From c4349bc4e674804ffc6f168e270e46ffa75548f9 Mon Sep 17 00:00:00 2001 From: momo5502 Date: Sat, 22 Mar 2025 20:29:12 +0100 Subject: [PATCH] Log message box strings --- src/windows-emulator/emulator_utils.hpp | 21 +++++++++++++++++++++ src/windows-emulator/windows_emulator.cpp | 10 ++++++++++ 2 files changed, 31 insertions(+) diff --git a/src/windows-emulator/emulator_utils.hpp b/src/windows-emulator/emulator_utils.hpp index e2e28995..42a36cdb 100644 --- a/src/windows-emulator/emulator_utils.hpp +++ b/src/windows-emulator/emulator_utils.hpp @@ -308,6 +308,27 @@ class emulator_allocator uint64_t active_address_{0}; }; +template +std::basic_string read_string(memory_manager& mem, const uint64_t address) +{ + std::basic_string result{}; + + for (size_t i = 0;; ++i) + { + Element element{}; + mem.read_memory(address + (i * sizeof(element)), &element, sizeof(element)); + + if (!element) + { + break; + } + + result.push_back(element); + } + + return result; +} + inline std::u16string read_unicode_string(const emulator& emu, const UNICODE_STRING> ucs) { static_assert(offsetof(UNICODE_STRING>, Length) == 0); diff --git a/src/windows-emulator/windows_emulator.cpp b/src/windows-emulator/windows_emulator.cpp index 5ff9d817..e7f85e1d 100644 --- a/src/windows-emulator/windows_emulator.cpp +++ b/src/windows-emulator/windows_emulator.cpp @@ -394,6 +394,16 @@ void windows_emulator::on_instruction_execution(const uint64_t address) log.print(is_interesting_call ? color::yellow : color::dark_gray, "Executing function: %s - %s (0x%" PRIx64 ") via (0x%" PRIx64 ") %s\n", binary->name.c_str(), export_entry->second.c_str(), address, return_address, mod_name); + + if (export_entry->second == "MessageBoxW") + { + log.log("--> %s\n", + u16_to_u8(read_string(this->memory, this->emu().reg(x64_register::rdx))).c_str()); + } + else if (export_entry->second == "MessageBoxA") + { + log.log("--> %s\n", read_string(this->memory, this->emu().reg(x64_register::rdx)).c_str()); + } } else if (address == binary->entry_point) {