diff --git a/src/common/platform/process.hpp b/src/common/platform/process.hpp index ecc9ce2f..cd512b9d 100644 --- a/src/common/platform/process.hpp +++ b/src/common/platform/process.hpp @@ -670,6 +670,20 @@ typedef struct DECLSPEC_ALIGN(16) _CONTEXT64 DWORD64 LastExceptionFromRip; } CONTEXT64, *PCONTEXT64; +typedef struct _CONTEXT_CHUNK +{ + LONG Offset; // Offset may be negative. + ULONG Length; +} CONTEXT_CHUNK, *PCONTEXT_CHUNK; + +typedef struct _CONTEXT_EX +{ + CONTEXT_CHUNK All; + CONTEXT_CHUNK Legacy; + CONTEXT_CHUNK XState; + CONTEXT_CHUNK KernelCet; +} CONTEXT_EX, *PCONTEXT_EX; + template struct EMU_EXCEPTION_RECORD { diff --git a/src/windows-emulator/syscalls/thread.cpp b/src/windows-emulator/syscalls/thread.cpp index 6c72d506..5a6b1f4c 100644 --- a/src/windows-emulator/syscalls/thread.cpp +++ b/src/windows-emulator/syscalls/thread.cpp @@ -361,14 +361,12 @@ namespace syscalls return STATUS_SUCCESS; } - NTSTATUS handle_NtContinueEx(const syscall_context& c, emulator_object thread_context, + NTSTATUS handle_NtContinueEx(const syscall_context& c, const emulator_object thread_context, const uint64_t continue_argument) { c.write_status = false; KCONTINUE_ARGUMENT argument{}; - thread_context = thread_context.shift(0x20); // TODO: Figure out what that is? Extended context? - if (continue_argument <= 0xFF) { argument.ContinueFlags = KCONTINUE_FLAG_TEST_ALERT; @@ -392,7 +390,7 @@ namespace syscalls NTSTATUS handle_NtContinue(const syscall_context& c, const emulator_object thread_context, const BOOLEAN raise_alert) { - return handle_NtContinueEx(c, thread_context.shift(-0x20), raise_alert ? 1 : 0); + return handle_NtContinueEx(c, thread_context, raise_alert ? 1 : 0); } NTSTATUS handle_NtGetNextThread(const syscall_context& c, const handle process_handle, const handle thread_handle, diff --git a/src/windows-emulator/windows_emulator.cpp b/src/windows-emulator/windows_emulator.cpp index 713b720d..b913f721 100644 --- a/src/windows-emulator/windows_emulator.cpp +++ b/src/windows-emulator/windows_emulator.cpp @@ -90,27 +90,24 @@ namespace return; } - win_emu.log.print(color::dark_gray, "Dispatching APC..."); + win_emu.log.print(color::dark_gray, "Dispatching APC...\n"); const auto next_apx = apcs.front(); apcs.erase(apcs.begin()); struct { - uint64_t apc_argument1{}; - uint64_t apc_argument2{}; - uint64_t apc_argument3{}; - uint64_t apc_routine{}; CONTEXT64 context{}; + CONTEXT_EX context_ex{}; KCONTINUE_ARGUMENT continue_argument{}; } stack_layout; static_assert(offsetof(decltype(stack_layout), continue_argument) == 0x4F0); - stack_layout.apc_routine = next_apx.apc_routine; - stack_layout.apc_argument1 = next_apx.apc_argument1; - stack_layout.apc_argument2 = next_apx.apc_argument2; - stack_layout.apc_argument3 = next_apx.apc_argument3; + stack_layout.context.P1Home = next_apx.apc_argument1; + stack_layout.context.P2Home = next_apx.apc_argument2; + stack_layout.context.P3Home = next_apx.apc_argument3; + stack_layout.context.P4Home = next_apx.apc_routine; stack_layout.continue_argument.ContinueFlags |= KCONTINUE_FLAG_TEST_ALERT;