From 4e5ba450c19b73e82dea584317c44c85892f83ad Mon Sep 17 00:00:00 2001 From: redthing1 Date: Tue, 6 Jan 2026 17:56:24 -0800 Subject: [PATCH 1/3] module manager: safer ldr init block setup --- src/windows-emulator/module/module_manager.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/windows-emulator/module/module_manager.cpp b/src/windows-emulator/module/module_manager.cpp index fb6610e4..264e431a 100644 --- a/src/windows-emulator/module/module_manager.cpp +++ b/src/windows-emulator/module/module_manager.cpp @@ -285,10 +285,10 @@ void module_manager::load_wow64_modules(const windows_path& executable_path, con // Set up LdrSystemDllInitBlock structure PS_SYSTEM_DLL_INIT_BLOCK init_block = {}; - constexpr uint64_t symtem_dll_init_block_fix_size = 0xF0; // Wine or WIN10 + constexpr uint64_t system_dll_init_block_size = sizeof(PS_SYSTEM_DLL_INIT_BLOCK); // Basic structure initialization - init_block.Size = symtem_dll_init_block_fix_size; + init_block.Size = system_dll_init_block_size; // Calculate relocation values // SystemDllWowRelocation = mapped_base - original_imagebase for 32-bit ntdll @@ -344,8 +344,11 @@ void module_manager::load_wow64_modules(const windows_path& executable_path, con return; } + const auto write_size = static_cast(system_dll_init_block_size); + init_block.Size = write_size; + // Write the initialized structure to the export address - this->memory_->write_memory(ldr_init_block_addr, &init_block, symtem_dll_init_block_fix_size); + this->memory_->write_memory(ldr_init_block_addr, &init_block, write_size); logger.info("Successfully initialized LdrSystemDllInitBlock at 0x%" PRIx64 "\n", ldr_init_block_addr); From 01851ad5710d36edb86adfdf610df39d296f0a28 Mon Sep 17 00:00:00 2001 From: Maurice Heumann Date: Wed, 7 Jan 2026 08:02:34 +0100 Subject: [PATCH 2/3] Update description for Security Research section --- page/src/landing-page.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/page/src/landing-page.tsx b/page/src/landing-page.tsx index 7aae83be..1acd7349 100644 --- a/page/src/landing-page.tsx +++ b/page/src/landing-page.tsx @@ -91,7 +91,7 @@ export function LandingPage() { icon: , title: "Security Research", description: - "Analyze malware and security vulnerabilities in a controlled environment", + "Analyze security vulnerabilities in a controlled environment", }, { icon: , From 7ba5a7b2e4adc3dfbf53c1789b79fb5f748712be Mon Sep 17 00:00:00 2001 From: Brian Wynn Date: Thu, 8 Jan 2026 17:37:01 +0800 Subject: [PATCH 3/3] Revert "module manager: safer ldr init block setup" --- src/windows-emulator/module/module_manager.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/windows-emulator/module/module_manager.cpp b/src/windows-emulator/module/module_manager.cpp index 264e431a..fb6610e4 100644 --- a/src/windows-emulator/module/module_manager.cpp +++ b/src/windows-emulator/module/module_manager.cpp @@ -285,10 +285,10 @@ void module_manager::load_wow64_modules(const windows_path& executable_path, con // Set up LdrSystemDllInitBlock structure PS_SYSTEM_DLL_INIT_BLOCK init_block = {}; - constexpr uint64_t system_dll_init_block_size = sizeof(PS_SYSTEM_DLL_INIT_BLOCK); + constexpr uint64_t symtem_dll_init_block_fix_size = 0xF0; // Wine or WIN10 // Basic structure initialization - init_block.Size = system_dll_init_block_size; + init_block.Size = symtem_dll_init_block_fix_size; // Calculate relocation values // SystemDllWowRelocation = mapped_base - original_imagebase for 32-bit ntdll @@ -344,11 +344,8 @@ void module_manager::load_wow64_modules(const windows_path& executable_path, con return; } - const auto write_size = static_cast(system_dll_init_block_size); - init_block.Size = write_size; - // Write the initialized structure to the export address - this->memory_->write_memory(ldr_init_block_addr, &init_block, write_size); + this->memory_->write_memory(ldr_init_block_addr, &init_block, symtem_dll_init_block_fix_size); logger.info("Successfully initialized LdrSystemDllInitBlock at 0x%" PRIx64 "\n", ldr_init_block_addr);