Even more compilation fixes

src/analyzer/main.cpp

@@ -15,6 +15,10 @@ namespace
 
 	void watch_system_objects(windows_emulator& win_emu, const bool cache_logging)
 	{
+		(void)win_emu;
+		(void)cache_logging;
+
+#ifdef OS_WINDOWS
 		watch_object(win_emu, *win_emu.current_thread().teb, cache_logging);
 		watch_object(win_emu, win_emu.process().peb, cache_logging);
 		watch_object(win_emu, emulator_object<KUSER_SHARED_DATA64>{win_emu.emu(), kusd_mmio::address()}, cache_logging);
@@ -37,6 +41,7 @@ namespace
 				                                params_hook = watch_object(win_emu, obj, cache_logging);
 			                                }
 		                                });
+#endif
 	}
 
 	void run_emulation(windows_emulator& win_emu, const analysis_options& options)

src/common/platform/file_management.hpp

@@ -58,6 +58,8 @@
 #define FILE_NON_DIRECTORY_FILE             0x00000040
 #define FILE_CREATE_TREE_CONNECTION         0x00000080
 
+#define FILE_ATTRIBUTE_NORMAL               0x00000080
+
 #define PS_ATTRIBUTE_NUMBER_MASK    0x0000ffff
 #define PS_ATTRIBUTE_THREAD         0x00010000 // may be used with thread creation
 #define PS_ATTRIBUTE_INPUT          0x00020000 // input only
@@ -178,17 +180,6 @@ typedef enum _FILE_INFORMATION_CLASS
     FileMaximumInformation
 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
 
-#ifndef OS_WINDOWS
-typedef enum _SECURITY_IMPERSONATION_LEVEL {
-  SecurityAnonymous,
-  SecurityIdentification,
-  SecurityImpersonation,
-  SecurityDelegation
-} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
-
-
-#endif
-
 typedef enum _OBJECT_INFORMATION_CLASS
 {
     ObjectBasicInformation, // q: OBJECT_BASIC_INFORMATION

src/common/platform/process.hpp

@@ -679,6 +679,55 @@ struct TOKEN_USER64 {
     SID_AND_ATTRIBUTES64 User;
 };
 
+struct TOKEN_BNO_ISOLATION_INFORMATION64 {
+    EmulatorTraits<Emu64>::PVOID       IsolationPrefix;
+    BOOLEAN     IsolationEnabled;
+};
+
+struct TOKEN_MANDATORY_LABEL64 {
+    SID_AND_ATTRIBUTES64 Label;
+};
+
+#ifndef OS_WINDOWS
+
+typedef enum _TOKEN_TYPE {
+    TokenPrimary = 1,
+    TokenImpersonation
+} TOKEN_TYPE;
+typedef TOKEN_TYPE* PTOKEN_TYPE;
+
+typedef struct _TOKEN_ELEVATION {
+    DWORD TokenIsElevated;
+} TOKEN_ELEVATION, * PTOKEN_ELEVATION;
+
+typedef enum _SECURITY_IMPERSONATION_LEVEL {
+  SecurityAnonymous,
+  SecurityIdentification,
+  SecurityImpersonation,
+  SecurityDelegation
+} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
+
+
+typedef struct _LUID {
+    DWORD LowPart;
+    LONG HighPart;
+} LUID, *PLUID;
+
+typedef struct _TOKEN_STATISTICS {
+    LUID TokenId;
+    LUID AuthenticationId;
+    LARGE_INTEGER ExpirationTime;
+    TOKEN_TYPE TokenType;
+    SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+    DWORD DynamicCharged;
+    DWORD DynamicAvailable;
+    DWORD GroupCount;
+    DWORD PrivilegeCount;
+    LUID ModifiedId;
+} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
+
+#endif
+
 typedef struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION
 {
     USHORT Version;

src/common/platform/status.hpp

@@ -25,6 +25,7 @@ using NTSTATUS = std::uint32_t;
 
 #define STATUS_NO_MORE_FILES                ((NTSTATUS)0x80000006L)
 
+#define STATUS_ILLEGAL_INSTRUCTION          ((DWORD   )0xC000001DL)
 #define STATUS_ACCESS_DENIED                ((NTSTATUS)0xC0000022L)
 #define STATUS_BUFFER_TOO_SMALL             ((NTSTATUS)0xC0000023L)
 #define STATUS_OBJECT_NAME_NOT_FOUND        ((NTSTATUS)0xC0000034L)

src/windows-emulator/syscall_utils.hpp

@@ -1,6 +1,7 @@
 #pragma once
 
 #include "windows_emulator.hpp"
+#include <ctime>
 
 struct syscall_context
 {
@@ -269,6 +270,10 @@ inline std::chrono::system_clock::time_point convert_from_ksystem_time(const vol
 	return convert_from_ksystem_time(*const_cast<const KSYSTEM_TIME*>(&time));
 }
 
+#ifndef OS_WINDOWS
+using __time64_t = uint64_t;
+#endif
+
 inline LARGE_INTEGER convert_unix_to_windows_time(const __time64_t unix_time)
 {
 	LARGE_INTEGER windows_time{};

src/windows-emulator/syscalls.cpp

@@ -12,6 +12,8 @@
 #include <utils/string.hpp>
 #include <utils/finally.hpp>
 
+#include <sys/stat.h>
+
 namespace
 {
 	NTSTATUS handle_NtQueryPerformanceCounter(const syscall_context& c,
@@ -1409,15 +1411,15 @@ namespace
 		{
 			if (return_length)
 			{
-				return_length.write(sizeof(ULONG_PTR));
+				return_length.write(sizeof(EmulatorTraits<Emu64>::PVOID));
 			}
 
-			if (thread_information_length != sizeof(ULONG_PTR))
+			if (thread_information_length != sizeof(EmulatorTraits<Emu64>::PVOID))
 			{
 				return STATUS_BUFFER_OVERFLOW;
 			}
 
-			const emulator_object<ULONG_PTR> info{c.emu, thread_information};
+			const emulator_object<EmulatorTraits<Emu64>::PVOID> info{c.emu, thread_information};
 			info.write(thread->start_address);
 
 			return STATUS_SUCCESS;
@@ -2433,7 +2435,7 @@ namespace
 
 		if (token_information_class == TokenIntegrityLevel)
 		{
-			constexpr auto required_size = sizeof(sid) + sizeof(TOKEN_MANDATORY_LABEL);
+			constexpr auto required_size = sizeof(sid) + sizeof(TOKEN_MANDATORY_LABEL64);
 			return_length.write(required_size);
 
 			if (required_size > token_information_length)
@@ -2441,18 +2443,18 @@ namespace
 				return STATUS_BUFFER_TOO_SMALL;
 			}
 
-			TOKEN_MANDATORY_LABEL label{};
+			TOKEN_MANDATORY_LABEL64 label{};
 			label.Label.Attributes = 0;
-			label.Label.Sid = reinterpret_cast<void*>(token_information + sizeof(TOKEN_MANDATORY_LABEL));
+			label.Label.Sid = token_information + sizeof(TOKEN_MANDATORY_LABEL64);
 
-			emulator_object<TOKEN_MANDATORY_LABEL>{c.emu, token_information}.write(label);
-			c.emu.write_memory(token_information + sizeof(TOKEN_MANDATORY_LABEL), sid, sizeof(sid));
+			emulator_object<TOKEN_MANDATORY_LABEL64>{c.emu, token_information}.write(label);
+			c.emu.write_memory(token_information + sizeof(TOKEN_MANDATORY_LABEL64), sid, sizeof(sid));
 			return STATUS_SUCCESS;
 		}
 
 		if (token_information_class == TokenBnoIsolation)
 		{
-			constexpr auto required_size = sizeof(TOKEN_BNO_ISOLATION_INFORMATION);
+			constexpr auto required_size = sizeof(TOKEN_BNO_ISOLATION_INFORMATION64);
 			return_length.write(required_size);
 
 			if (required_size > token_information_length)
@@ -2460,8 +2462,8 @@ namespace
 				return STATUS_BUFFER_TOO_SMALL;
 			}
 
-			c.emu.write_memory(token_information, TOKEN_BNO_ISOLATION_INFORMATION{
-				                   .IsolationPrefix = nullptr,
+			c.emu.write_memory(token_information, TOKEN_BNO_ISOLATION_INFORMATION64{
+				                   .IsolationPrefix = 0,
 				                   .IsolationEnabled = 0,
 			                   });
 
@@ -2897,10 +2899,11 @@ namespace
 		const auto filename = read_unicode_string(c.emu, emulator_object<UNICODE_STRING<EmulatorTraits<Emu64>>>{c.emu, attributes.ObjectName});
 		const auto u8_filename = u16_to_u8(filename);
 
-		struct _stat64 file_stat{};
 #ifdef OS_WINDOWS
+		struct _stat64 file_stat{};
 		if (_stat64(u8_filename.c_str(), &file_stat) != 0)
 #else
+		struct stat64 file_stat{};
 		if (stat64(u8_filename.c_str(), &file_stat) != 0)
 #endif
 		{
@@ -3398,7 +3401,7 @@ namespace
 
 		thread_context.access([&](CONTEXT64& context)
 		{
-			if (context.ContextFlags & CONTEXT_DEBUG_REGISTERS)
+			if (context.ContextFlags & CONTEXT_DEBUG_REGISTERS_64)
 			{
 				c.win_emu.log.print(color::pink, "--> Reading debug registers!\n");
 			}

src/windows-emulator/windows_emulator.cpp

@@ -436,12 +436,12 @@ namespace
 		ctx.ContextFlags = CONTEXT64_ALL;
 		context_frame::save(emu, ctx);
 
-		EXCEPTION_RECORD record{};
+		EMU_EXCEPTION_RECORD<EmulatorTraits<Emu64>> record{};
 		memset(&record, 0, sizeof(record));
 		record.ExceptionCode = static_cast<DWORD>(STATUS_ILLEGAL_INSTRUCTION);
 		record.ExceptionFlags = 0;
-		record.ExceptionRecord = nullptr;
-		record.ExceptionAddress = reinterpret_cast<void*>(emu.read_instruction_pointer());
+		record.ExceptionRecord = 0;
+		record.ExceptionAddress = static_cast<EmulatorTraits<Emu64>::PVOID>(emu.read_instruction_pointer());
 		record.NumberParameters = 0;
 
 		EMU_EXCEPTION_POINTERS<EmulatorTraits<Emu64>> pointers{};