From b00f40aba7c58c19e2bbf6314b6a5e9b63d25991 Mon Sep 17 00:00:00 2001
From: thejanit0r <thejanit0r@localhost>
Date: Sun, 4 Jan 2026 04:31:49 +0100
Subject: [PATCH] Added support for NtCreateDirectoryObject

---
 src/windows-emulator/syscalls.cpp      |  4 ++++
 src/windows-emulator/syscalls/file.cpp | 14 ++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp
index 9ee433c0..55944b26 100644
--- a/src/windows-emulator/syscalls.cpp
+++ b/src/windows-emulator/syscalls.cpp
@@ -83,6 +83,9 @@ namespace syscalls
     NTSTATUS handle_NtOpenDirectoryObject(const syscall_context& c, emulator_object<handle> directory_handle,
                                           ACCESS_MASK /*desired_access*/,
                                           emulator_object<OBJECT_ATTRIBUTES<EmulatorTraits<Emu64>>> object_attributes);
+    NTSTATUS handle_NtCreateDirectoryObject(const syscall_context& /*c*/, emulator_object<handle> /*directory_handle*/,
+                                          ACCESS_MASK /*desired_access*/,
+                                          emulator_object<OBJECT_ATTRIBUTES<EmulatorTraits<Emu64>>> object_attributes);
     NTSTATUS handle_NtOpenSymbolicLinkObject(const syscall_context& c, emulator_object<handle> link_handle, ACCESS_MASK /*desired_access*/,
                                              emulator_object<OBJECT_ATTRIBUTES<EmulatorTraits<Emu64>>> object_attributes);
     NTSTATUS handle_NtQuerySymbolicLinkObject(const syscall_context& c, handle link_handle,
@@ -1056,6 +1059,7 @@ void syscall_dispatcher::add_handlers(std::map<std::string, syscall_handler>& ha
     add_handler(NtProtectVirtualMemory);
     add_handler(NtLockVirtualMemory);
     add_handler(NtOpenDirectoryObject);
+    add_handler(NtCreateDirectoryObject);
     add_handler(NtTraceEvent);
     add_handler(NtAllocateVirtualMemoryEx);
     add_handler(NtCreateIoCompletion);
diff --git a/src/windows-emulator/syscalls/file.cpp b/src/windows-emulator/syscalls/file.cpp
index 43fe8497..0d095ec5 100644
--- a/src/windows-emulator/syscalls/file.cpp
+++ b/src/windows-emulator/syscalls/file.cpp
@@ -1220,6 +1220,20 @@ namespace syscalls
         return STATUS_NOT_SUPPORTED;
     }
 
+    NTSTATUS handle_NtCreateDirectoryObject(const syscall_context& /*c*/, const emulator_object<handle> /*directory_handle*/,
+                                          const ACCESS_MASK /*desired_access*/,
+                                          const emulator_object<OBJECT_ATTRIBUTES<EmulatorTraits<Emu64>>> object_attributes)
+    {
+        const auto attributes = object_attributes.read();
+
+        if (attributes.ObjectName == 0)
+        {
+            return STATUS_INVALID_PARAMETER;
+        }
+
+        return STATUS_NOT_SUPPORTED;
+    }
+
     NTSTATUS handle_NtOpenSymbolicLinkObject(const syscall_context& c, const emulator_object<handle> link_handle,
                                              ACCESS_MASK /*desired_access*/,
                                              const emulator_object<OBJECT_ATTRIBUTES<EmulatorTraits<Emu64>>> object_attributes)