diff --git a/src/analyzer/main.cpp b/src/analyzer/main.cpp index f2bab165..a04e7c88 100644 --- a/src/analyzer/main.cpp +++ b/src/analyzer/main.cpp @@ -97,7 +97,7 @@ namespace windows_emulator win_emu{settings}; (void)&watch_system_objects; - //watch_system_objects(win_emu); + watch_system_objects(win_emu); win_emu.buffer_stdout = true; //win_emu.verbose_calls = true; diff --git a/src/analyzer/object_watching.hpp b/src/analyzer/object_watching.hpp index a9425668..19ff3a61 100644 --- a/src/analyzer/object_watching.hpp +++ b/src/analyzer/object_watching.hpp @@ -8,14 +8,24 @@ emulator_hook* watch_object(windows_emulator& emu, emulator_object object) const reflect_type_info info{}; return emu.emu().hook_memory_read(object.value(), object.size(), - [i = std::move(info), object, &emu](const uint64_t address, size_t, uint64_t) + [i = std::move(info), object, &emu]( + const uint64_t address, size_t, uint64_t) { const auto rip = emu.emu().read_instruction_pointer(); + const auto* mod = emu.process().module_manager.find_by_address(rip); + const auto is_main_access = mod == emu.process().executable; + + if (!emu.verbose_calls && !is_main_access) + { + return; + } const auto offset = address - object.value(); - emu.logger.log("Object access: %s - 0x%llX (%s) at 0x%llX (%s)\n", i.get_type_name().c_str(), - offset, - i.get_member_name(offset).c_str(), rip, - emu.process().module_manager.find_name(rip)); + emu.logger.print(is_main_access ? color::green : color::dark_gray, + "Object access: %s - 0x%llX (%s) at 0x%llX (%s)\n", + i.get_type_name().c_str(), + offset, + i.get_member_name(offset).c_str(), rip, + mod ? mod->name.c_str() : ""); }); } diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index fe6caa01..783bf10a 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -1431,6 +1431,32 @@ namespace return STATUS_INVALID_HANDLE; } + if (info_class == FileNameInformation) + { + const auto required_length = sizeof(FILE_NAME_INFORMATION) + (f->name.size() * 2); + + if (io_status_block) + { + IO_STATUS_BLOCK block{}; + block.Information = sizeof(FILE_NAME_INFORMATION) + required_length; + io_status_block.write(block); + } + + if (length != required_length) + { + return STATUS_BUFFER_OVERFLOW; + } + + c.emu.write_memory(file_information, FILE_NAME_INFORMATION{ + .FileNameLength = static_cast(f->name.size() * 2), + }); + + c.emu.write_memory(file_information + offsetof(FILE_NAME_INFORMATION, FileName), f->name.c_str(), + (f->name.size() + 1) * 2); + + return STATUS_SUCCESS; + } + if (info_class == FileStandardInformation) { if (io_status_block) @@ -1618,6 +1644,11 @@ namespace return STATUS_NOT_SUPPORTED; } + NTSTATUS handle_NtSetInformationKey() + { + return STATUS_NOT_SUPPORTED; + } + NTSTATUS handle_NtApphelpCacheControl() { return STATUS_NOT_SUPPORTED; @@ -3243,6 +3274,7 @@ void syscall_dispatcher::add_handlers(std::map& ha add_handler(NtReleaseMutant); add_handler(NtDuplicateToken); add_handler(NtQueryTimerResolution); + add_handler(NtSetInformationKey); #undef add_handler }