From 5171ef63dc7f49435abfe0496b6e064ec48d5a88 Mon Sep 17 00:00:00 2001 From: brian Date: Fri, 5 Dec 2025 20:14:35 +0800 Subject: [PATCH] Fix deserialization of optional WOW64 emulator_object members (PEB32/params32) --- src/windows-emulator/emulator_utils.hpp | 7 +++++++ src/windows-emulator/process_context.cpp | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/src/windows-emulator/emulator_utils.hpp b/src/windows-emulator/emulator_utils.hpp index 722774aa..549ea72a 100644 --- a/src/windows-emulator/emulator_utils.hpp +++ b/src/windows-emulator/emulator_utils.hpp @@ -66,6 +66,8 @@ class emulator_object public: using value_type = T; + emulator_object() = default; + emulator_object(const x64_emulator_wrapper& wrapper, const uint64_t address = 0) : emulator_object(wrapper.get(), address) { @@ -158,6 +160,11 @@ class emulator_object this->address_ = address; } + void set_memory_interface(memory_interface& memory) + { + this->memory_ = &memory; + } + emulator_object shift(const int64_t offset) const { return emulator_object(*this->memory_, this->address_ + offset); diff --git a/src/windows-emulator/process_context.cpp b/src/windows-emulator/process_context.cpp index fd275378..7863ea06 100644 --- a/src/windows-emulator/process_context.cpp +++ b/src/windows-emulator/process_context.cpp @@ -481,6 +481,15 @@ void process_context::deserialize(utils::buffer_deserializer& buffer) buffer.read_optional(this->process_params32); buffer.read(this->kusd); + if (this->peb32.has_value()) + { + this->peb32->set_memory_interface(*this->peb64.get_memory_interface()); + } + if (this->process_params32.has_value()) + { + this->process_params32->set_memory_interface(*this->peb64.get_memory_interface()); + } + buffer.read(this->is_wow64_process); buffer.read(this->ntdll_image_base); buffer.read(this->ldr_initialize_thunk);