From acb65dc10d7fdd094967899d50fec552091f2e63 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Wed, 9 Jul 2025 21:15:47 +0200
Subject: [PATCH] Log message box arguments

---
 src/analyzer/analysis.cpp               | 38 +++++++++++++++++++++----
 src/windows-emulator/emulator_utils.hpp | 18 ++++++++++++
 src/windows-emulator/syscall_utils.hpp  | 14 +--------
 3 files changed, 51 insertions(+), 19 deletions(-)

diff --git a/src/analyzer/analysis.cpp b/src/analyzer/analysis.cpp
index 4b02f8c7..f8a307ac 100644
--- a/src/analyzer/analysis.cpp
+++ b/src/analyzer/analysis.cpp
@@ -113,16 +113,42 @@ namespace
         c.win_emu->log.log("Unmapping %s (0x%" PRIx64 ")\n", mod.path.generic_string().c_str(), mod.image_base);
     }
 
+    void print_string(logger& log, const std::string_view str)
+    {
+        log.print(color::dark_gray, "--> %.*s\n", STR_VIEW_VA(str));
+    }
+
+    void print_string(logger& log, const std::u16string_view str)
+    {
+        print_string(log, u16_to_u8(str));
+    }
+
+    template <typename CharType = char>
+    void print_arg_as_string(windows_emulator& win_emu, size_t index)
+    {
+        const auto var_ptr = get_function_argument(win_emu.emu(), index);
+        if (var_ptr)
+        {
+            const auto str = read_string<CharType>(win_emu.memory, var_ptr);
+            print_string(win_emu.log, str);
+        }
+    }
+
     void handle_function_details(analysis_context& c, const std::string_view function)
     {
         if (function == "GetEnvironmentVariableA" || function == "ExpandEnvironmentStringsA")
         {
-            const auto var_ptr = c.win_emu->emu().reg(x86_register::rcx);
-            if (var_ptr)
-            {
-                const auto variable = read_string<char>(c.win_emu->memory, var_ptr);
-                c.win_emu->log.print(color::dark_gray, "--> %s\n", variable.c_str());
-            }
+            print_arg_as_string(*c.win_emu, 0);
+        }
+        else if (function == "MessageBoxA")
+        {
+            print_arg_as_string(*c.win_emu, 2);
+            print_arg_as_string(*c.win_emu, 1);
+        }
+        else if (function == "MessageBoxW")
+        {
+            print_arg_as_string<char16_t>(*c.win_emu, 2);
+            print_arg_as_string<char16_t>(*c.win_emu, 1);
         }
     }
 
diff --git a/src/windows-emulator/emulator_utils.hpp b/src/windows-emulator/emulator_utils.hpp
index 3e4e15c1..246f3b1c 100644
--- a/src/windows-emulator/emulator_utils.hpp
+++ b/src/windows-emulator/emulator_utils.hpp
@@ -5,6 +5,7 @@
 #include "memory_manager.hpp"
 #include "memory_utils.hpp"
 #include "address_utils.hpp"
+#include "x86_register.hpp"
 
 #include <utils/time.hpp>
 
@@ -367,3 +368,20 @@ inline std::u16string read_unicode_string(emulator& emu, const uint64_t uc_strin
 {
     return read_unicode_string(emu, emulator_object<UNICODE_STRING<EmulatorTraits<Emu64>>>{emu, uc_string});
 }
+
+inline uint64_t get_function_argument(x86_64_emulator& emu, const size_t index, bool is_syscall = false)
+{
+    switch (index)
+    {
+    case 0:
+        return emu.reg(is_syscall ? x86_register::r10 : x86_register::rcx);
+    case 1:
+        return emu.reg(x86_register::rdx);
+    case 2:
+        return emu.reg(x86_register::r8);
+    case 3:
+        return emu.reg(x86_register::r9);
+    default:
+        return emu.read_stack(index + 1);
+    }
+}
diff --git a/src/windows-emulator/syscall_utils.hpp b/src/windows-emulator/syscall_utils.hpp
index 73ae4812..14395c59 100644
--- a/src/windows-emulator/syscall_utils.hpp
+++ b/src/windows-emulator/syscall_utils.hpp
@@ -15,19 +15,7 @@ struct syscall_context
 
 inline uint64_t get_syscall_argument(x86_64_emulator& emu, const size_t index)
 {
-    switch (index)
-    {
-    case 0:
-        return emu.reg(x86_register::r10);
-    case 1:
-        return emu.reg(x86_register::rdx);
-    case 2:
-        return emu.reg(x86_register::r8);
-    case 3:
-        return emu.reg(x86_register::r9);
-    default:
-        return emu.read_stack(index + 1);
-    }
+    return get_function_argument(emu, index, true);
 }
 
 inline bool is_uppercase(const char character)