Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-20 04:03:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prepare thread support

Browse Source
This commit is contained in:
momo5502
2024-10-16 19:19:36 +02:00
parent b756bf354f
commit 7cb1abb529
7 changed files with 277 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/analyzer/main.cpp
View File

@@ -11,7 +11,7 @@ namespace
{
void watch_system_objects(windows_emulator& win_emu)
{
watch_object(win_emu, win_emu.process().teb);
//watch_object(win_emu, *win_emu.current_thread().teb);
watch_object(win_emu, win_emu.process().peb);
watch_object(win_emu, win_emu.process().kusd);
auto* params_hook = watch_object(win_emu, win_emu.process().process_params);
@@ -86,43 +86,6 @@ namespace
}
});
win_emu.add_syscall_hook([&]
{
// Read syscall id and name
const auto syscall_id = win_emu.emu().reg(x64_register::eax);
const auto syscall_name = win_emu.dispatcher().get_syscall_name(syscall_id);
// Check if desired syscall
if (syscall_name != "NtQueryInformationProcess")
{
return instruction_hook_continuation::run_instruction;
}
// Check if image file name is read
const auto info_class = win_emu.emu().reg(x64_register::rdx);
if (info_class != ProcessImageFileNameWin32)
{
return instruction_hook_continuation::run_instruction;
}
// Patch result and feed expected filename
win_emu.logger.print(color::pink, "Patching NtQueryInformationProcess...\n");
const auto data = win_emu.emu().reg(x64_register::r8);
emulator_allocator data_allocator{win_emu.emu(), data, 0x100};
data_allocator.make_unicode_string(L"C:\\Users\\Maurice\\Desktop\\protected.exe");
win_emu.emu().reg(x64_register::rax, STATUS_SUCCESS);
return instruction_hook_continuation::skip_instruction;
});
run_emulation(win_emu);
}
}