Adapt more printing

src/analyzer/analysis.cpp

@@ -45,6 +45,23 @@ namespace
         c.win_emu->log.print(color::dark_gray, "--> %.*s: %s\n", STR_VIEW_VA(type), u16_to_u8(name).c_str()); //
     }
 
+    void handle_memory_allocate(const analysis_context& c, const uint64_t address, const uint64_t length,
+                                const memory_permission permission, const bool commit)
+    {
+        const auto* action = commit ? "Committed" : "Allocated";
+
+        c.win_emu->log.print(is_executable(permission) ? color::gray : color::dark_gray,
+                             "--> %s 0x%" PRIx64 " - 0x%" PRIx64 " (%s)\n", action, address, address + length,
+                             get_permission_string(permission).c_str());
+    }
+
+    void handle_memory_protect(const analysis_context& c, const uint64_t address, const uint64_t length,
+                               const memory_permission permission)
+    {
+        c.win_emu->log.print(color::dark_gray, "--> Changing protection at 0x%" PRIx64 "-0x%" PRIx64 " to %s\n",
+                             address, address + length, get_permission_string(permission).c_str());
+    }
+
     void handle_ioctrl(const analysis_context& c, const io_device&, const std::u16string_view device_name,
                        const ULONG code)
     {
@@ -52,6 +69,11 @@ namespace
                              static_cast<uint32_t>(code));
     }
 
+    void handle_thread_set_name(const analysis_context& c, const emulator_thread& t)
+    {
+        c.win_emu->log.print(color::blue, "Setting thread (%d) name: %s\n", t.id, u16_to_u8(t.name).c_str());
+    }
+
     void handle_thread_switch(const analysis_context& c, const emulator_thread& current_thread,
                               const emulator_thread& new_thread)
     {
@@ -211,10 +233,17 @@ void register_analysis_callbacks(analysis_context& c)
     cb.on_stdout = make_callback(c, handle_stdout);
     cb.on_syscall = make_callback(c, handle_syscall);
     cb.on_ioctrl = make_callback(c, handle_ioctrl);
+
+    cb.on_memory_protect = make_callback(c, handle_memory_protect);
+    cb.on_memory_allocate = make_callback(c, handle_memory_allocate);
+
     cb.on_module_load = make_callback(c, handle_module_load);
     cb.on_module_unload = make_callback(c, handle_module_unload);
-    cb.on_instruction = make_callback(c, handle_instruction);
+
     cb.on_thread_switch = make_callback(c, handle_thread_switch);
+    cb.on_thread_set_name = make_callback(c, handle_thread_set_name);
+
+    cb.on_instruction = make_callback(c, handle_instruction);
     cb.on_generic_access = make_callback(c, handle_generic_access);
     cb.on_generic_activity = make_callback(c, handle_generic_activity);
     cb.on_suspicious_activity = make_callback(c, handle_suspicious_activity);

src/windows-emulator/process_context.cpp

@@ -361,7 +361,7 @@ handle process_context::create_thread(memory_manager& memory, const uint64_t sta
 {
     emulator_thread t{memory, *this, start_address, argument, stack_size, suspended, ++this->spawned_thread_count};
     auto [h, thr] = this->threads.store_and_get(std::move(t));
-    this->callbacks_->on_create_thread(h, *thr);
+    this->callbacks_->on_thread_create(h, *thr);
     return h;
 }
 

src/windows-emulator/process_context.hpp

@@ -32,9 +32,10 @@ struct process_context
 {
     struct callbacks
     {
-        utils::optional_function<void(handle h, emulator_thread& thr)> on_create_thread{};
+        utils::optional_function<void(handle h, emulator_thread& thr)> on_thread_create{};
         utils::optional_function<void(handle h, emulator_thread& thr)> on_thread_terminated{};
         utils::optional_function<void(emulator_thread& current_thread, emulator_thread& new_thread)> on_thread_switch{};
+        utils::optional_function<void(emulator_thread& current_thread)> on_thread_set_name{};
     };
 
     struct atom_entry

src/windows-emulator/syscalls/memory.cpp

@@ -146,9 +146,7 @@ namespace syscalls
 
         const auto requested_protection = map_nt_to_emulator_protection(protection);
 
-        c.win_emu.log.print(color::dark_gray, "--> Changing protection at 0x%" PRIx64 "-0x%" PRIx64 " to %s\n",
-                            aligned_start, aligned_start + aligned_length,
-                            get_permission_string(requested_protection).c_str());
+        c.win_emu.callbacks.on_memory_protect(aligned_start, aligned_length, requested_protection);
 
         memory_permission old_protection_value{};
 
@@ -208,16 +206,11 @@ namespace syscalls
         if (commit && !reserve &&
             c.win_emu.memory.commit_memory(potential_base, static_cast<size_t>(allocation_bytes), protection))
         {
-            c.win_emu.log.print(is_executable(protection) ? color::gray : color::dark_gray,
-                                "--> Committed 0x%" PRIx64 " - 0x%" PRIx64 " (%s)\n", potential_base,
-                                potential_base + allocation_bytes, get_permission_string(protection).c_str());
-
+            c.win_emu.callbacks.on_memory_allocate(potential_base, allocation_bytes, protection, true);
             return STATUS_SUCCESS;
         }
 
-        c.win_emu.log.print(is_executable(protection) ? color::gray : color::dark_gray,
-                            "--> Allocated 0x%" PRIx64 " - 0x%" PRIx64 " (%s)\n", potential_base,
-                            potential_base + allocation_bytes, get_permission_string(protection).c_str());
+        c.win_emu.callbacks.on_memory_allocate(potential_base, allocation_bytes, protection, false);
 
         return c.win_emu.memory.allocate_memory(potential_base, static_cast<size_t>(allocation_bytes), protection,
                                                 !commit)

src/windows-emulator/syscalls/thread.cpp

@@ -41,8 +41,7 @@ namespace syscalls
             const auto i = info.read();
             thread->name = read_unicode_string(c.emu, i.ThreadName);
 
-            c.win_emu.log.print(color::blue, "Setting thread (%d) name: %s\n", thread->id,
-                                u16_to_u8(thread->name).c_str());
+            c.win_emu.callbacks.on_thread_set_name(*thread);
 
             return STATUS_SUCCESS;
         }

src/windows-emulator/windows_emulator.hpp

@@ -15,17 +15,22 @@
 
 struct io_device;
 
+#define opt_func utils::optional_function
+
 struct emulator_callbacks : module_manager::callbacks, process_context::callbacks
 {
     using continuation = instruction_hook_continuation;
 
-    utils::optional_function<continuation(uint32_t syscall_id, std::string_view syscall_name)> on_syscall{};
-    utils::optional_function<void(std::string_view data)> on_stdout{};
-    utils::optional_function<void(std::string_view type, std::u16string_view name)> on_generic_access{};
-    utils::optional_function<void(std::string_view description)> on_generic_activity{};
-    utils::optional_function<void(std::string_view description)> on_suspicious_activity{};
-    utils::optional_function<void(uint64_t address)> on_instruction{};
-    utils::optional_function<void(io_device& device, std::u16string_view device_name, ULONG code)> on_ioctrl{};
+    opt_func<void(uint64_t address, uint64_t length, memory_permission)> on_memory_protect{};
+    opt_func<void(uint64_t address, uint64_t length, memory_permission, bool commit)> on_memory_allocate{};
+
+    opt_func<continuation(uint32_t syscall_id, std::string_view syscall_name)> on_syscall{};
+    opt_func<void(std::string_view data)> on_stdout{};
+    opt_func<void(std::string_view type, std::u16string_view name)> on_generic_access{};
+    opt_func<void(std::string_view description)> on_generic_activity{};
+    opt_func<void(std::string_view description)> on_suspicious_activity{};
+    opt_func<void(uint64_t address)> on_instruction{};
+    opt_func<void(io_device& device, std::u16string_view device_name, ULONG code)> on_ioctrl{};
 };
 
 struct application_settings