From 5fbf0659373f552b81da135836dfaed7686d662a Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sun, 10 Aug 2025 10:03:12 +0200
Subject: [PATCH] Handle debug strings via callback

---
 src/analyzer/analysis.cpp                 | 6 ++++++
 src/windows-emulator/syscalls/event.cpp   | 4 ++--
 src/windows-emulator/windows_emulator.hpp | 1 +
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/analyzer/analysis.cpp b/src/analyzer/analysis.cpp
index 3ff57d84..a8944573 100644
--- a/src/analyzer/analysis.cpp
+++ b/src/analyzer/analysis.cpp
@@ -36,6 +36,11 @@ namespace
                              STR_VIEW_VA(details), rip, c.win_emu->process.previous_ip);
     }
 
+    void handle_debug_string(const analysis_context& c, const std::string_view details)
+    {
+        c.win_emu->log.info("--> Debug string: %.*s\n", STR_VIEW_VA(details));
+    }
+
     void handle_generic_activity(const analysis_context& c, const std::string_view details)
     {
         c.win_emu->log.print(color::dark_gray, "%.*s\n", STR_VIEW_VA(details));
@@ -442,6 +447,7 @@ void register_analysis_callbacks(analysis_context& c)
     cb.on_thread_set_name = make_callback(c, handle_thread_set_name);
 
     cb.on_instruction = make_callback(c, handle_instruction);
+    cb.on_debug_string = make_callback(c, handle_debug_string);
     cb.on_generic_access = make_callback(c, handle_generic_access);
     cb.on_generic_activity = make_callback(c, handle_generic_activity);
     cb.on_suspicious_activity = make_callback(c, handle_suspicious_activity);
diff --git a/src/windows-emulator/syscalls/event.cpp b/src/windows-emulator/syscalls/event.cpp
index a2c17b76..7c058965 100644
--- a/src/windows-emulator/syscalls/event.cpp
+++ b/src/windows-emulator/syscalls/event.cpp
@@ -9,11 +9,11 @@ namespace syscalls
     {
         if (handle == DBWIN_DATA_READY)
         {
-            if (c.proc.dbwin_buffer)
+            if (c.proc.dbwin_buffer && c.win_emu.callbacks.on_debug_string)
             {
                 constexpr auto pid_length = 4;
                 const auto debug_data = read_string<char>(c.win_emu.memory, c.proc.dbwin_buffer + pid_length);
-                c.win_emu.log.info("--> Debug string: %s\n", debug_data.c_str());
+                c.win_emu.callbacks.on_debug_string(debug_data);
             }
 
             return STATUS_SUCCESS;
diff --git a/src/windows-emulator/windows_emulator.hpp b/src/windows-emulator/windows_emulator.hpp
index c6732a30..982a1f82 100644
--- a/src/windows-emulator/windows_emulator.hpp
+++ b/src/windows-emulator/windows_emulator.hpp
@@ -32,6 +32,7 @@ struct emulator_callbacks : module_manager::callbacks, process_context::callback
     opt_func<void(std::string_view type, std::u16string_view name)> on_generic_access{};
     opt_func<void(std::string_view description)> on_generic_activity{};
     opt_func<void(std::string_view description)> on_suspicious_activity{};
+    opt_func<void(std::string_view message)> on_debug_string{};
     opt_func<void(uint64_t address)> on_instruction{};
     opt_func<void(io_device& device, std::u16string_view device_name, ULONG code)> on_ioctrl{};
 };