This PR aims to:
- [Stub FileBasicInformation in
NtSetInformationFile](6d0ad1dd61)
- [Make sure a root `windows_path` have slash at the
end](02ed4fbb03),
this was necessary because `directory_iterator` fails when the path is
`C:` (without slash)..
- [Improve
NtQueryDirectoryFileEx](f6ec1fc9cc)
by adding filename filtering support, including more basic file
information in the struct, and fixing an issue that prevented the last
chunk of files from being enumerated correctly.
This PR aims to do the following:
- Add the `NtUserGetAtomName` syscall.
- Add stub handlers for `NtUserSetWindowsHookEx`,
`NtUserUnhookWindowsHookEx`, and `NtUserCreateWindowEx`.
- Implement `NtGetNlsSectionPtr` (for Code Pages), add
`NtQueryDefaultUILanguage`, and improve `NtQueryInstallUILanguage`.
- Handle `SystemTimeZoneInformation`,
`SystemCurrentTimeZoneInformation`, and
`SystemDynamicTimeZoneInformation` in `NtQuerySystemInformation`.
- Skip `ThreadAffinityMask` in `NtSetInformationThread`.
- Fix `NtConnectPort` to allow TimeZone queries to work properly. This
is probably the most problematic change here because it required messing
with the shared section and hardcoding an offset (2504). Initializing
the data in this offset seems necessary for calls like
`GetTimeZoneInformation` to succeed, so maybe there's no other way
around it.
Change type of chrono return to be auto
Co-authored-by: Maurice Heumann <MauriceHeumann@gmail.com>
simplify conditional compile and add #else to prevent clang-tidy breaking CI
Co-authored-by: Maurice Heumann <MauriceHeumann@gmail.com>
fix intrinsics, and resolve x86 compiler issues
- fix `time.hpp` compiler warnings (errors) and use proper intrinsic for gcc
- simplify tick calculation logic
- fix: exclude intrinsics include for non x86 builds and fix style
- fix: get() on clock_ unique ptr
Previously, RDTSC in the VM always returned a constant value, which broke any non deterministic timing-based operations, or caused detections in heuristics of malware and ANTI-VM tools.
This patch introduces a spoofed rdtsc_fake counter that tracks and adjusts timing deltas to simulate realistic TSC increments. Can be extended to simulate rdtsc timings based on CPU clock speed.
