From 8481cdfb5d7ed552bf6f19f988ee65c30a5aca61 Mon Sep 17 00:00:00 2001 From: ahm3dgg Date: Fri, 9 Jan 2026 03:09:42 +0200 Subject: [PATCH] Use std::map instead of std::unordered_map for data that will be serialized --- src/windows-emulator/module/module_manager.cpp | 4 ++-- src/windows-emulator/module/module_manager.hpp | 2 +- src/windows-emulator/process_context.cpp | 17 ++++++++--------- src/windows-emulator/process_context.hpp | 2 +- src/windows-emulator/syscalls/section.cpp | 2 +- src/windows-emulator/windows_path.hpp | 5 +++++ 6 files changed, 18 insertions(+), 14 deletions(-) diff --git a/src/windows-emulator/module/module_manager.cpp b/src/windows-emulator/module/module_manager.cpp index 5b3cafe9..57883b45 100644 --- a/src/windows-emulator/module/module_manager.cpp +++ b/src/windows-emulator/module/module_manager.cpp @@ -531,7 +531,7 @@ mapped_module* module_manager::map_memory_module(uint64_t base_address, uint64_t void module_manager::serialize(utils::buffer_serializer& buffer) const { buffer.write_map(this->modules_); - //buffer.write_map(this->module_load_count); + buffer.write_map(this->module_load_count); buffer.write(this->executable ? this->executable->image_base : 0); buffer.write(this->ntdll ? this->ntdll->image_base : 0); @@ -549,7 +549,7 @@ void module_manager::serialize(utils::buffer_serializer& buffer) const void module_manager::deserialize(utils::buffer_deserializer& buffer) { buffer.read_map(this->modules_); - //buffer.read_map(this->module_load_count); + buffer.read_map(this->module_load_count); this->last_module_cache_ = this->modules_.end(); const auto executable_base = buffer.read(); diff --git a/src/windows-emulator/module/module_manager.hpp b/src/windows-emulator/module/module_manager.hpp index 95fd671e..6f8e837f 100644 --- a/src/windows-emulator/module/module_manager.hpp +++ b/src/windows-emulator/module/module_manager.hpp @@ -159,7 +159,7 @@ class module_manager mapped_module* executable{}; mapped_module* ntdll{}; mapped_module* win32u{}; - std::unordered_map module_load_count; + std::map module_load_count; // WOW64-specific modules (for validation and future use) struct wow64_modules diff --git a/src/windows-emulator/process_context.cpp b/src/windows-emulator/process_context.cpp index 6e87c201..a0ee7c1f 100644 --- a/src/windows-emulator/process_context.cpp +++ b/src/windows-emulator/process_context.cpp @@ -576,11 +576,10 @@ void process_context::setup(x86_64_emulator& emu, memory_manager& memory, regist } } - (void)file_system; - //const auto* api_set_data = reinterpret_cast(apiset_container.data.data()); - //auto apiset = get_apiset_namespace_table(api_set_data); - //create_known_dlls_section_objects(this->knowndlls32_sections, apiset, registry, file_system, true); - //create_known_dlls_section_objects(this->knowndlls64_sections, apiset, registry, file_system, false); + const auto* api_set_data = reinterpret_cast(apiset_container.data.data()); + auto apiset = get_apiset_namespace_table(api_set_data); + create_known_dlls_section_objects(this->knowndlls32_sections, apiset, registry, file_system, true); + create_known_dlls_section_objects(this->knowndlls64_sections, apiset, registry, file_system, false); this->ntdll_image_base = ntdll.image_base; this->ldr_initialize_thunk = ntdll.find_export("LdrInitializeThunk"); @@ -657,8 +656,8 @@ void process_context::serialize(utils::buffer_serializer& buffer) const buffer.write(this->timers); buffer.write(this->registry_keys); buffer.write_map(this->atoms); - //buffer.write_map(this->knowndlls32_sections); - //buffer.write_map(this->knowndlls64_sections); + buffer.write_map(this->knowndlls32_sections); + buffer.write_map(this->knowndlls64_sections); buffer.write(this->last_extended_params_numa_node); buffer.write(this->last_extended_params_attributes); @@ -708,8 +707,8 @@ void process_context::deserialize(utils::buffer_deserializer& buffer) buffer.read(this->timers); buffer.read(this->registry_keys); buffer.read_map(this->atoms); - //buffer.read_map(this->knowndlls32_sections); - //buffer.read_map(this->knowndlls64_sections); + buffer.read_map(this->knowndlls32_sections); + buffer.read_map(this->knowndlls64_sections); buffer.read(this->last_extended_params_numa_node); buffer.read(this->last_extended_params_attributes); diff --git a/src/windows-emulator/process_context.hpp b/src/windows-emulator/process_context.hpp index a3cccd77..4d40f04b 100644 --- a/src/windows-emulator/process_context.hpp +++ b/src/windows-emulator/process_context.hpp @@ -34,7 +34,7 @@ struct emulator_settings; struct application_settings; -using knowndlls_map = std::unordered_map; +using knowndlls_map = std::map; struct process_context { struct callbacks diff --git a/src/windows-emulator/syscalls/section.cpp b/src/windows-emulator/syscalls/section.cpp index 26659907..62daac17 100644 --- a/src/windows-emulator/syscalls/section.cpp +++ b/src/windows-emulator/syscalls/section.cpp @@ -119,7 +119,7 @@ namespace syscalls } utils::string::to_lower_inplace(filename); - if (is_known_dll && filename.starts_with(u"win32u.dll")) + if (is_known_dll && (filename.starts_with(u"win32u.dll") || filename.starts_with(u"ntdll.dll"))) { return STATUS_OBJECT_NAME_NOT_FOUND; } diff --git a/src/windows-emulator/windows_path.hpp b/src/windows-emulator/windows_path.hpp index 0d9e3d67..0a5099d9 100644 --- a/src/windows-emulator/windows_path.hpp +++ b/src/windows-emulator/windows_path.hpp @@ -256,6 +256,11 @@ class windows_path return !this->operator==(other); } + bool operator<(const windows_path& other) const + { + return this->string().length() < other.string().length(); + } + bool empty() const { return this->is_relative() && this->folders_.empty();