From a629f77e31ef4a40ebe8e8b845d398478ecc6bdd Mon Sep 17 00:00:00 2001 From: Igor Pissolati Date: Mon, 28 Apr 2025 12:48:28 -0300 Subject: [PATCH] Miscellaneous fixes --- src/windows-emulator/syscalls.cpp | 2 ++ src/windows-emulator/syscalls/file.cpp | 39 ++++++++++++++++++----- src/windows-emulator/syscalls/process.cpp | 5 +++ src/windows-emulator/windows_emulator.cpp | 15 ++++++++- 4 files changed, 52 insertions(+), 9 deletions(-) diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index 610361ca..0090997f 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -215,6 +215,7 @@ namespace syscalls emulator_object return_length); NTSTATUS handle_NtSetInformationProcess(const syscall_context& c, handle process_handle, uint32_t info_class, uint64_t process_information, uint32_t process_information_length); + NTSTATUS handle_NtOpenProcess(); NTSTATUS handle_NtOpenProcessToken(const syscall_context&, handle process_handle, ACCESS_MASK /*desired_access*/, emulator_object token_handle); NTSTATUS handle_NtOpenProcessTokenEx(const syscall_context& c, handle process_handle, ACCESS_MASK desired_access, @@ -769,6 +770,7 @@ void syscall_dispatcher::add_handlers(std::map& ha add_handler(NtCreateFile); add_handler(NtDeviceIoControlFile); add_handler(NtQueryWnfStateData); + add_handler(NtOpenProcess); add_handler(NtOpenProcessToken); add_handler(NtOpenProcessTokenEx); add_handler(NtQuerySecurityAttributesToken); diff --git a/src/windows-emulator/syscalls/file.cpp b/src/windows-emulator/syscalls/file.cpp index 4d58646d..6c3dcd41 100644 --- a/src/windows-emulator/syscalls/file.cpp +++ b/src/windows-emulator/syscalls/file.cpp @@ -140,9 +140,20 @@ namespace syscalls { if (!f->enumeration_state || query_flags & SL_RESTART_SCAN) { + const auto mask = file_mask ? read_unicode_string(c.emu, file_mask) : u""; + + if (!mask.empty()) + { + c.win_emu.log.print(color::dark_gray, "--> Enumerating directory: %s (Mask: \"%s\")\n", + u16_to_u8(f->name).c_str(), u16_to_u8(mask).c_str()); + } + else + { + c.win_emu.log.print(color::dark_gray, "--> Enumerating directory: %s\n", u16_to_u8(f->name).c_str()); + } + f->enumeration_state.emplace(file_enumeration_state{}); - f->enumeration_state->files = scan_directory(c.win_emu.file_sys.translate(f->name), - file_mask ? read_unicode_string(c.emu, file_mask) : u""); + f->enumeration_state->files = scan_directory(c.win_emu.file_sys.translate(f->name), mask); } auto& enum_state = *f->enumeration_state; @@ -154,6 +165,10 @@ namespace syscalls if (current_index >= enum_state.files.size()) { + IO_STATUS_BLOCK> block{}; + block.Information = 0; + io_status_block.write(block); + return STATUS_NO_MORE_FILES; } @@ -191,11 +206,7 @@ namespace syscalls T info{}; info.NextEntryOffset = 0; info.FileIndex = static_cast(current_index); - info.FileAttributes = FILE_ATTRIBUTE_NORMAL; - if (current_file.is_directory) - { - info.FileAttributes |= FILE_ATTRIBUTE_DIRECTORY; - } + info.FileAttributes = current_file.is_directory ? FILE_ATTRIBUTE_DIRECTORY : FILE_ATTRIBUTE_NORMAL; info.FileNameLength = static_cast(file_name.size() * 2); info.EndOfFile.QuadPart = current_file.file_size; @@ -722,9 +733,21 @@ namespace syscalls return STATUS_INVALID_PARAMETER; } - const auto filename = read_unicode_string( + auto filename = read_unicode_string( c.emu, emulator_object>>{c.emu, attributes.ObjectName}); + if (attributes.RootDirectory) + { + const auto* root = c.proc.files.get(attributes.RootDirectory); + if (!root) + { + return STATUS_INVALID_HANDLE; + } + + const auto has_separator = root->name.ends_with(u"\\") || root->name.ends_with(u"/"); + filename = root->name + (has_separator ? u"" : u"\\") + filename; + } + c.win_emu.log.print(color::dark_gray, "--> Querying file attributes: %s\n", u16_to_u8(filename).c_str()); const auto local_filename = c.win_emu.file_sys.translate(filename).string(); diff --git a/src/windows-emulator/syscalls/process.cpp b/src/windows-emulator/syscalls/process.cpp index 7b000840..46c58f0c 100644 --- a/src/windows-emulator/syscalls/process.cpp +++ b/src/windows-emulator/syscalls/process.cpp @@ -348,6 +348,11 @@ namespace syscalls return STATUS_NOT_SUPPORTED; } + NTSTATUS handle_NtOpenProcess() + { + return STATUS_NOT_SUPPORTED; + } + NTSTATUS handle_NtOpenProcessToken(const syscall_context&, const handle process_handle, const ACCESS_MASK /*desired_access*/, const emulator_object token_handle) { diff --git a/src/windows-emulator/windows_emulator.cpp b/src/windows-emulator/windows_emulator.cpp index 57768e52..9824a9b3 100644 --- a/src/windows-emulator/windows_emulator.cpp +++ b/src/windows-emulator/windows_emulator.cpp @@ -515,6 +515,7 @@ void windows_emulator::setup_hooks() this->emu().hook_interrupt([&](const int interrupt) { const auto rip = this->emu().read_instruction_pointer(); + const auto eflags = this->emu().reg(x86_register::eflags); switch (interrupt) { @@ -522,7 +523,15 @@ void windows_emulator::setup_hooks() dispatch_integer_division_by_zero(this->emu(), this->process); return; case 1: - this->log.print(color::pink, "Singlestep: 0x%" PRIx64 "\n", rip); + if ((eflags & 0x100) != 0) + { + this->log.print(color::pink, "Singlestep (Trap Flag): 0x%" PRIx64 "\n", rip); + this->emu().reg(x86_register::eflags, eflags & ~0x100); + } + else + { + this->log.print(color::pink, "Singlestep: 0x%" PRIx64 "\n", rip); + } dispatch_single_step(this->emu(), this->process); return; case 3: @@ -532,6 +541,10 @@ void windows_emulator::setup_hooks() case 6: dispatch_illegal_instruction_violation(this->emu(), this->process); return; + case 45: + this->log.print(color::pink, "DbgPrint: 0x%" PRIx64 "\n", rip); + dispatch_breakpoint(this->emu(), this->process); + return; default: break; }