Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-18 03:13:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Format all the code

Browse Source
This commit is contained in:
momo5502
2025-01-06 17:13:33 +01:00
parent 64c2a79f0f
commit bff8420ffd
100 changed files with 16439 additions and 14509 deletions
Download Patch File Download Diff File Expand all files Collapse all files

385
src/analyzer/main.cpp
View File

@@ -7,254 +7,247 @@
namespace
{
struct analysis_options
{
bool use_gdb{false};
bool concise_logging{false};
};
struct analysis_options
{
bool use_gdb{false};
bool concise_logging{false};
};
void watch_system_objects(windows_emulator& win_emu, const bool cache_logging)
{
(void)win_emu;
(void)cache_logging;
void watch_system_objects(windows_emulator& win_emu, const bool cache_logging)
{
(void)win_emu;
(void)cache_logging;
#ifdef OS_WINDOWS
watch_object(win_emu, *win_emu.current_thread().teb, cache_logging);
watch_object(win_emu, win_emu.process().peb, cache_logging);
watch_object(win_emu, emulator_object<KUSER_SHARED_DATA64>{win_emu.emu(), kusd_mmio::address()}, cache_logging);
watch_object(win_emu, *win_emu.current_thread().teb, cache_logging);
watch_object(win_emu, win_emu.process().peb, cache_logging);
watch_object(win_emu, emulator_object<KUSER_SHARED_DATA64>{win_emu.emu(), kusd_mmio::address()}, cache_logging);
auto* params_hook = watch_object(win_emu, win_emu.process().process_params, cache_logging);
auto* params_hook = watch_object(win_emu, win_emu.process().process_params, cache_logging);
win_emu.emu().hook_memory_write(win_emu.process().peb.value() + offsetof(PEB64, ProcessParameters), 0x8,
[&, cache_logging](const uint64_t address, size_t, const uint64_t value)
{
const auto target_address = win_emu.process().peb.value() + offsetof(
PEB64, ProcessParameters);
win_emu.emu().hook_memory_write(
win_emu.process().peb.value() + offsetof(PEB64, ProcessParameters), 0x8,
[&, cache_logging](const uint64_t address, size_t, const uint64_t value) {
const auto target_address = win_emu.process().peb.value() + offsetof(PEB64, ProcessParameters);
if (address == target_address)
{
const emulator_object<RTL_USER_PROCESS_PARAMETERS64> obj{
win_emu.emu(), value
};
if (address == target_address)
{
const emulator_object<RTL_USER_PROCESS_PARAMETERS64> obj{win_emu.emu(), value};
win_emu.emu().delete_hook(params_hook);
params_hook = watch_object(win_emu, obj, cache_logging);
}
});
win_emu.emu().delete_hook(params_hook);
params_hook = watch_object(win_emu, obj, cache_logging);
}
});
#endif
}
}
void run_emulation(windows_emulator& win_emu, const analysis_options& options)
{
try
{
if (options.use_gdb)
{
const auto* address = "127.0.0.1:28960";
win_emu.log.print(color::pink, "Waiting for GDB connection on %s...\n", address);
void run_emulation(windows_emulator& win_emu, const analysis_options& options)
{
try
{
if (options.use_gdb)
{
const auto* address = "127.0.0.1:28960";
win_emu.log.print(color::pink, "Waiting for GDB connection on %s...\n", address);
win_x64_gdb_stub_handler handler{win_emu};
run_gdb_stub(handler, "i386:x86-64", gdb_registers.size(), address);
}
else
{
win_emu.start();
}
}
catch (const std::exception& e)
{
win_emu.log.print(color::red, "Emulation failed at: 0x%" PRIx64 " - %s\n",
win_emu.emu().read_instruction_pointer(), e.what());
throw;
}
catch (...)
{
win_emu.log.print(color::red, "Emulation failed at: 0x%" PRIx64 "\n",
win_emu.emu().read_instruction_pointer());
throw;
}
win_x64_gdb_stub_handler handler{win_emu};
run_gdb_stub(handler, "i386:x86-64", gdb_registers.size(), address);
}
else
{
win_emu.start();
}
}
catch (const std::exception& e)
{
win_emu.log.print(color::red, "Emulation failed at: 0x%" PRIx64 " - %s\n",
win_emu.emu().read_instruction_pointer(), e.what());
throw;
}
catch (...)
{
win_emu.log.print(color::red, "Emulation failed at: 0x%" PRIx64 "\n",
win_emu.emu().read_instruction_pointer());
throw;
}
const auto exit_status = win_emu.process().exit_status;
if (exit_status.has_value())
{
win_emu.log.print(color::red, "Emulation terminated with status: %X\n", *exit_status);
}
else
{
win_emu.log.print(color::red, "Emulation terminated without status!\n");
}
}
const auto exit_status = win_emu.process().exit_status;
if (exit_status.has_value())
{
win_emu.log.print(color::red, "Emulation terminated with status: %X\n", *exit_status);
}
else
{
win_emu.log.print(color::red, "Emulation terminated without status!\n");
}
}
std::vector<std::u16string> parse_arguments(const std::span<const std::string_view> args)
{
std::vector<std::u16string> wide_args{};
wide_args.reserve(args.size() - 1);
std::vector<std::u16string> parse_arguments(const std::span<const std::string_view> args)
{
std::vector<std::u16string> wide_args{};
wide_args.reserve(args.size() - 1);
for (size_t i = 1; i < args.size(); ++i)
{
const auto& arg = args[i];
wide_args.emplace_back(arg.begin(), arg.end());
}
for (size_t i = 1; i < args.size(); ++i)
{
const auto& arg = args[i];
wide_args.emplace_back(arg.begin(), arg.end());
}
return wide_args;
}
return wide_args;
}
void run(const analysis_options& options, const std::span<const std::string_view> args)
{
if (args.empty())
{
return;
}
void run(const analysis_options& options, const std::span<const std::string_view> args)
{
if (args.empty())
{
return;
}
emulator_settings settings{
.application = args[0],
.arguments = parse_arguments(args),
.silent_until_main = options.concise_logging,
};
emulator_settings settings{
.application = args[0],
.arguments = parse_arguments(args),
.silent_until_main = options.concise_logging,
};
windows_emulator win_emu{std::move(settings)};
windows_emulator win_emu{std::move(settings)};
(void)&watch_system_objects;
watch_system_objects(win_emu, options.concise_logging);
win_emu.buffer_stdout = true;
//win_emu.verbose_calls = true;
(void)&watch_system_objects;
watch_system_objects(win_emu, options.concise_logging);
win_emu.buffer_stdout = true;
// win_emu.verbose_calls = true;
const auto& exe = *win_emu.process().executable;
const auto& exe = *win_emu.process().executable;
const auto concise_logging = options.concise_logging;
const auto concise_logging = options.concise_logging;
for (const auto& section : exe.sections)
{
if ((section.region.permissions & memory_permission::exec) != memory_permission::exec)
{
continue;
}
for (const auto& section : exe.sections)
{
if ((section.region.permissions & memory_permission::exec) != memory_permission::exec)
{
continue;
}
auto read_handler = [&, section, concise_logging](const uint64_t address, size_t, uint64_t)
{
const auto rip = win_emu.emu().read_instruction_pointer();
if (win_emu.process().mod_manager.find_by_address(rip) != win_emu.process().executable)
{
return;
}
auto read_handler = [&, section, concise_logging](const uint64_t address, size_t, uint64_t) {
const auto rip = win_emu.emu().read_instruction_pointer();
if (win_emu.process().mod_manager.find_by_address(rip) != win_emu.process().executable)
{
return;
}
if (concise_logging)
{
static uint64_t count{0};
++count;
if (count > 100 && count % 10000 != 0) return;
}
if (concise_logging)
{
static uint64_t count{0};
++count;
if (count > 100 && count % 10000 != 0)
return;
}
win_emu.log.print(
color::green,
"Reading from executable section %s at 0x%" PRIx64 " via 0x%" PRIx64 "\n",
section.name.c_str(), address, rip);
};
win_emu.log.print(color::green,
"Reading from executable section %s at 0x%" PRIx64 " via 0x%" PRIx64 "\n",
section.name.c_str(), address, rip);
};
const auto write_handler = [&, section, concise_logging](const uint64_t address, size_t, uint64_t)
{
const auto rip = win_emu.emu().read_instruction_pointer();
if (win_emu.process().mod_manager.find_by_address(rip) != win_emu.process().executable)
{
return;
}
const auto write_handler = [&, section, concise_logging](const uint64_t address, size_t, uint64_t) {
const auto rip = win_emu.emu().read_instruction_pointer();
if (win_emu.process().mod_manager.find_by_address(rip) != win_emu.process().executable)
{
return;
}
if (concise_logging)
{
static uint64_t count{0};
++count;
if (count > 100 && count % 10000 != 0) return;
}
if (concise_logging)
{
static uint64_t count{0};
++count;
if (count > 100 && count % 10000 != 0)
return;
}
win_emu.log.print(
color::blue,
"Writing to executable section %s at 0x%" PRIx64 " via 0x%" PRIx64 "\n",
section.name.c_str(), address, rip);
};
win_emu.log.print(color::blue, "Writing to executable section %s at 0x%" PRIx64 " via 0x%" PRIx64 "\n",
section.name.c_str(), address, rip);
};
win_emu.emu().hook_memory_read(section.region.start, section.region.length, std::move(read_handler));
win_emu.emu().hook_memory_write(section.region.start, section.region.length, std::move(write_handler));
}
win_emu.emu().hook_memory_read(section.region.start, section.region.length, std::move(read_handler));
win_emu.emu().hook_memory_write(section.region.start, section.region.length, std::move(write_handler));
}
run_emulation(win_emu, options);
}
run_emulation(win_emu, options);
}
std::vector<std::string_view> bundle_arguments(const int argc, char** argv)
{
std::vector<std::string_view> args{};
std::vector<std::string_view> bundle_arguments(const int argc, char** argv)
{
std::vector<std::string_view> args{};
for (int i = 1; i < argc; ++i)
{
args.push_back(argv[i]);
}
for (int i = 1; i < argc; ++i)
{
args.push_back(argv[i]);
}
return args;
}
return args;
}
analysis_options parse_options(std::vector<std::string_view>& args)
{
analysis_options options{};
analysis_options parse_options(std::vector<std::string_view>& args)
{
analysis_options options{};
while (!args.empty())
{
auto arg_it = args.begin();
const auto& arg = *arg_it;
while (!args.empty())
{
auto arg_it = args.begin();
const auto& arg = *arg_it;
if (arg == "-d")
{
options.use_gdb = true;
}
else if (arg == "-c")
{
options.concise_logging = true;
}
else
{
break;
}
if (arg == "-d")
{
options.use_gdb = true;
}
else if (arg == "-c")
{
options.concise_logging = true;
}
else
{
break;
}
args.erase(arg_it);
}
args.erase(arg_it);
}
return options;
}
return options;
}
}
int main(const int argc, char** argv)
{
try
{
auto args = bundle_arguments(argc, argv);
const auto options = parse_options(args);
try
{
auto args = bundle_arguments(argc, argv);
const auto options = parse_options(args);
if (args.empty())
{
throw std::runtime_error("Application not specified!");
}
if (args.empty())
{
throw std::runtime_error("Application not specified!");
}
do
{
run(options, args);
}
while (options.use_gdb);
do
{
run(options, args);
} while (options.use_gdb);
return 0;
}
catch (std::exception& e)
{
puts(e.what());
return 0;
}
catch (std::exception& e)
{
puts(e.what());
#if defined(_WIN32) && 0
MessageBoxA(nullptr, e.what(), "ERROR", MB_ICONERROR);
MessageBoxA(nullptr, e.what(), "ERROR", MB_ICONERROR);
#endif
}
}
return 1;
return 1;
}
#ifdef _WIN32
int WINAPI WinMain(HINSTANCE, HINSTANCE, PSTR, int)
{
return main(__argc, __argv);
return main(__argc, __argv);
}
#endif