From fdcc7455a1f1f5e4bb7b451fab42ceab7343c524 Mon Sep 17 00:00:00 2001 From: ahm3dgg Date: Wed, 7 Jan 2026 19:36:11 +0200 Subject: [PATCH] Separated KnownDLLs and KnownDLLs32 --- src/windows-emulator/process_context.cpp | 10 ++------ src/windows-emulator/process_context.hpp | 5 +++- src/windows-emulator/syscalls/section.cpp | 29 ++++++++++++++++------- 3 files changed, 27 insertions(+), 17 deletions(-) diff --git a/src/windows-emulator/process_context.cpp b/src/windows-emulator/process_context.cpp index 7ca1cdd1..22331b74 100644 --- a/src/windows-emulator/process_context.cpp +++ b/src/windows-emulator/process_context.cpp @@ -574,14 +574,8 @@ void process_context::setup(x86_64_emulator& emu, memory_manager& memory, regist } } - if (is_wow64_process) - { - create_known_dlls_section_objects(this->knowndlls_sections, registry, apiset_container, file_system, is_wow64_process); - } - else - { - create_known_dlls_section_objects(this->knowndlls_sections, registry, apiset_container, file_system, is_wow64_process); - } + create_known_dlls_section_objects(this->knowndlls32_sections, registry, apiset_container, file_system, true); + create_known_dlls_section_objects(this->knowndlls64_sections, registry, apiset_container, file_system, false); this->ntdll_image_base = ntdll.image_base; this->ldr_initialize_thunk = ntdll.find_export("LdrInitializeThunk"); diff --git a/src/windows-emulator/process_context.hpp b/src/windows-emulator/process_context.hpp index e9ff930e..a3cccd77 100644 --- a/src/windows-emulator/process_context.hpp +++ b/src/windows-emulator/process_context.hpp @@ -34,6 +34,7 @@ struct emulator_settings; struct application_settings; +using knowndlls_map = std::unordered_map; struct process_context { struct callbacks @@ -140,7 +141,9 @@ struct process_context handle_store timers{}; handle_store registry_keys{}; std::map atoms{}; - std::unordered_map knowndlls_sections; + + knowndlls_map knowndlls32_sections; + knowndlls_map knowndlls64_sections; std::vector default_register_set{}; diff --git a/src/windows-emulator/syscalls/section.cpp b/src/windows-emulator/syscalls/section.cpp index c1dbfbf5..786d3518 100644 --- a/src/windows-emulator/syscalls/section.cpp +++ b/src/windows-emulator/syscalls/section.cpp @@ -119,25 +119,38 @@ namespace syscalls } utils::string::to_lower_inplace(filename); - - if (is_known_dll) + if (is_known_dll && filename.starts_with(u"win32u.dll")) { - auto& knowndlls_sections = c.win_emu.process.knowndlls_sections; + return STATUS_OBJECT_NAME_NOT_FOUND; + } + + if (attributes.RootDirectory == KNOWN_DLLS_DIRECTORY || filename.starts_with(u"\\knowndlls\\")) + { + auto& knowndlls_sections = c.win_emu.process.knowndlls64_sections; if (filename.starts_with(u"\\knowndlls\\")) { filename = std::u16string_view(filename).substr(11, filename.length() - 11); } - else if (filename.starts_with(u"\\knowndlls32\\")) - { - filename = std::u16string_view(filename).substr(13, filename.length() - 13); - } - if (filename == u"win32u.dll") + if (!knowndlls_sections.contains(filename)) { return STATUS_OBJECT_NAME_NOT_FOUND; } + auto knowndll_section = knowndlls_sections[filename]; + section_handle.write(c.proc.sections.store(knowndll_section)); + return STATUS_SUCCESS; + } + else if (attributes.RootDirectory == KNOWN_DLLS32_DIRECTORY || filename.starts_with(u"\\knowndlls32\\")) + { + auto& knowndlls_sections = c.win_emu.process.knowndlls32_sections; + + if (filename.starts_with(u"\\knowndlls32\\")) + { + filename = std::u16string_view(filename).substr(13, filename.length() - 13); + } + if (!knowndlls_sections.contains(filename)) { return STATUS_OBJECT_NAME_NOT_FOUND;