Handle debug strings via callback

2026-01-19 11:43:56 +00:00 · 2025-08-10 10:03:12 +02:00
parent 74bff93580
commit 5fbf065937
3 changed files with 9 additions and 2 deletions
--- a/src/analyzer/analysis.cpp
+++ b/src/analyzer/analysis.cpp
@@ -36,6 +36,11 @@ namespace
                             STR_VIEW_VA(details), rip, c.win_emu->process.previous_ip);
    }

+    void handle_debug_string(const analysis_context& c, const std::string_view details)
+    {
+        c.win_emu->log.info("--> Debug string: %.*s\n", STR_VIEW_VA(details));
+    }
+
    void handle_generic_activity(const analysis_context& c, const std::string_view details)
    {
        c.win_emu->log.print(color::dark_gray, "%.*s\n", STR_VIEW_VA(details));
@@ -442,6 +447,7 @@ void register_analysis_callbacks(analysis_context& c)
    cb.on_thread_set_name = make_callback(c, handle_thread_set_name);

    cb.on_instruction = make_callback(c, handle_instruction);
+    cb.on_debug_string = make_callback(c, handle_debug_string);
    cb.on_generic_access = make_callback(c, handle_generic_access);
    cb.on_generic_activity = make_callback(c, handle_generic_activity);
    cb.on_suspicious_activity = make_callback(c, handle_suspicious_activity);
--- a/src/windows-emulator/syscalls/event.cpp
+++ b/src/windows-emulator/syscalls/event.cpp
@@ -9,11 +9,11 @@ namespace syscalls
    {
        if (handle == DBWIN_DATA_READY)
        {
-            if (c.proc.dbwin_buffer)
+            if (c.proc.dbwin_buffer && c.win_emu.callbacks.on_debug_string)
            {
                constexpr auto pid_length = 4;
                const auto debug_data = read_string<char>(c.win_emu.memory, c.proc.dbwin_buffer + pid_length);
-                c.win_emu.log.info("--> Debug string: %s\n", debug_data.c_str());
+                c.win_emu.callbacks.on_debug_string(debug_data);
            }

            return STATUS_SUCCESS;
--- a/src/windows-emulator/windows_emulator.hpp
+++ b/src/windows-emulator/windows_emulator.hpp
@@ -32,6 +32,7 @@ struct emulator_callbacks : module_manager::callbacks, process_context::callback
    opt_func<void(std::string_view type, std::u16string_view name)> on_generic_access{};
    opt_func<void(std::string_view description)> on_generic_activity{};
    opt_func<void(std::string_view description)> on_suspicious_activity{};
+    opt_func<void(std::string_view message)> on_debug_string{};
    opt_func<void(uint64_t address)> on_instruction{};
    opt_func<void(io_device& device, std::u16string_view device_name, ULONG code)> on_ioctrl{};
 };