supported"); puts("NtDeviceIoControlFile not supported");
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
NTSTATUS handle_NtQueryWnfStateData()
{
puts("NtQueryWnfStateData not supported");
return STATUS_NOT_SUPPORTED;
}
NTSTATUS handle_NtOpenProcessToken()
{
puts("NtOpenProcessToken not supported");
return STATUS_NOT_SUPPORTED;
}
NTSTATUS handle_NtQuerySecurityAttributesToken()
{
puts("NtQuerySecurityAttributesToken not supported");
return STATUS_NOT_SUPPORTED;
}
NTSTATUS handle_NtQueryLicenseValue()
{
puts("NtQueryLicenseValue not supported");
return STATUS_NOT_SUPPORTED;
}
NTSTATUS handle_NtTestAlert()
{
puts("NtTestAlert not supported");
return STATUS_NOT_SUPPORTED;
}
NTSTATUS handle_NtContinue(const syscall_context& c, const emulator_object<CONTEXT> thread_context,
const BOOLEAN raise_alert)
{
const auto context = thread_context.read();
apply_context(c.emu, context);
return STATUS_SUCCESS;
}
NTSTATUS handle_NtCreateFile(const syscall_context& c, const emulator_object<uint64_t> file_handle, NTSTATUS handle_NtCreateFile(const syscall_context& c, const emulator_object<uint64_t> file_handle,
ACCESS_MASK /*desired_access*/, ACCESS_MASK /*desired_access*/,
const emulator_object<OBJECT_ATTRIBUTES> object_attributes) const emulator_object<OBJECT_ATTRIBUTES> object_attributes)
@@ -1098,6 +1158,12 @@ syscall_dispatcher::syscall_dispatcher(const exported_symbols& ntdll_exports)
add_handler(NtConnectPort); add_handler(NtConnectPort);
add_handler(NtCreateFile); add_handler(NtCreateFile);
add_handler(NtDeviceIoControlFile); add_handler(NtDeviceIoControlFile);
add_handler(NtQueryWnfStateData);
add_handler(NtOpenProcessToken);
add_handler(NtQuerySecurityAttributesToken);
add_handler(NtQueryLicenseValue);
add_handler(NtTestAlert);
add_handler(NtContinue);
#undef add_handler #undef add_handler
} }