Support for KnownDLLs and Some Refactoring

2026-01-26 23:11:01 +00:00 · 2026-01-07 07:34:34 +02:00
parent 67e130a3b8
commit f54bc3467f
8 changed files with 371 additions and 200 deletions
--- a/src/windows-emulator/windows_objects.hpp
+++ b/src/windows-emulator/windows_objects.hpp
@@ -5,6 +5,7 @@
 #include <serialization_helper.hpp>
 #include <utils/file_handle.hpp>
 #include <platform/synchronisation.hpp>
+#include <platform/win_pefile.hpp>

 struct timer : ref_counted_object
 {
@@ -220,33 +221,47 @@ struct section : ref_counted_object
    uint64_t maximum_size{};
    uint32_t section_page_protection{};
    uint32_t allocation_attributes{};
-
-    // Cached PE image information for image sections
-    struct image_info
-    {
-        uint64_t entry_point_rva{};
-        uint64_t image_base{};
-        uint64_t size_of_stack_reserve{};
-        uint64_t size_of_stack_commit{};
-        uint32_t size_of_code{};
-        uint32_t loader_flags{};
-        uint32_t checksum{};
-        uint16_t machine{};
-        uint16_t subsystem{};
-        uint16_t subsystem_major_version{};
-        uint16_t subsystem_minor_version{};
-        uint16_t image_characteristics{};
-        uint16_t dll_characteristics{};
-        bool has_code{false};
-        std::array<char, 7> _padding{};
-    };
-    std::optional<image_info> cached_image_info{};
+    std::optional<winpe::pe_image_basic_info> cached_image_info{};

    bool is_image() const
    {
        return this->allocation_attributes & SEC_IMAGE;
    }

+    void cache_image_info_from_filedata(const std::vector<std::byte>& file_data)
+    {
+        winpe::pe_image_basic_info info{};
+
+        // Read the PE magic to determine if it's 32-bit or 64-bit
+        bool parsed = false;
+        if (file_data.size() >= sizeof(PEDosHeader_t))
+        {
+            const auto* dos_header = reinterpret_cast<const PEDosHeader_t*>(file_data.data());
+            if (dos_header->e_magic == PEDosHeader_t::k_Magic &&
+                file_data.size() >= dos_header->e_lfanew + sizeof(uint32_t) + sizeof(PEFileHeader_t) + sizeof(uint16_t))
+            {
+                const auto* magic_ptr =
+                    reinterpret_cast<const uint16_t*>(file_data.data() + dos_header->e_lfanew + sizeof(uint32_t) + sizeof(PEFileHeader_t));
+                const uint16_t magic = *magic_ptr;
+
+                // Parse based on the actual PE type
+                if (magic == PEOptionalHeader_t<std::uint32_t>::k_Magic)
+                {
+                    parsed = winpe::parse_pe_headers<uint32_t>(file_data, info);
+                }
+                else if (magic == PEOptionalHeader_t<std::uint64_t>::k_Magic)
+                {
+                    parsed = winpe::parse_pe_headers<uint64_t>(file_data, info);
+                }
+            }
+        }
+
+        if (parsed)
+        {
+            this->cached_image_info = info;
+        }
+    }
+
    void serialize_object(utils::buffer_serializer& buffer) const override
    {
        buffer.write(this->name);
@@ -254,7 +269,7 @@ struct section : ref_counted_object
        buffer.write(this->maximum_size);
        buffer.write(this->section_page_protection);
        buffer.write(this->allocation_attributes);
-        buffer.write_optional<image_info>(this->cached_image_info);
+        buffer.write_optional<winpe::pe_image_basic_info>(this->cached_image_info);
    }

    void deserialize_object(utils::buffer_deserializer& buffer) override