Separated KnownDLLs and KnownDLLs32

2026-01-19 03:33:56 +00:00 · 2026-01-07 19:36:11 +02:00
parent 72ea3e0f0d
commit fdcc7455a1
3 changed files with 27 additions and 17 deletions
--- a/src/windows-emulator/process_context.cpp
+++ b/src/windows-emulator/process_context.cpp
@@ -574,14 +574,8 @@ void process_context::setup(x86_64_emulator& emu, memory_manager& memory, regist
        }
    }

-    if (is_wow64_process)
-    {
-        create_known_dlls_section_objects<uint32_t>(this->knowndlls_sections, registry, apiset_container, file_system, is_wow64_process);
-    }
-    else
-    {
-        create_known_dlls_section_objects<uint64_t>(this->knowndlls_sections, registry, apiset_container, file_system, is_wow64_process);
-    }
+    create_known_dlls_section_objects<uint32_t>(this->knowndlls32_sections, registry, apiset_container, file_system, true);
+    create_known_dlls_section_objects<uint64_t>(this->knowndlls64_sections, registry, apiset_container, file_system, false);

    this->ntdll_image_base = ntdll.image_base;
    this->ldr_initialize_thunk = ntdll.find_export("LdrInitializeThunk");
--- a/src/windows-emulator/process_context.hpp
+++ b/src/windows-emulator/process_context.hpp
@@ -34,6 +34,7 @@
 struct emulator_settings;
 struct application_settings;

+using knowndlls_map = std::unordered_map<std::u16string, section>;
 struct process_context
 {
    struct callbacks
@@ -140,7 +141,9 @@ struct process_context
    handle_store<handle_types::timer, timer> timers{};
    handle_store<handle_types::registry, registry_key, 2> registry_keys{};
    std::map<uint16_t, atom_entry> atoms{};
-    std::unordered_map<std::u16string, section> knowndlls_sections;
+
+    knowndlls_map knowndlls32_sections;
+    knowndlls_map knowndlls64_sections;

    std::vector<std::byte> default_register_set{};

--- a/src/windows-emulator/syscalls/section.cpp
+++ b/src/windows-emulator/syscalls/section.cpp
@@ -119,25 +119,38 @@ namespace syscalls
        }

        utils::string::to_lower_inplace(filename);
-
-        if (is_known_dll)
+        if (is_known_dll && filename.starts_with(u"win32u.dll"))
        {
-            auto& knowndlls_sections = c.win_emu.process.knowndlls_sections;
+            return STATUS_OBJECT_NAME_NOT_FOUND;
+        }
+
+        if (attributes.RootDirectory == KNOWN_DLLS_DIRECTORY || filename.starts_with(u"\\knowndlls\\"))
+        {
+            auto& knowndlls_sections = c.win_emu.process.knowndlls64_sections;

            if (filename.starts_with(u"\\knowndlls\\"))
            {
                filename = std::u16string_view(filename).substr(11, filename.length() - 11);
            }
-            else if (filename.starts_with(u"\\knowndlls32\\"))
-            {
-                filename = std::u16string_view(filename).substr(13, filename.length() - 13);
-            }

-            if (filename == u"win32u.dll")
+            if (!knowndlls_sections.contains(filename))
            {
                return STATUS_OBJECT_NAME_NOT_FOUND;
            }

+            auto knowndll_section = knowndlls_sections[filename];
+            section_handle.write(c.proc.sections.store(knowndll_section));
+            return STATUS_SUCCESS;
+        }
+        else if (attributes.RootDirectory == KNOWN_DLLS32_DIRECTORY || filename.starts_with(u"\\knowndlls32\\"))
+        {
+            auto& knowndlls_sections = c.win_emu.process.knowndlls32_sections;
+
+            if (filename.starts_with(u"\\knowndlls32\\"))
+            {
+                filename = std::u16string_view(filename).substr(13, filename.length() - 13);
+            }
+
            if (!knowndlls_sections.contains(filename))
            {
                return STATUS_OBJECT_NAME_NOT_FOUND;