Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-18 19:23:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Formatting

Browse Source
This commit is contained in:
ahm3dgg
2026-01-07 08:23:00 +02:00
parent 1806eeb2e0
commit c3a760dace
6 changed files with 142 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/common/platform/win_pefile.hpp
View File

@@ -506,7 +506,7 @@ namespace winpe
pe32,
pe64
};
template <typename T>
inline uint64_t get_first_section_offset(const PENTHeaders_t<T>& nt_headers, const uint64_t nt_headers_offset)
{
@@ -528,8 +528,8 @@ namespace winpe
}
template <typename T>
IMAGE_SECTION_HEADER get_section_header_by_rva(const utils::safe_buffer_accessor<const std::byte>& buffer, const PENTHeaders_t<T>& nt_headers,
uint64_t nt_headers_offset, uint64_t rva)
IMAGE_SECTION_HEADER get_section_header_by_rva(const utils::safe_buffer_accessor<const std::byte>& buffer,
const PENTHeaders_t<T>& nt_headers, uint64_t nt_headers_offset, uint64_t rva)
{
IMAGE_SECTION_HEADER section_header = {};

2
src/windows-emulator/apiset/apiset.hpp
View File

@@ -34,4 +34,4 @@ namespace apiset
const API_SET_NAMESPACE& orig_api_set_map);
emulator_object<API_SET_NAMESPACE> clone(x86_64_emulator& emu, emulator_allocator& allocator, const container& container);
}
}

5
src/windows-emulator/module/module_manager.cpp
View File

@@ -220,7 +220,7 @@ mapped_module* module_manager::map_module_core(const pe_detection_result& detect
[[maybe_unused]] auto& strategy = strategy_factory_.get_strategy(detection_result.architecture);
mapped_module mod = mapper();
mod.is_static = is_static;
if (!mod.path.empty())
{
this->module_load_count[mod.path]++;
@@ -469,7 +469,8 @@ mapped_module* module_manager::map_module(const windows_path& file, const logger
}
// Refactored map_local_module using the new architecture
mapped_module* module_manager::map_local_module(const std::filesystem::path& file, const logger& logger, const bool is_static, bool allow_duplicate)
mapped_module* module_manager::map_local_module(const std::filesystem::path& file, const logger& logger, const bool is_static,
bool allow_duplicate)
{
auto local_file = weakly_canonical(absolute(file));

11
src/windows-emulator/module/module_manager.hpp
View File

@@ -91,12 +91,15 @@ class module_manager
module_manager(memory_manager& memory, file_system& file_sys, callbacks& cb);
void map_main_modules(const windows_path& executable_path, const windows_path& system32_path, const windows_path& syswow64_path, const logger& logger);
void map_main_modules(const windows_path& executable_path, const windows_path& system32_path, const windows_path& syswow64_path,
const logger& logger);
std::optional<uint64_t> get_module_load_count_by_path(const std::filesystem::path& path);
mapped_module* map_module(const windows_path& file, const logger& logger, bool is_static = false, bool allow_duplicate = false);
mapped_module* map_local_module(const std::filesystem::path& file, const logger& logger, bool is_static = false, bool allow_duplicate = false);
mapped_module* map_memory_module(uint64_t base_address, uint64_t image_size, const std::string& module_name, const logger& logger, bool is_static = false, bool allow_duplicate = false);
mapped_module* map_local_module(const std::filesystem::path& file, const logger& logger, bool is_static = false,
bool allow_duplicate = false);
mapped_module* map_memory_module(uint64_t base_address, uint64_t image_size, const std::string& module_name, const logger& logger,
bool is_static = false, bool allow_duplicate = false);
mapped_module* find_by_address(const uint64_t address)
{
@@ -156,7 +159,7 @@ class module_manager
mapped_module* executable{};
mapped_module* ntdll{};
mapped_module* win32u{};
std::unordered_map<windows_path, uint64_t> module_load_count;
std::unordered_map<windows_path, uint64_t> module_load_count;
// WOW64-specific modules (for validation and future use)
struct wow64_modules

254
src/windows-emulator/process_context.cpp
View File

@@ -179,7 +179,7 @@ namespace
return env_map;
}
uint32_t read_windows_build(registry_manager& registry)
uint32_t read_windows_build(registry_manager& registry)
{
const auto key = registry.get_key({R"(\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion)"});
@@ -211,16 +211,16 @@ namespace
for (size_t i = 0; i < api_set_map->Count; i++)
{
const auto entry = reinterpret_cast<const PAPI_SET_NAMESPACE_ENTRY>(reinterpret_cast<uint64_t>(api_set_map) +
api_set_map->EntryOffset + i * sizeof(API_SET_NAMESPACE_ENTRY));
const auto entry = reinterpret_cast<const PAPI_SET_NAMESPACE_ENTRY>(
reinterpret_cast<uint64_t>(api_set_map) + api_set_map->EntryOffset + i * sizeof(API_SET_NAMESPACE_ENTRY));
std::u16string name(reinterpret_cast<const char16_t*>(reinterpret_cast<uint64_t>(api_set_map) + entry->NameOffset),
entry->NameLength / sizeof(char16_t));
const auto value = reinterpret_cast<const PAPI_SET_VALUE_ENTRY>(reinterpret_cast<uint64_t>(api_set_map) + entry->ValueOffset +
(entry->ValueCount - 1) * sizeof(API_SET_VALUE_ENTRY));
(entry->ValueCount - 1) * sizeof(API_SET_VALUE_ENTRY));
std::u16string base_name(reinterpret_cast<const char16_t*>(reinterpret_cast<uint64_t>(api_set_map) + value->ValueOffset),
value->ValueLength / sizeof(char16_t));
value->ValueLength / sizeof(char16_t));
apiset[name + u".dll"] = base_name;
}
@@ -228,149 +228,149 @@ namespace
return apiset;
}
template<typename T>
void create_known_dlls_section_objects(
std::unordered_map<std::u16string, section>& knowndlls_section_objects,
registry_manager& registry,
const apiset::container& apiset_container,
const file_system& file_system,
bool is_wow64)
{
const auto* api_set_data = reinterpret_cast<const API_SET_NAMESPACE*>(apiset_container.data.data());
auto apiset = get_apiset_namespace_table(api_set_data);
template <typename T>
void create_known_dlls_section_objects(std::unordered_map<std::u16string, section>& knowndlls_section_objects,
registry_manager& registry, const apiset::container& apiset_container,
const file_system& file_system, bool is_wow64)
{
const auto* api_set_data = reinterpret_cast<const API_SET_NAMESPACE*>(apiset_container.data.data());
auto apiset = get_apiset_namespace_table(api_set_data);
std::unordered_set<std::u16string> visited_dlls;
windows_path system_root_path;
std::filesystem::path local_system_root_path;
std::unordered_set<std::u16string> visited_dlls;
windows_path system_root_path;
std::filesystem::path local_system_root_path;
if (is_wow64)
{
system_root_path = "C:\\Windows\\SysWOW64";
}
else
{
system_root_path = "C:\\Windows\\System32";
}
if (is_wow64)
{
system_root_path = "C:\\Windows\\SysWOW64";
}
else
{
system_root_path = "C:\\Windows\\System32";
}
std::optional<registry_key> knowndlls_key = registry.get_key( { R"(\Registry\Machine\System\CurrentControlSet\Control\Session Manager\KnownDLLs)" });
if (!knowndlls_key)
{
return;
}
std::optional<registry_key> knowndlls_key =
registry.get_key({R"(\Registry\Machine\System\CurrentControlSet\Control\Session Manager\KnownDLLs)"});
if (!knowndlls_key)
{
return;
}
local_system_root_path = file_system.translate(system_root_path);
for (size_t i = 0; const auto value_opt = registry.get_value(*knowndlls_key, i); i++)
{
const auto& value = *value_opt;
local_system_root_path = file_system.translate(system_root_path);
for (size_t i = 0; const auto value_opt = registry.get_value(*knowndlls_key, i); i++)
{
const auto& value = *value_opt;
if (value.type != REG_SZ && value.type != REG_EXPAND_SZ)
{
continue;
}
if (value.type != REG_SZ && value.type != REG_EXPAND_SZ)
{
continue;
}
if (value.data.empty() || value.data.size() % 2 != 0)
{
continue;
}
if (value.data.empty() || value.data.size() % 2 != 0)
{
continue;
}
const auto char_count = value.data.size() / sizeof(char16_t);
const auto* data_ptr = reinterpret_cast<const char16_t*>(value.data.data());
if (data_ptr[char_count - 1] != u'\0')
{
continue;
}
const auto char_count = value.data.size() / sizeof(char16_t);
const auto* data_ptr = reinterpret_cast<const char16_t*>(value.data.data());
if (data_ptr[char_count - 1] != u'\0')
{
continue;
}
auto known_dll_name = std::u16string(data_ptr, char_count - 1);
auto known_dll_path = local_system_root_path / known_dll_name;
auto known_dll_name = std::u16string(data_ptr, char_count - 1);
auto known_dll_path = local_system_root_path / known_dll_name;
if (!std::filesystem::exists(known_dll_path))
{
continue;
}
if (!std::filesystem::exists(known_dll_path))
{
continue;
}
utils::string::to_lower_inplace(known_dll_name);
if (visited_dlls.contains(known_dll_name))
{
continue;
}
utils::string::to_lower_inplace(known_dll_name);
if (visited_dlls.contains(known_dll_name))
{
continue;
}
auto file = utils::io::read_file(known_dll_path);
{
section s;
s.file_name = known_dll_path.u16string();
s.maximum_size = page_align_up(std::filesystem::file_size(s.file_name));
s.allocation_attributes = SEC_IMAGE;
s.section_page_protection = PAGE_EXECUTE;
s.cache_image_info_from_filedata(file);
knowndlls_section_objects[known_dll_name] = s;
}
auto file = utils::io::read_file(known_dll_path);
{
section s;
s.file_name = known_dll_path.u16string();
s.maximum_size = page_align_up(std::filesystem::file_size(s.file_name));
s.allocation_attributes = SEC_IMAGE;
s.section_page_protection = PAGE_EXECUTE;
s.cache_image_info_from_filedata(file);
knowndlls_section_objects[known_dll_name] = s;
}
utils::safe_buffer_accessor<const std::byte> buffer { file };
utils::safe_buffer_accessor<const std::byte> buffer{file};
const auto dos_header = buffer.as<PEDosHeader_t>(0).get();
const auto nt_headers_offset = dos_header.e_lfanew;
const auto nt_headers = buffer.as<PENTHeaders_t<T>>(nt_headers_offset).get();
const auto dos_header = buffer.as<PEDosHeader_t>(0).get();
const auto nt_headers_offset = dos_header.e_lfanew;
const auto nt_headers = buffer.as<PENTHeaders_t<T>>(nt_headers_offset).get();
const auto& import_directory_entry = winpe::get_data_directory_by_index(nt_headers, IMAGE_DIRECTORY_ENTRY_IMPORT);
if (!import_directory_entry.VirtualAddress)
{
continue;
}
const auto& import_directory_entry = winpe::get_data_directory_by_index(nt_headers, IMAGE_DIRECTORY_ENTRY_IMPORT);
if (!import_directory_entry.VirtualAddress)
{
continue;
}
const auto section_with_import_descs = winpe::get_section_header_by_rva(buffer, nt_headers, nt_headers_offset, import_directory_entry.VirtualAddress);
auto import_directory_vbase = section_with_import_descs.VirtualAddress;
auto import_directory_rbase = section_with_import_descs.PointerToRawData;
const auto section_with_import_descs =
winpe::get_section_header_by_rva(buffer, nt_headers, nt_headers_offset, import_directory_entry.VirtualAddress);
auto import_directory_vbase = section_with_import_descs.VirtualAddress;
auto import_directory_rbase = section_with_import_descs.PointerToRawData;
uint64_t import_directory_raw = rva_to_raw(import_directory_vbase, import_directory_rbase, import_directory_entry.VirtualAddress);
auto import_descriptors = buffer.as<IMAGE_IMPORT_DESCRIPTOR>(import_directory_raw);
for (size_t import_desc_index = 0;; import_desc_index++)
{
const auto descriptor = import_descriptors.get(import_desc_index);
if (!descriptor.Name)
{
break;
}
uint64_t import_directory_raw =
rva_to_raw(import_directory_vbase, import_directory_rbase, import_directory_entry.VirtualAddress);
auto import_descriptors = buffer.as<IMAGE_IMPORT_DESCRIPTOR>(import_directory_raw);
for (size_t import_desc_index = 0;; import_desc_index++)
{
const auto descriptor = import_descriptors.get(import_desc_index);
if (!descriptor.Name)
{
break;
}
auto known_dll_dep_name = buffer.as_string(rva_to_raw(import_directory_vbase, import_directory_rbase, descriptor.Name));
utils::string::to_lower_inplace(known_dll_dep_name);
auto known_dll_dep_name_16 = u8_to_u16(known_dll_dep_name);
auto known_dll_dep_name = buffer.as_string(rva_to_raw(import_directory_vbase, import_directory_rbase, descriptor.Name));
if (known_dll_dep_name_16.starts_with(u"api-") || known_dll_dep_name_16.starts_with(u"ext-"))
{
if (apiset.contains(known_dll_dep_name_16))
{
known_dll_dep_name_16 = apiset[known_dll_dep_name_16];
}
else
{
continue;
}
}
if (knowndlls_section_objects.contains(known_dll_dep_name_16))
{
continue;
}
utils::string::to_lower_inplace(known_dll_dep_name);
auto known_dll_dep_name_16 = u8_to_u16(known_dll_dep_name);
{
auto known_dll_dep_path = local_system_root_path / known_dll_dep_name_16;
auto file = utils::io::read_file(known_dll_dep_path);
if (known_dll_dep_name_16.starts_with(u"api-") || known_dll_dep_name_16.starts_with(u"ext-"))
{
if (apiset.contains(known_dll_dep_name_16))
{
known_dll_dep_name_16 = apiset[known_dll_dep_name_16];
}
else
{
continue;
}
}
section s;
s.file_name = known_dll_dep_path.u16string();
s.maximum_size = page_align_up(std::filesystem::file_size(s.file_name));
s.allocation_attributes = SEC_IMAGE;
s.section_page_protection = PAGE_EXECUTE;
s.cache_image_info_from_filedata(file);
knowndlls_section_objects[known_dll_dep_name_16] = s;
}
}
if (knowndlls_section_objects.contains(known_dll_dep_name_16))
{
continue;
}
visited_dlls.insert(known_dll_name);
}
}
{
auto known_dll_dep_path = local_system_root_path / known_dll_dep_name_16;
auto file = utils::io::read_file(known_dll_dep_path);
section s;
s.file_name = known_dll_dep_path.u16string();
s.maximum_size = page_align_up(std::filesystem::file_size(s.file_name));
s.allocation_attributes = SEC_IMAGE;
s.section_page_protection = PAGE_EXECUTE;
s.cache_image_info_from_filedata(file);
knowndlls_section_objects[known_dll_dep_name_16] = s;
}
}
visited_dlls.insert(known_dll_name);
}
}
}
void process_context::setup(x86_64_emulator& emu, memory_manager& memory, registry_manager& registry, const file_system& file_system,

2
src/windows-emulator/syscalls/section.cpp
View File

@@ -119,7 +119,7 @@ namespace syscalls
}
utils::string::to_lower_inplace(filename);
if (is_known_dll)
{
auto& knowndlls_sections = c.win_emu.process.knowndlls_sections;