From f087d3998ad6693ed2956051d140500c79d651f4 Mon Sep 17 00:00:00 2001 From: Maurice Heumann Date: Mon, 7 Apr 2025 15:17:52 +0200 Subject: [PATCH] Ignore certain function calls --- src/analyzer/main.cpp | 11 +++++++++++ src/windows-emulator/windows_emulator.cpp | 7 ++++--- src/windows-emulator/windows_emulator.hpp | 2 ++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/analyzer/main.cpp b/src/analyzer/main.cpp index 3c27000b..671017b3 100644 --- a/src/analyzer/main.cpp +++ b/src/analyzer/main.cpp @@ -22,6 +22,7 @@ namespace std::string registry_path{"./registry"}; std::string emulation_root{}; std::set> modules{}; + std::set> ignored_functions{}; std::unordered_map path_mappings{}; }; @@ -172,6 +173,7 @@ namespace .silent_until_main = options.concise_logging, .path_mappings = options.path_mappings, .modules = options.modules, + .ignored_functions = options.ignored_functions, }; } @@ -353,6 +355,15 @@ namespace arg_it = args.erase(arg_it); options.dump = args[0]; } + else if (arg == "-i") + { + if (args.size() < 2) + { + throw std::runtime_error("No ignored function provided after -i"); + } + arg_it = args.erase(arg_it); + options.ignored_functions.emplace(args[0]); + } else if (arg == "-p") { if (args.size() < 3) diff --git a/src/windows-emulator/windows_emulator.cpp b/src/windows-emulator/windows_emulator.cpp index 9b200b63..00bcf949 100644 --- a/src/windows-emulator/windows_emulator.cpp +++ b/src/windows-emulator/windows_emulator.cpp @@ -241,7 +241,9 @@ windows_emulator::windows_emulator(const emulator_settings& settings, emulator_c memory(*this->emu_), registry(emulation_root.empty() ? settings.registry_directory : emulation_root / "registry"), mod_manager(memory, file_sys, this->callbacks), - process(*this->emu_, memory, *this->clock_, this->callbacks) + process(*this->emu_, memory, *this->clock_, this->callbacks), + modules_(settings.modules), + ignored_functions_(settings.ignored_functions) { #ifndef OS_WINDOWS if (this->emulation_root.empty()) @@ -264,7 +266,6 @@ windows_emulator::windows_emulator(const emulator_settings& settings, emulator_c this->silent_until_main_ = settings.silent_until_main && !settings.disable_logging; this->use_relative_time_ = settings.use_relative_time; this->log.disable_output(settings.disable_logging || this->silent_until_main_); - this->modules_ = settings.modules; this->setup_hooks(); } @@ -393,7 +394,7 @@ void windows_emulator::on_instruction_execution(const uint64_t address) if (binary) { const auto export_entry = binary->address_names.find(address); - if (export_entry != binary->address_names.end()) + if (export_entry != binary->address_names.end() && !this->ignored_functions_.contains(export_entry->second)) { const auto rsp = this->emu().read_stack_pointer(); diff --git a/src/windows-emulator/windows_emulator.hpp b/src/windows-emulator/windows_emulator.hpp index 53c17f5c..986f0be7 100644 --- a/src/windows-emulator/windows_emulator.hpp +++ b/src/windows-emulator/windows_emulator.hpp @@ -44,6 +44,7 @@ struct emulator_settings std::unordered_map port_mappings{}; std::unordered_map path_mappings{}; std::set> modules{}; + std::set> ignored_functions{}; }; struct emulator_interfaces @@ -194,6 +195,7 @@ class windows_emulator std::unordered_map port_mappings_{}; std::set> modules_{}; + std::set> ignored_functions_{}; std::vector process_snapshot_{}; // std::optional process_snapshot_{};