From 21fc460db83192464ce0f8773a92ecedb5acbe4f Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Wed, 23 Apr 2025 00:56:36 -0300 Subject: [PATCH 1/6] Update create-root.bat --- src/tools/create-root.bat | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/tools/create-root.bat b/src/tools/create-root.bat index 975b7bea..f326f6f8 100644 --- a/src/tools/create-root.bat +++ b/src/tools/create-root.bat @@ -26,6 +26,7 @@ COPY /B /Y C:\Users\Default\NTUSER.DAT "%EMU_REGDIR%\NTUSER.DAT" CALL :collect advapi32.dll CALL :collect bcrypt.dll +CALL :collect bcryptprimitives.dll CALL :collect cfgmgr32.dll CALL :collect ci.dll CALL :collect combase.dll @@ -118,8 +119,18 @@ CALL :collect wintypes.dll CALL :collect slwga.dll CALL :collect sppc.dll CALL :collect kernel.appcore.dll +CALL :collect winnlsres.dll +CALL :collect nlsbres.dll +CALL :collect netutils.dll +CALL :collect dinput8.dll +CALL :collect d3d10.dll +CALL :collect d3d10core.dll +CALL :collect cabinet.dll +CALL :collect msacm32.dll CALL :collect locale.nls +CALL :collect c_1252.nls +CALL :collect c_850.nls EXIT /B 0 From 16e7cac48af4e88c3ee3710a6e3a335e1486adb5 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Wed, 23 Apr 2025 01:00:30 -0300 Subject: [PATCH 2/6] Retry loading using normal path when wow6432node path is not found --- .../registry/registry_manager.cpp | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/windows-emulator/registry/registry_manager.cpp b/src/windows-emulator/registry/registry_manager.cpp index cd3d75fb..3309f1e5 100644 --- a/src/windows-emulator/registry/registry_manager.cpp +++ b/src/windows-emulator/registry/registry_manager.cpp @@ -105,7 +105,22 @@ std::optional registry_manager::get_key(const utils::path_key& key return {std::move(reg_key)}; } - const auto* entry = iterator->second->get_sub_key(reg_key.path.get()); + auto path = reg_key.path.get(); + const auto* entry = iterator->second->get_sub_key(path); + + if (!entry) + { + constexpr std::wstring_view wowPrefix = L"wow6432node\\"; + + const auto pathStr = path.wstring(); + if (pathStr.starts_with(wowPrefix)) + { + path = pathStr.substr(wowPrefix.size()); + reg_key.path = path; + entry = iterator->second->get_sub_key(path); + } + } + if (!entry) { return std::nullopt; From 8dfcf2755c3fca1da36a2334ad40c4e55728a048 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Wed, 23 Apr 2025 01:03:42 -0300 Subject: [PATCH 3/6] Add stub for NtAreMappedFilesTheSame and modify NtSetInformationKey to return success --- src/windows-emulator/syscalls.cpp | 3 +++ src/windows-emulator/syscalls/registry.cpp | 2 +- src/windows-emulator/syscalls/section.cpp | 6 ++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index edc8e95b..17c723d2 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -259,6 +259,8 @@ namespace syscalls NTSTATUS handle_NtUnmapViewOfSection(const syscall_context& c, handle process_handle, uint64_t base_address); NTSTATUS handle_NtUnmapViewOfSectionEx(const syscall_context& c, handle process_handle, uint64_t base_address, ULONG /*flags*/); + NTSTATUS handle_NtAreMappedFilesTheSame(const syscall_context& c, emulator_pointer address1, + emulator_pointer address2); // syscalls/semaphore.cpp: NTSTATUS handle_NtOpenSemaphore(const syscall_context& c, emulator_object semaphore_handle, @@ -866,6 +868,7 @@ void syscall_dispatcher::add_handlers(std::map& ha add_handler(NtFsControlFile); add_handler(NtQueryFullAttributesFile); add_handler(NtFlushBuffersFile); + add_handler(NtAreMappedFilesTheSame); add_handler(NtUserGetProcessWindowStation); add_handler(NtUserRegisterClassExWOW); add_handler(NtUserUnregisterClass); diff --git a/src/windows-emulator/syscalls/registry.cpp b/src/windows-emulator/syscalls/registry.cpp index f27190b6..724d284a 100644 --- a/src/windows-emulator/syscalls/registry.cpp +++ b/src/windows-emulator/syscalls/registry.cpp @@ -239,7 +239,7 @@ namespace syscalls NTSTATUS handle_NtSetInformationKey() { - return STATUS_NOT_SUPPORTED; + return STATUS_SUCCESS; } NTSTATUS handle_NtEnumerateKey(const syscall_context& c, const handle key_handle, const ULONG index, diff --git a/src/windows-emulator/syscalls/section.cpp b/src/windows-emulator/syscalls/section.cpp index eb7b837a..ac19b486 100644 --- a/src/windows-emulator/syscalls/section.cpp +++ b/src/windows-emulator/syscalls/section.cpp @@ -304,4 +304,10 @@ namespace syscalls { return handle_NtUnmapViewOfSection(c, process_handle, base_address); } + + NTSTATUS handle_NtAreMappedFilesTheSame(const syscall_context& c, const emulator_pointer address1, + const emulator_pointer address2) + { + return STATUS_NOT_SUPPORTED; + } } From 39d40a7f2f588fdba9d3292d1faa1357789b72da Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Wed, 23 Apr 2025 01:04:38 -0300 Subject: [PATCH 4/6] Simplify TimeZone query fix --- src/windows-emulator/syscalls/port.cpp | 43 ++--------------------- src/windows-emulator/syscalls/section.cpp | 3 ++ 2 files changed, 6 insertions(+), 40 deletions(-) diff --git a/src/windows-emulator/syscalls/port.cpp b/src/windows-emulator/syscalls/port.cpp index c557c15d..32b5c0e0 100644 --- a/src/windows-emulator/syscalls/port.cpp +++ b/src/windows-emulator/syscalls/port.cpp @@ -4,18 +4,6 @@ namespace syscalls { - struct CSR_API_CONNECTINFO - { - uint64_t SharedSectionBase; - uint64_t SharedStaticServerData; - uint64_t SharedSectionHeap; - ULONG DebugFlags; - ULONG SizeOfPebData; - ULONG SizeOfTebData; - ULONG NumberOfServerDllNames; - EMULATOR_CAST(uint64_t, HANDLE) ServerProcessId; - }; - NTSTATUS handle_NtConnectPort(const syscall_context& c, const emulator_object client_port_handle, const emulator_object>> server_port_name, const emulator_object /*security_qos*/, @@ -33,34 +21,9 @@ namespace syscalls if (connection_info) { - if (p.name == u"\\Windows\\ApiPort") - { - CSR_API_CONNECTINFO connect_info{}; - - const auto expected_connect_length = connection_info_length.read(); - if (expected_connect_length < sizeof(CSR_API_CONNECTINFO)) - { - return STATUS_BUFFER_TOO_SMALL; - } - - // TODO: Use client_shared_memory to get the section entry and get the address from it? - connect_info.SharedSectionBase = c.proc.shared_section_address; - c.emu.write_memory(c.proc.shared_section_address + 2504, - 0xFFFFFFFF); // BaseStaticServerData->TermsrvClientTimeZoneId - - const auto static_server_data = - c.win_emu.memory.allocate_memory(0x10000, memory_permission::read_write); - connect_info.SharedStaticServerData = static_server_data; - c.emu.write_memory(static_server_data + 8, connect_info.SharedSectionBase); - - c.emu.write_memory(connection_info, &connect_info, sizeof(connect_info)); - } - else - { - std::vector zero_mem{}; - zero_mem.resize(connection_info_length.read(), 0); - c.emu.write_memory(connection_info, zero_mem.data(), zero_mem.size()); - } + std::vector zero_mem{}; + zero_mem.resize(connection_info_length.read(), 0); + c.emu.write_memory(connection_info, zero_mem.data(), zero_mem.size()); } client_shared_memory.access([&](PORT_VIEW64& view) { diff --git a/src/windows-emulator/syscalls/section.cpp b/src/windows-emulator/syscalls/section.cpp index ac19b486..61e935d5 100644 --- a/src/windows-emulator/syscalls/section.cpp +++ b/src/windows-emulator/syscalls/section.cpp @@ -143,6 +143,7 @@ namespace syscalls constexpr auto windows_dir_offset = 0x10; c.emu.write_memory(address + 8, windows_dir_offset); + // aka. BaseStaticServerData (BASE_STATIC_SERVER_DATA) const auto obj_address = address + windows_dir_offset; const emulator_object>> windir_obj{c.emu, obj_address}; @@ -168,6 +169,8 @@ namespace syscalls ucs.Buffer = ucs.Buffer - obj_address; }); + c.emu.write_memory(obj_address + 0x9C8, 0xFFFFFFFF); // TIME_ZONE_ID_INVALID + if (view_size) { view_size.write(shared_section_size); From 134b45d1e8107ad1637531c7d084fa22b1143ad3 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Wed, 23 Apr 2025 01:16:31 -0300 Subject: [PATCH 5/6] Fix vm crash when teb.ThreadLocalStoragePointer is null --- src/windows-emulator/syscalls/process.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/windows-emulator/syscalls/process.cpp b/src/windows-emulator/syscalls/process.cpp index dc648a8d..7b000840 100644 --- a/src/windows-emulator/syscalls/process.cpp +++ b/src/windows-emulator/syscalls/process.cpp @@ -309,6 +309,11 @@ namespace syscalls const auto tls_vector = teb.ThreadLocalStoragePointer; constexpr auto ptr_size = sizeof(EmulatorTraits::PVOID); + if (!tls_vector) + { + return; + } + if (tls_info.TlsRequest == ProcessTlsReplaceIndex) { const auto tls_entry_ptr = tls_vector + (tls_info.TlsIndex * ptr_size); From 44fcc9970d016844687dc01d4088339fad718a44 Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Wed, 23 Apr 2025 01:24:51 -0300 Subject: [PATCH 6/6] Fix failing checks --- src/tools/create-root.bat | 1 - src/windows-emulator/syscalls.cpp | 3 +-- src/windows-emulator/syscalls/section.cpp | 3 +-- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/tools/create-root.bat b/src/tools/create-root.bat index f326f6f8..c93361c2 100644 --- a/src/tools/create-root.bat +++ b/src/tools/create-root.bat @@ -26,7 +26,6 @@ COPY /B /Y C:\Users\Default\NTUSER.DAT "%EMU_REGDIR%\NTUSER.DAT" CALL :collect advapi32.dll CALL :collect bcrypt.dll -CALL :collect bcryptprimitives.dll CALL :collect cfgmgr32.dll CALL :collect ci.dll CALL :collect combase.dll diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index 17c723d2..ce138b95 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -259,8 +259,7 @@ namespace syscalls NTSTATUS handle_NtUnmapViewOfSection(const syscall_context& c, handle process_handle, uint64_t base_address); NTSTATUS handle_NtUnmapViewOfSectionEx(const syscall_context& c, handle process_handle, uint64_t base_address, ULONG /*flags*/); - NTSTATUS handle_NtAreMappedFilesTheSame(const syscall_context& c, emulator_pointer address1, - emulator_pointer address2); + NTSTATUS handle_NtAreMappedFilesTheSame(); // syscalls/semaphore.cpp: NTSTATUS handle_NtOpenSemaphore(const syscall_context& c, emulator_object semaphore_handle, diff --git a/src/windows-emulator/syscalls/section.cpp b/src/windows-emulator/syscalls/section.cpp index 61e935d5..d15e770a 100644 --- a/src/windows-emulator/syscalls/section.cpp +++ b/src/windows-emulator/syscalls/section.cpp @@ -308,8 +308,7 @@ namespace syscalls return handle_NtUnmapViewOfSection(c, process_handle, base_address); } - NTSTATUS handle_NtAreMappedFilesTheSame(const syscall_context& c, const emulator_pointer address1, - const emulator_pointer address2) + NTSTATUS handle_NtAreMappedFilesTheSame() { return STATUS_NOT_SUPPORTED; }