From 4de6813c0937800d93e4336c08781a3d6f1207e2 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sun, 22 Dec 2024 16:45:31 +0100
Subject: [PATCH] Support DLL unmapping

---
 .../module/module_manager.cpp                 | 14 +++++++++
 .../module/module_manager.hpp                 |  2 ++
 src/windows-emulator/syscalls.cpp             | 30 +++++++++++++++----
 3 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/src/windows-emulator/module/module_manager.cpp b/src/windows-emulator/module/module_manager.cpp
index 42e367f8..3f37fadd 100644
--- a/src/windows-emulator/module/module_manager.cpp
+++ b/src/windows-emulator/module/module_manager.cpp
@@ -101,3 +101,17 @@ void module_manager::deserialize(utils::buffer_deserializer& buffer)
 {
 	buffer.read_map(this->modules_);
 }
+
+bool module_manager::unmap(const uint64_t address)
+{
+	const auto mod = this->modules_.find(address);
+	if (mod == this->modules_.end())
+	{
+		return false;
+	}
+
+	unmap_module(*this->emu_, mod->second);
+	this->modules_.erase(mod);
+
+	return true;
+}
diff --git a/src/windows-emulator/module/module_manager.hpp b/src/windows-emulator/module/module_manager.hpp
index 361890e0..3f5fb255 100644
--- a/src/windows-emulator/module/module_manager.hpp
+++ b/src/windows-emulator/module/module_manager.hpp
@@ -36,6 +36,8 @@ public:
 	void serialize(utils::buffer_serializer& buffer) const;
 	void deserialize(utils::buffer_deserializer& buffer);
 
+	bool unmap(const uint64_t address);
+
 private:
 	emulator* emu_{};
 
diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp
index 85aa563d..439e5ff6 100644
--- a/src/windows-emulator/syscalls.cpp
+++ b/src/windows-emulator/syscalls.cpp
@@ -325,6 +325,22 @@ namespace
 			return STATUS_SUCCESS;
 		}
 
+		if (info_class == ThreadZeroTlsCell)
+		{
+			if (thread_information_length != sizeof(ULONG))
+			{
+				return STATUS_BUFFER_OVERFLOW;
+			}
+
+			const auto tls_index = c.emu.read_memory<ULONG>(thread_information);
+			const auto teb = thread->teb->read();
+
+			auto* tls_vector = static_cast<PVOID*>(teb.ThreadLocalStoragePointer);
+			c.emu.write_memory<void*>(tls_vector + tls_index, nullptr);
+
+			return STATUS_SUCCESS;
+		}
+
 		printf("Unsupported thread info class: %X\n", info_class);
 		c.emu.stop();
 		return STATUS_NOT_SUPPORTED;
@@ -2792,14 +2808,16 @@ namespace
 		if (!mod)
 		{
 			puts("Unmapping non-module section not supported!");
-		}
-		else
-		{
-			printf("Unmapping section %s not supported!\n", mod->name.c_str());
+			c.emu.stop();
+			return STATUS_NOT_SUPPORTED;
 		}
 
-		c.emu.stop();
-		return STATUS_NOT_SUPPORTED;
+		if (c.proc.module_manager.unmap(base_address))
+		{
+			return STATUS_SUCCESS;
+		}
+
+		return STATUS_INVALID_PARAMETER;
 	}
 
 	NTSTATUS handle_NtCreateThreadEx(const syscall_context& c, const emulator_object<handle> thread_handle,