From 5c3a0183115c438ed5b40f39014677d106f262d6 Mon Sep 17 00:00:00 2001 From: momo5502 Date: Sat, 26 Oct 2024 17:20:32 +0200 Subject: [PATCH] Hardcode KUSD for now --- src/windows-emulator/windows_emulator.cpp | 62 ++++++++++++++++++++++- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/src/windows-emulator/windows_emulator.cpp b/src/windows-emulator/windows_emulator.cpp index dbb12a48..4c52eb37 100644 --- a/src/windows-emulator/windows_emulator.cpp +++ b/src/windows-emulator/windows_emulator.cpp @@ -50,14 +50,72 @@ namespace emulator_object setup_kusd(x64_emulator& emu) { + // TODO: Fix that. Use hooks to feed dynamic data, e.g. time values + emu.allocate_memory(KUSD_ADDRESS, page_align_up(sizeof(KUSER_SHARED_DATA)), memory_permission::read); const emulator_object kusd_object{emu, KUSD_ADDRESS}; kusd_object.access([](KUSER_SHARED_DATA& kusd) { - const auto& real_kusd = *reinterpret_cast(KUSD_ADDRESS); + kusd.TickCountMultiplier = 0x0fa00000; + kusd.InterruptTime.LowPart = 0x17bd9547; + kusd.InterruptTime.High1Time = 0x0000004b; + kusd.InterruptTime.High2Time = 0x0000004b; + kusd.SystemTime.LowPart = 0x7af9da99; + kusd.SystemTime.High1Time = 0x01db27b9; + kusd.SystemTime.High2Time = 0x01db27b9; + kusd.TimeZoneBias.LowPart = 0x3c773000; + kusd.TimeZoneBias.High1Time = -17; + kusd.TimeZoneBias.High2Time = -17; + kusd.TimeZoneId = 0x00000002; + kusd.LargePageMinimum = 0x00200000; + kusd.RNGSeedVersion = 0x0000000000000013; + kusd.TimeZoneBiasStamp = 0x00000004; + kusd.NtBuildNumber = 0x00006c51; + kusd.NtProductType = NtProductWinNt; + kusd.ProductTypeIsValid = 0x01; + kusd.NativeProcessorArchitecture = 0x0009; + kusd.NtMajorVersion = 0x0000000a; + kusd.BootId = 0x0000000b; + kusd.SystemExpirationDate.QuadPart = 0x01dc26860a9ff300; + kusd.SuiteMask = 0x00000110; + kusd.MitigationPolicies.MitigationPolicies = 0x0a; + kusd.MitigationPolicies.NXSupportPolicy = 0x02; + kusd.MitigationPolicies.SEHValidationPolicy = 0x02; + kusd.CyclesPerYield = 0x0064; + kusd.DismountCount = 0x00000006; + kusd.ComPlusPackage = 0x00000001; + kusd.LastSystemRITEventTickCount = 0x01ec1fd3; + kusd.NumberOfPhysicalPages = 0x00bf0958; + kusd.FullNumberOfPhysicalPages = 0x0000000000bf0958; + kusd.TickCount.TickCount.LowPart = 0x001f7f05; + kusd.TickCount.TickCountQuad = 0x00000000001f7f05; + kusd.Cookie = 0x1c3471da; + kusd.ConsoleSessionForegroundProcessId = 0x00000000000028f4; + kusd.TimeUpdateLock = 0x0000000002b28586; + kusd.BaselineSystemTimeQpc = 0x0000004b17cd596c; + kusd.BaselineInterruptTimeQpc = 0x0000004b17cd596c; + kusd.QpcSystemTimeIncrement = 0x8000000000000000; + kusd.QpcInterruptTimeIncrement = 0x8000000000000000; + kusd.QpcSystemTimeIncrementShift = 0x01; + kusd.QpcInterruptTimeIncrementShift = 0x01; + kusd.UnparkedProcessorCount = 0x000c; + kusd.TelemetryCoverageRound = 0x00000001; + kusd.LangGenerationCount = 0x00000003; + kusd.InterruptTimeBias = 0x00000015a5d56406; + kusd.QpcBias = 0x000000159530c4af; + kusd.ActiveProcessorCount = 0x0000000c; + kusd.ActiveGroupCount = 0x01; + kusd.QpcData.QpcData = 0x0083; + kusd.QpcData.QpcBypassEnabled = 0x83; + kusd.TimeZoneBiasEffectiveStart.QuadPart = 0x01db276e654cb2ff; + kusd.TimeZoneBiasEffectiveEnd.QuadPart = 0x01db280b8c3b2800; + kusd.XState.EnabledFeatures = 0x000000000000001f; + kusd.XState.EnabledVolatileFeatures = 0x000000000000000f; + kusd.XState.Size = 0x000003c0; - memcpy(&kusd, &real_kusd, sizeof(kusd)); + constexpr std::wstring_view root_dir{L"C:\\WINDOWS"}; + memcpy(&kusd.NtSystemRoot.arr[0], root_dir.data(), root_dir.size() * 2); kusd.ImageNumberLow = IMAGE_FILE_MACHINE_I386; kusd.ImageNumberHigh = IMAGE_FILE_MACHINE_AMD64;