Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-09 23:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added additional vmp compatibility (#679)

Browse Source
This commit is contained in:
Maurice Heumann
2026-01-04 15:01:35 +01:00
committed by GitHub
parent e396192fbb 3b68260921
commit ec0d626a96
5 changed files with 39 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/common/platform/status.hpp
View File

@@ -11,6 +11,7 @@ using NTSTATUS = std::uint32_t;
#define STATUS_PENDING ((NTSTATUS)0x00000103L)
#define STATUS_GUARD_PAGE_VIOLATION ((NTSTATUS)0x80000001L)
#define STATUS_DATATYPE_MISALIGNMENT ((NTSTATUS)0x80000002L)
#define STATUS_BREAKPOINT ((NTSTATUS)0x80000003L)
#define STATUS_SINGLE_STEP ((NTSTATUS)0x80000004L)

4
src/windows-emulator/memory_utils.hpp
View File

@@ -31,6 +31,10 @@ inline std::optional<nt_memory_permission> try_map_nt_to_emulator_protection(uin
ext = memory_permission_ext::guard;
}
// Remove the highest nibble since we are not currently handling those memory protection constants
// https://github.com/winsiderss/phnt/blob/master/ntmmapi.h#L26
nt_protection &= ~0xF0000000;
memory_permission common = memory_permission::none;
switch (nt_protection)
{

4
src/windows-emulator/syscalls/object.cpp
View File

@@ -8,8 +8,10 @@ namespace syscalls
{
const auto value = h.value;
if (h.h == 0xDEADC0DE)
if (h.h == 0xDEADC0DE || h.h == 0xDEADBEEF)
{
c.win_emu.callbacks.on_suspicious_activity("Anti-debug check with invalid handle");
return STATUS_INVALID_HANDLE;
}

30
src/windows-emulator/syscalls/process.cpp
View File

@@ -15,6 +15,8 @@ namespace syscalls
return STATUS_NOT_SUPPORTED;
}
const auto return_length_info = c.win_emu.memory.get_region_info(return_length.value());
switch (info_class)
{
case ProcessExecuteFlags:
@@ -62,6 +64,24 @@ namespace syscalls
});
case ProcessDebugObjectHandle:
c.win_emu.callbacks.on_suspicious_activity("Anti-debug check with ProcessDebugObjectHandle");
if ((process_information & 3) != 0)
{
return STATUS_DATATYPE_MISALIGNMENT;
}
if (return_length.value() == 0)
{
return STATUS_PORT_NOT_SET;
}
if (!return_length_info.is_reserved)
{
return STATUS_ACCESS_VIOLATION;
}
return handle_query<handle>(c.emu, process_information, process_information_length, return_length, [](handle& h) {
h = NULL_HANDLE;
return STATUS_PORT_NOT_SET;
@@ -75,6 +95,13 @@ namespace syscalls
});
case ProcessDebugPort:
c.win_emu.callbacks.on_suspicious_activity("Anti-debug check with ProcessDebugPort");
return handle_query<EmulatorTraits<Emu64>::PVOID>(c.emu, process_information, process_information_length, return_length,
[](EmulatorTraits<Emu64>::PVOID& ptr) {
ptr = 0; //
});
case ProcessDeviceMap:
return handle_query<EmulatorTraits<Emu64>::PVOID>(c.emu, process_information, process_information_length, return_length,
[](EmulatorTraits<Emu64>::PVOID& ptr) {
@@ -202,7 +229,7 @@ namespace syscalls
|| info_class == ProcessDynamicFunctionTableInformation //
|| info_class == ProcessPriorityBoost //
|| info_class == ProcessPriorityClassEx //
|| info_class == ProcessPriorityClass)
|| info_class == ProcessPriorityClass || info_class == ProcessAffinityMask)
{
return STATUS_SUCCESS;
}
@@ -333,6 +360,7 @@ namespace syscalls
PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION info;
c.emu.read_memory(process_information, &info, sizeof(PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION));
c.win_emu.callbacks.on_suspicious_activity("Setting ProcessInstrumentationCallback");
c.proc.instrumentation_callback = info.Callback;

2
src/windows-emulator/syscalls/thread.cpp
View File

@@ -309,6 +309,8 @@ namespace syscalls
const emulator_object<BOOLEAN> info{c.emu, thread_information};
info.write(cur_emulator_thread.debugger_hide);
c.win_emu.callbacks.on_suspicious_activity("Checking if the thread is hidden from the debugger");
return STATUS_SUCCESS;
}