Emulated applications are currently able to access files from the host
system, rather than being restricted to the virtualized file system, by
using `Section` related Syscalls. This behavior appears to have been
introduced in:
- 2024-12-13: [Prepare better section support
(syscalls.cpp:582)](719a50444e (diff-96c7de348bdc06e650bdc371a600a91f80594d4201afd7a28ffa160fa755be9dR582))
- 2025-10-13: [Comprehensive WOW64 subsystem implementation
(section.cpp:141)](65eecf1cfd (diff-415eed3b4b314dc10cc9f7926687770be53799766bc9a4edca2a7f4a45477169R141)))
Because the emulator is [advertised for malware
analysis](https://github.com/momo5502/sogen/blob/main/README.md), this
unintended access path could be considered a security concern.
This PR only fixes two current misuses of an API that interacts with the
host system. As a long term solution, APIs that interact with host
resources should consistently use C++ types that enforce translation of
resource identifiers (e.g., file and registry paths) into their emulated
equivalents. This would help prevent future misuse and ensure that
emulated applications remain isolated from the host environment.
Adds default constructor to `emulator_object` for optional member
deserialization.
Restores `memory_interface` pointer for WOW64 structures after
deserialization.
## Summary
Adds a CMake option to use static CRT (`/MT`) instead of the default
dynamic CRT (`/MD`).
**Use case:** Projects that require static linking (e.g., IDA Pro
plugins) cannot use the default `/MD` runtime because they must link
with `/MT`.
## Changes
- Add `SOGEN_STATIC_CRT` option (default: `OFF`)
- When `ON`, sets `CMAKE_MSVC_RUNTIME_LIBRARY` to static (`/MT` or
`/MTd`)
- Also respects parent project's `CMAKE_MSVC_RUNTIME_LIBRARY` if already
defined
- Includes documentation warning about heap allocation boundaries
## Backwards Compatibility
- Default behavior unchanged (`/MD`)
- Existing projects unaffected
## Usage
```bash
cmake -B build -DSOGEN_STATIC_CRT=ON
```
Or in parent CMakeLists.txt:
```cmake
set(SOGEN_STATIC_CRT ON CACHE BOOL "")
add_subdirectory(sogen)
```
## Test plan
- [x] Verified default build still uses `/MD`
- [x] Verified `-DSOGEN_STATIC_CRT=ON` produces `/MT` build
- [x] Tested with IDA Pro plugin project (emudbg) - links successfully
Also adds FATAL_ERROR guard when SOGEN_STATIC_CRT=ON without SOGEN_BUILD_STATIC=ON,
since static CRT with shared libraries causes heap corruption (each DLL gets its own
allocator but sogen passes ownership across boundaries).
These options are designed to be used together for full static linking, useful for
embedding sogen in projects like IDA Pro plugins.
- Initialize ctxs[i] directly with aggregate initialization
- Pass address of stack object to CreateThread
- Use dot notation instead of arrow for member access
- Remove delete calls since no heap allocation
Co-authored-by: Maurice Heumann <momo5502@gmail.com>
Add test_threads_winapi() that creates threads using CreateThread
and WaitForMultipleObjects to complement the existing std::thread
based test, verifying Windows threading API emulation works correctly.
Minor change to allow minidump load to work with pages with copy
permission set.
File was probing memory via VirtualQuery incrementally, previously this
ran forever as Sogen doesn't replicate Windows behaviour.
Added exclusive allocation end boundary so that allocation / info check
on last page of user space VA works. Modified
memory_manager::find_free_allocation_base and
memory_manager::get_region_info to use exclusive boundary.
Added check to NtQueryVirtualMemory - now correctly returns
STATUS_INVALID_PARAMETER when run against memory outside of user space
VA. Kernel modules should use ZwQueryVirtualMemory not the user land
API.
This PR introduces an abstraction for ALPC ports to make them easier to
manage in the future, and implements the DNS resolver port, at least
enough to get host address queries working.
There's a lot of code in this PR that I'm not very confident about, so
don't hesitate on the feedback 😄
<img width="1377" height="624" alt="image"
src="https://github.com/user-attachments/assets/4d56b84d-4b87-42ed-9bfa-be04dbbf3735"
/>
