Maurice Heumann
a87c0ca83f
Merge WOW64 support ( #564 )
2025-10-31 20:21:13 +01:00
momo5502
988a36a696
Update unicorn submodule
2025-10-31 20:02:09 +01:00
momo5502
42630afac0
Remove randomness
2025-10-31 18:23:35 +01:00
momo5502
0e5bbdd8cc
Fix serialization issues
2025-10-30 20:21:28 +01:00
momo5502
98eb1f92d1
Better formatting
2025-10-26 18:48:51 +01:00
momo5502
3bf037876c
Remove logging
2025-10-26 18:48:43 +01:00
momo5502
cb4fe6c30f
Merge remote-tracking branch 'origin/main' into wow64
2025-10-25 11:06:03 +02:00
Maurice Heumann
eb0ba686cd
Bugfixes - minidump load, memory tail boundary ( #568 )
...
Minor change to allow minidump load to work with pages with copy
permission set.
File was probing memory via VirtualQuery incrementally, previously this
ran forever as Sogen doesn't replicate Windows behaviour.
Added exclusive allocation end boundary so that allocation / info check
on last page of user space VA works. Modified
memory_manager::find_free_allocation_base and
memory_manager::get_region_info to use exclusive boundary.
Added check to NtQueryVirtualMemory - now correctly returns
STATUS_INVALID_PARAMETER when run against memory outside of user space
VA. Kernel modules should use ZwQueryVirtualMemory not the user land
API.
2025-10-25 10:55:18 +02:00
Maurice Heumann
bf834e3459
Various fixes and enhancements ( #565 )
...
This PR does a number of fixes and enhancements:
- [Added FileFsAttributeInformation fs info
class](c0fd8ebf51c8a18cf61c2c82277b5e54ebbe27c24fbd65a3020d06e6822a1c89c4e3b3d20da12052c07f54152846b97fd91c83aa3b663a
2025-10-25 10:54:01 +02:00
CarlTSpeak
22df3e7889
Fix format issue
2025-10-24 11:13:55 +01:00
CarlTSpeak
064df5b6ef
Revert earlier rdtsc changes, implement fixes
2025-10-24 10:59:28 +01:00
Igor Pissolati
b6d7a012d7
Fix issue in NtUserEnumDisplayDevices and NtUserEnumDisplaySettings
2025-10-23 16:02:53 -03:00
CarlTSpeak
96169a01a8
Merge branch 'main' of https://github.com/momo5502/sogen
2025-10-23 19:00:50 +01:00
Igor Pissolati
3c6c2e2dde
Apply review suggestion
2025-10-23 11:19:35 -03:00
Igor Pissolati
2c82277b5e
Add FileIdInformation file info class
2025-10-23 11:19:17 -03:00
Igor Pissolati
83aa3b663a
Optimize module_manager::get_module
2025-10-22 17:21:34 -03:00
Igor Pissolati
46b97fd91c
Don't request 'file_size' for directories
2025-10-22 17:21:04 -03:00
Igor Pissolati
c07f541528
Stub NtSetSecurityObject
2025-10-22 17:20:38 -03:00
Igor Pissolati
d20da12052
Add '\??\pipe\' prefix to is_named_pipe_path
2025-10-22 17:19:51 -03:00
Igor Pissolati
1c89c4e3b3
Initialize StaticUnicodeString in TEB
2025-10-22 17:18:41 -03:00
Igor Pissolati
0d06e6822a
Add support for SHA256 in KSecDD
2025-10-22 17:17:57 -03:00
Igor Pissolati
4fbd65a302
Fix DISPLAY_DEVICEW value
2025-10-22 17:17:02 -03:00
Igor Pissolati
54ebbe27c2
Implement NtUserEnumDisplaySettings syscall
2025-10-22 17:16:10 -03:00
Igor Pissolati
c8a18cf61c
Add FileIsRemoteDeviceInformation file info class
2025-10-22 17:14:51 -03:00
Igor Pissolati
c0fd8ebf51
Add FileFsAttributeInformation fs info class
2025-10-22 17:14:19 -03:00
momo5502
effd2f7a02
Merge remote-tracking branch 'origin/main' into wow64
2025-10-21 20:45:29 +02:00
momo5502
11ef37758c
Fix casing
2025-10-21 20:43:29 +02:00
Maurice Heumann
b84ae7475f
Implement ALPC port abstraction and implement DNS resolver port ( #558 )
...
This PR introduces an abstraction for ALPC ports to make them easier to
manage in the future, and implements the DNS resolver port, at least
enough to get host address queries working.
There's a lot of code in this PR that I'm not very confident about, so
don't hesitate on the feedback 😄
<img width="1377" height="624" alt="image"
src="https://github.com/user-attachments/assets/4d56b84d-4b87-42ed-9bfa-be04dbbf3735 "
/>
2025-10-21 20:42:26 +02:00
momo5502
829836c333
Enable serialization tests
2025-10-21 20:41:53 +02:00
Maurice Heumann
7799f3dd74
Small timing fix ( #563 )
2025-10-21 20:35:19 +02:00
momo5502
652f8d7f17
Fix formatting
2025-10-21 20:15:20 +02:00
Maurice Heumann
304dbcc661
Comprehensive WOW64 subsystem implementation ( #555 )
...
# Major Features Implemented
**Core WOW64 Architecture**
1. Full TEB, PEB, and Windows structure implementations for 32-bit
processes
2. Proper thread context switching with 32-bit stack allocation
3. Configurable memory allocation with 32-bit/64-bit address space
handling
4. Automatic WOW64 process identification and handling
5. Heaven's Gate Implementation for handling exceptions
**Enhanced Emulation Features**
1. Fixed GDT setup and segment management for WOW64
2. Multi-architecture PE loading with proper import resolution
3. Segment-aware disassembly with WOW64 debugging capabilities
**Testing & Validation**
**32-bit Test Sample**: Minimal "hello" executable with full ASM source
# TODO
Needs more testing, currently in very early stages.
2025-10-21 20:13:01 +02:00
momo5502
8ef9349c37
Small timing fix
2025-10-21 20:12:28 +02:00
momo5502
facf997120
Small timing fix
2025-10-21 20:12:04 +02:00
Igor Pissolati
dc3a0e6fd4
Small improvements
2025-10-21 11:23:57 -03:00
CarlTSpeak
b64f780ff6
Merge branch 'main' of https://github.com/momo5502/sogen
2025-10-21 11:20:08 +01:00
Maurice Heumann
494dcce851
Build(deps-dev): Bump vite from 7.1.7 to 7.1.11 in /page ( #562 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite )
from 7.1.7 to 7.1.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases ">vite's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.11</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.11/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
<h2>v7.1.10</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.10/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
<h2>v7.1.9</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.9/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
<h2>v7.1.8</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.8/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md ">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v7.1.10...v7.1.11 ">7.1.11</a>
(2025-10-20)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>dev:</strong> trim trailing slash before
<code>server.fs.deny</code> check (<a
href="https://redirect.github.com/vitejs/vite/issues/20968 ">#20968</a>)
(<a
href="f479cc57c4https://redirect.github.com/vitejs/vite/issues/20966 ">#20966</a>)
(<a
href="6fb41a260bhttps://redirect.github.com/vitejs/vite/issues/20921 ">#20921</a>)
(<a
href="d0094af639https://redirect.github.com/vitejs/vite/issues/20945 ">#20945</a>)
(<a
href="ef411cee26https://redirect.github.com/vitejs/vite/issues/20946 ">#20946</a>)
(<a
href="a81730754dhttps://github.com/vitejs/vite/compare/v7.1.9...v7.1.10 ">7.1.10</a>
(2025-10-14)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>css:</strong> avoid duplicate style for server rendered
stylesheet link and client inline style during dev (<a
href="https://redirect.github.com/vitejs/vite/issues/20767 ">#20767</a>)
(<a
href="3a92bc79b3https://redirect.github.com/vitejs/vite/issues/20883 ">#20883</a>)
(<a
href="d3e7eeefa9879de86935https://redirect.github.com/vitejs/vite/issues/20894 ">#20894</a>)
(<a
href="3213f90ff0https://redirect.github.com/vitejs/vite/issues/20760 ">#20760</a>)
(<a
href="b95fa2aa75https://redirect.github.com/vitejs/vite/issues/20887 ">#20887</a>)
(<a
href="6537d15591https://redirect.github.com/vitejs/vite/issues/20906 ">#20906</a>)
(<a
href="446eb38632https://redirect.github.com/vitejs/vite/issues/20898 ">#20898</a>)
(<a
href="73b6d243e0https://redirect.github.com/vitejs/vite/issues/20926 ">#20926</a>)
(<a
href="c714776aa1https://redirect.github.com/vitejs/vite/issues/20890 ">#20890</a>)
(<a
href="29e98dc3efhttps://redirect.github.com/vitejs/vite/issues/20923 ">#20923</a>)
(<a
href="a5e3b064fahttps://github.com/vitejs/vite/compare/v7.1.8...v7.1.9 ">7.1.9</a>
(2025-10-03)<!-- raw HTML omitted --></h2>
<h3>Reverts</h3>
<ul>
<li><strong>server:</strong> drain stdin when not interactive (<a
href="https://redirect.github.com/vitejs/vite/issues/20885 ">#20885</a>)
(<a
href="12d72b0538https://github.com/vitejs/vite/compare/v7.1.7...v7.1.8 ">7.1.8</a>
(2025-10-02)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>css:</strong> improve url escape characters handling (<a
href="https://redirect.github.com/vitejs/vite/issues/20847 ">#20847</a>)
(<a
href="24a61a3f54https://redirect.github.com/vitejs/vite/issues/20855 ">#20855</a>)
(<a
href="788a183afchttps://redirect.github.com/vitejs/vite/issues/20864 ">#20864</a>)
(<a
href="e670799e128b69c9e32cf479cc57c4https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968 ">#20968</a>)</li>
<li><a
href="6fb41a260bhttps://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20966 ">#20966</a>)</li>
<li><a
href="a81730754dhttps://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20946 ">#20946</a>)</li>
<li><a
href="ef411cee26https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20945 ">#20945</a>)</li>
<li><a
href="d0094af639https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20921 ">#20921</a>)</li>
<li><a
href="ed4a0dc913c714776aa1https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20926 ">#20926</a>)</li>
<li><a
href="446eb38632https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20906 ">#20906</a>)</li>
<li><a
href="879de86935https://github.com/vitejs/vite/commits/v7.1.11/packages/vite ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/momo5502/sogen/network/alerts ).
</details>
2025-10-21 08:58:03 +02:00
dependabot[bot]
e50f219996
Build(deps-dev): Bump vite from 7.1.7 to 7.1.11 in /page
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite ) from 7.1.7 to 7.1.11.
- [Release notes](https://github.com/vitejs/vite/releases )
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md )
- [Commits](https://github.com/vitejs/vite/commits/v7.1.11/packages/vite )
---
updated-dependencies:
- dependency-name: vite
dependency-version: 7.1.11
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-21 06:39:38 +00:00
Maurice Heumann
9350430d8e
Disable SSE4.x ( #561 )
...
This is a quick fix for the issue presented in: #560
2025-10-21 07:57:24 +02:00
Igor Pissolati
1a97f3b2e2
Fix failed check
2025-10-20 23:19:24 -03:00
Igor Pissolati
65de67b24f
Use hard-coded values instead of calling __cpuidex
2025-10-20 22:52:56 -03:00
Igor Pissolati
6fe93375e6
Disable SSE4.x
2025-10-20 22:26:15 -03:00
Maurice Heumann
0e158b6064
Implement file renaming and relative path handling in NtQueryAttributesFile ( #557 )
...
This PR introduces several enhancements, mainly to the file system
syscalls:
- Implements file renaming via `NtSetInformationFile` by adding a
deferred rename mechanism to `file_handle`. The rename operation occurs
when the file handle is closed.
- Adds support for the `RootDirectory` parameter in
`NtQueryAttributesFile` to handle relative file paths.
- Adds support for opening the console output device (`\\??\\CONOUT$`).
- Stubs out the `NtLockVirtualMemory` syscall.
- Fixes an incorrect assertion in `socket_wrapper` that could fire on
`recvfrom` errors.
2025-10-20 15:08:37 +02:00
Maurice Heumann
c5e58292ff
Fix std::chrono::system_clock::now() ( #559 )
...
In `ntdll!RtlGetSystemTimePrecise`, `kusd.SystemTime` is queried first,
and QPC offset (`QPC() - kusd.BaselineSystemTimeQpc`) is added if it's
larger than 0.
Setting `kusd.BaselineSystemTimeQpc` to `UINT64_MAX` avoids the
adjustment, so incorrect adjustments won't happen.
Alternatively, We can update `kusd.BaselineSystemTimeQpc` to be the QPC
value just when `kusd.SystemTime` changes, but that's not possible,
because we cannot monitor `kusd.SystemTime` for change.
----------
Notes
1. With current values, this misalignment happens only when the system
is up for a long time.
2. Should I leave the comment there, or we can remove it and `git blame`
later instead?
2025-10-20 07:11:53 +02:00
AlexGuo1998
66c7c3126d
Fix std::chrono::system_clock::now()
...
In `ntdll!RtlGetSystemTimePrecise`, `kusd.SystemTime` is queried first, and QPC offset (`QPC() - kusd.BaselineSystemTimeQpc`) is added if it's larger than 0.
Setting `kusd.BaselineSystemTimeQpc` to `UINT64_MAX` avoids the adjustment, so incorrect adjustments won't happen.
Alternatively, We can update `kusd.BaselineSystemTimeQpc` to be the QPC value just when `kusd.SystemTime` changes, but that's not possible, because we cannot monitor `kusd.SystemTime` for change.
2025-10-20 10:30:44 +08:00
Igor Pissolati
248c09d554
Implement ALPC port abstraction and implement DNS resolver port
2025-10-19 23:23:29 -03:00
Igor Pissolati
887b02c240
Support file renaming and support relative path in NtQueryAttributesFile
2025-10-19 17:51:44 -03:00
CarlTSpeak
1f5afe4c74
Minidump can load pages with C permission set. Minor instrumentation.
2025-10-18 14:19:53 +01:00
brian
65eecf1cfd
Comprehensive WOW64 subsystem implementation
2025-10-13 19:55:50 +08:00
momo5502
9453123db0
Force new line at EOF
2025-10-12 17:21:51 +02:00
