From 469052b467283915b852db1d8a1d47b9bc161dfe Mon Sep 17 00:00:00 2001 From: momo5502 Date: Sat, 14 Sep 2024 18:54:43 +0200 Subject: [PATCH] Fix windows dir --- src/windows_emulator/main.cpp | 2 +- src/windows_emulator/syscalls.cpp | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/windows_emulator/main.cpp b/src/windows_emulator/main.cpp index b25fe9ac..116a2708 100644 --- a/src/windows_emulator/main.cpp +++ b/src/windows_emulator/main.cpp @@ -83,7 +83,7 @@ namespace const auto offset = address - object.value(); printf("%s: %llX (%s) at %llX (%s)\n", i.get_type_name().c_str(), offset, i.get_member_name(offset).c_str(), rip, - emu.process().module_manager.find_name(rip)); + emu.process().module_manager.find_name(rip)); }); } diff --git a/src/windows_emulator/syscalls.cpp b/src/windows_emulator/syscalls.cpp index 1aed94dd..9a22e2b9 100644 --- a/src/windows_emulator/syscalls.cpp +++ b/src/windows_emulator/syscalls.cpp @@ -448,6 +448,29 @@ namespace c.emu.allocate_memory(address, c.proc.shared_section_size, memory_permission::read_write); + size_t windows_dir_size{}; + c.proc.kusd.access([&](const KUSER_SHARED_DATA& kusd) + { + const std::wstring_view windows_dir = kusd.NtSystemRoot.arr; + windows_dir_size = windows_dir.size() * 2; + }); + + constexpr auto windows_dir_offset = 0x10; + c.emu.write_memory(address + 8, windows_dir_offset); + + const auto obj_address = address + windows_dir_offset; + + const emulator_object obj{c.emu, obj_address }; + obj.access([&](UNICODE_STRING& ucs) + { + const auto dir_address = c.proc.kusd.value() + offsetof(KUSER_SHARED_DATA, NtSystemRoot); + + ucs.Buffer = reinterpret_cast(dir_address - obj_address); + ucs.Length = static_cast(windows_dir_size); + ucs.MaximumLength = ucs.Length; + + }); + if (view_size.value()) { view_size.write(c.proc.shared_section_size);