From ffea72d48a773180fdae63afe26d158b68b347dd Mon Sep 17 00:00:00 2001 From: CarlTSpeak Date: Wed, 6 Aug 2025 10:30:40 +0100 Subject: [PATCH] Added basic pipe support to NtRead/WriteFile --- src/common/platform/status.hpp | 10 ++ src/windows-emulator/devices/named_pipe.hpp | 2 + src/windows-emulator/io_device.cpp | 1 + src/windows-emulator/syscall_utils.hpp | 6 + src/windows-emulator/syscalls/file.cpp | 136 ++++++++++++++------ 5 files changed, 119 insertions(+), 36 deletions(-) diff --git a/src/common/platform/status.hpp b/src/common/platform/status.hpp index 583f258a..a9ea9625 100644 --- a/src/common/platform/status.hpp +++ b/src/common/platform/status.hpp @@ -52,6 +52,16 @@ using NTSTATUS = std::uint32_t; #define STATUS_ADDRESS_ALREADY_ASSOCIATED ((NTSTATUS)0xC0000328L) #define STATUS_PORT_NOT_SET ((NTSTATUS)0xC0000353L) #define STATUS_DEBUGGER_INACTIVE ((NTSTATUS)0xC0000354L) +#define STATUS_PIPE_BROKEN ((NTSTATUS)0xC000014BL) +#define STATUS_PIPE_EMPTY ((NTSTATUS)0xC00000D9L) +#define STATUS_PIPE_BUSY ((NTSTATUS)0xC00000AAL) +#define STATUS_PIPE_DISCONNECTED ((NTSTATUS)0xC00000B0L) +#define STATUS_PIPE_LISTENING ((NTSTATUS)0x00000105L) +#define STATUS_PIPE_CONNECTED ((NTSTATUS)0x00000106L) +#define STATUS_PIPE_CLOSING ((NTSTATUS)0xC00000B1L) +#define STATUS_PIPE_NOT_AVAILABLE ((NTSTATUS)0xC00000ACL) +#define STATUS_INVALID_PIPE_STATE ((NTSTATUS)0xC00000ADL) +#define STATUS_PIPE_NOT_CONNECTED ((NTSTATUS)0xC00000BEL) #define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L) diff --git a/src/windows-emulator/devices/named_pipe.hpp b/src/windows-emulator/devices/named_pipe.hpp index ef295342..c550e539 100644 --- a/src/windows-emulator/devices/named_pipe.hpp +++ b/src/windows-emulator/devices/named_pipe.hpp @@ -4,6 +4,8 @@ class named_pipe : public io_device_container { public: std::u16string name; + std::deque write_queue; + ACCESS_MASK access = 0; ULONG pipe_type; ULONG read_mode; ULONG completion_mode; diff --git a/src/windows-emulator/io_device.cpp b/src/windows-emulator/io_device.cpp index 9f34954d..da7ad8a8 100644 --- a/src/windows-emulator/io_device.cpp +++ b/src/windows-emulator/io_device.cpp @@ -5,6 +5,7 @@ #include "devices/mount_point_manager.hpp" #include "devices/security_support_provider.hpp" #include "devices/named_pipe.hpp" +#include namespace { diff --git a/src/windows-emulator/syscall_utils.hpp b/src/windows-emulator/syscall_utils.hpp index 14395c59..58062f0d 100644 --- a/src/windows-emulator/syscall_utils.hpp +++ b/src/windows-emulator/syscall_utils.hpp @@ -3,6 +3,7 @@ #include "windows_emulator.hpp" #include #include +#include "windows-emulator/devices/named_pipe.hpp" struct syscall_context { @@ -28,6 +29,11 @@ inline bool is_syscall(const std::string_view name) return name.starts_with("Nt") && name.size() > 3 && is_uppercase(name[2]); } +inline bool is_named_pipe_path(const std::u16string_view& filename) +{ + return filename == u"\\Device\\NamedPipe\\" || filename.starts_with(u"\\Device\\NamedPipe\\"); +} + inline std::optional extract_syscall_id(const exported_symbol& symbol, std::span data) { if (!is_syscall(symbol.name)) diff --git a/src/windows-emulator/syscalls/file.cpp b/src/windows-emulator/syscalls/file.cpp index ad03773f..666a2a5d 100644 --- a/src/windows-emulator/syscalls/file.cpp +++ b/src/windows-emulator/syscalls/file.cpp @@ -648,6 +648,34 @@ namespace syscalls return STATUS_SUCCESS; } + const auto* container = c.proc.devices.get(file_handle); + if (container) + { + if (auto* pipe = container->get_internal_device()) + { + if (!pipe->write_queue.empty()) + { + std::string_view data = pipe->write_queue.front(); + const size_t to_copy = std::min(data.size(), length); + + commit_file_data(data.substr(0, to_copy), c.emu, io_status_block, buffer); + + if (to_copy == data.size()) + { + pipe->write_queue.pop_front(); + } + else + { + pipe->write_queue.front().erase(0, to_copy); + } + + return STATUS_SUCCESS; + } + + return STATUS_PIPE_EMPTY; + } + } + const auto* f = c.proc.files.get(file_handle); if (!f) { @@ -685,6 +713,26 @@ namespace syscalls return STATUS_SUCCESS; } + const auto* container = c.proc.devices.get(file_handle); + if (container) + { + if (auto* pipe = container->get_internal_device()) + { + // TODO c.win_emu.callbacks.on_named_pipe_write(pipe->name, temp_buffer); + + // TODO pipe->write_queue.push_back(temp_buffer); + + if (io_status_block) + { + IO_STATUS_BLOCK> block{}; + block.Information = static_cast(temp_buffer.size()); + io_status_block.write(block); + } + + return STATUS_SUCCESS; + } + } + const auto* f = c.proc.files.get(file_handle); if (!f) { @@ -779,6 +827,33 @@ namespace syscalls return std::nullopt; } + NTSTATUS handle_named_pipe_create(const syscall_context& c, const emulator_object& out_handle, + const std::u16string_view filename, + const OBJECT_ATTRIBUTES>& attributes, + ACCESS_MASK desired_access) + { + (void)attributes; // This isn't being consumed atm, suppressing errors + + c.win_emu.callbacks.on_generic_access("Creating/opening named pipe", filename); + + io_device_creation_data data{}; + + std::u16string device_name = u"NamedPipe"; + + io_device_container container{device_name, c.win_emu, data}; + + if (auto* pipe_device = container.get_internal_device()) + { + pipe_device->name = std::u16string(filename); + pipe_device->access = desired_access; + } + + const auto handle = c.proc.devices.store(std::move(container)); + out_handle.write(handle); + + return STATUS_SUCCESS; + } + NTSTATUS handle_NtCreateFile(const syscall_context& c, const emulator_object file_handle, ACCESS_MASK desired_access, const emulator_object>> object_attributes, @@ -790,6 +865,11 @@ namespace syscalls const auto attributes = object_attributes.read(); auto filename = read_unicode_string(c.emu, attributes.ObjectName); + if (is_named_pipe_path(filename)) + { + return handle_named_pipe_create(c, file_handle, filename, attributes, desired_access); + } + auto printer = utils::finally([&] { c.win_emu.callbacks.on_generic_access("Opening file", filename); // }); @@ -1082,51 +1162,37 @@ namespace syscalls (void)share_access; (void)create_disposition; (void)create_options; - (void)object_attributes; - std::u16string file_name; + const auto attributes = object_attributes.read(); + const auto filename = read_unicode_string(c.emu, attributes.ObjectName); - // Get file name - object_attributes.access([&](const auto& attrs) { - emulator_object>> unicode_string( - c.emu, static_cast(attrs.ObjectName)); + if (!filename.starts_with(u"\\Device\\NamedPipe")) + return STATUS_NOT_SUPPORTED; + + c.win_emu.callbacks.on_generic_access("Creating named pipe", filename); - unicode_string.access([&](const auto& unicode) { - if (unicode.Length > 0 && unicode.Buffer != 0) - { - auto buffer_addr = static_cast(unicode.Buffer); - std::vector buffer(unicode.Length / sizeof(char16_t)); - c.emu.read_memory(buffer_addr, buffer.data(), unicode.Length); - file_name.assign(buffer.begin(), buffer.end()); - } - }); - }); - - //Build IO device io_device_creation_data data{}; - io_device_container container{u"NamedPipe", c.win_emu, data}; + if (auto* pipe_device = container.get_internal_device()) { - pipe_device->name = file_name; + pipe_device->name = filename; + pipe_device->pipe_type = named_pipe_type; + pipe_device->read_mode = read_mode; + pipe_device->completion_mode = completion_mode; + pipe_device->max_instances = maximum_instances; + pipe_device->inbound_quota = inbound_quota; + pipe_device->outbound_quota = outbound_quota; + pipe_device->default_timeout = default_timeout.read(); + } + else + { + return STATUS_NOT_SUPPORTED; } - // Create pipe and fill details - auto* pipe_device = container.get_internal_device(); - pipe_device->name = u"StubPipe"; - pipe_device->pipe_type = named_pipe_type; - pipe_device->read_mode = read_mode; - pipe_device->completion_mode = completion_mode; - pipe_device->max_instances = maximum_instances; - pipe_device->inbound_quota = inbound_quota; - pipe_device->outbound_quota = outbound_quota; - pipe_device->default_timeout = default_timeout.read(); - - // Store in device handle table handle pipe_handle = c.proc.devices.store(std::move(container)); file_handle.write(pipe_handle); - - // Return status via IOSB + IO_STATUS_BLOCK> iosb{}; iosb.Status = STATUS_SUCCESS; iosb.Information = 0; @@ -1135,8 +1201,6 @@ namespace syscalls return STATUS_SUCCESS; } - - NTSTATUS handle_NtFsControlFile(const syscall_context& c, const handle /*event_handle*/, const uint64_t /*apc_routine*/, const uint64_t /*app_context*/, const emulator_object>> /*io_status_block*/,