Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-18 19:23:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,635 Commits 2 Branches 0 Tags
d54c8bf9ca60cf07be37018bc6a400c2d6fedf28
Commit Graph

2635 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ahm3dgg
d54c8bf9ca NtOpenSection: Do Case-Insensitive String Comparison 2026-01-11 01:37:55 +02:00
ahm3dgg
5b03324342 Formatting 2026-01-11 00:32:00 +02:00
ahm3dgg
d9fc7ce614 Formatting 2026-01-11 00:26:44 +02:00
ahm3dgg
8dc54d7816 Clang Tidy Fix 2026-01-11 00:22:35 +02:00
ahm3dgg
fc0853aab6 NtOpenSection: Do Case-Insensitive String Comparison 2026-01-11 00:15:22 +02:00
ahm3dgg
6cd94b7f4d Simplify code and remove uncessary comments 2026-01-09 13:36:26 +02:00
ahm3dgg
58d6a10837 Simplify code and remove uncessary comments 2026-01-09 13:35:38 +02:00
ahm3dgg
f41e7bf881 Exclude win32u.dll from module_load_count 2026-01-09 06:45:32 +02:00
ahm3dgg
974defb080 Translate FilePath before getting it from module_load_count 2026-01-09 06:00:18 +02:00
ahm3dgg
9161d04417 Clang Format fix 2026-01-09 05:48:35 +02:00
ahm3dgg
ee051fad92 Clang Tidy Fix 2026-01-09 05:45:47 +02:00
ahm3dgg
80fc959221 Formatting Fix 2026-01-09 05:33:35 +02:00
ahm3dgg
0b99e11f99 We can only wish 2026-01-09 05:29:19 +02:00
ahm3dgg
f0b8e56933 We can only wish 2026-01-09 04:56:23 +02:00
ahm3dgg
c58ad0153e We can only wish 2026-01-09 03:41:22 +02:00
ahm3dgg
48cb637571 Workaround win32u only 2026-01-09 03:29:50 +02:00
ahm3dgg
a728db63de Workaround win32u only 2026-01-09 03:28:35 +02:00
ahm3dgg
37db1c635f Formatting 2026-01-09 03:14:53 +02:00
ahm3dgg
80db2420e6 Formatting 2026-01-09 03:10:21 +02:00
ahm3dgg
8481cdfb5d Use std::map instead of std::unordered_map for data that will be serialized 2026-01-09 03:09:42 +02:00
ahm3dgg
833fd610da Test CI/CD 2026-01-09 00:23:35 +02:00
ahm3dgg
762d732056 Format fix 2026-01-08 19:49:41 +02:00
ahm3dgg
871e249227 Safety check for api-set ValueCount 2026-01-08 19:46:51 +02:00
ahm3dgg
a53addef5f Serialize & Deserialize module_load_count 2026-01-08 19:23:25 +02:00
ahm3dgg
81cfe7bd5b Merge branch 'main' into knowndlls-patch 2026-01-08 13:58:32 +02:00
Maurice Heumann
9090e29e21 Revert "module manager: safer ldr init block setup" (#695) 
The change from fixed size 0xF0 to sizeof(PS_SYSTEM_DLL_INIT_BLOCK)
(which is 0x128 for V3 struct) causes memory corruption when using
Windows 10 system files.

**Before (working):**
```
constexpr uint64_t symtem_dll_init_block_fix_size = 0xF0; // Wine or WIN10
init_block.Size = symtem_dll_init_block_fix_size;
// ...
this->memory_->write_memory(ldr_init_block_addr, &init_block, symtem_dll_init_block_fix_size);
```

**After (broken):**
```
constexpr uint64_t system_dll_init_block_size = sizeof(PS_SYSTEM_DLL_INIT_BLOCK);  // = 0x128
init_block.Size = system_dll_init_block_size;
// ...
this->memory_->write_memory(ldr_init_block_addr, &init_block, write_size);
```

**Symptom:**
```
Executing syscall: NtQueryVirtualMemory (0x23) at 0x18009d442 via 0x1800d4920 (ntdll.dll)
Interrupt 41
Suspicious: Breakpoint at 0x1800ac7d8 (via 0x1800ac7d5)
Executing syscall: NtQueryVirtualMemory (0x23) at 0x18009d442 via 0x180033579 (ntdll.dll)
Executing syscall: NtQueryVirtualMemory (0x23) at 0x18009d442 via 0x180033579 (ntdll.dll)
Executing syscall: NtQueryVirtualMemory (0x23) at 0x18009d442 via 0x180033579 (ntdll.dll)
Executing syscall: NtQueryVirtualMemory (0x23) at 0x18009d442 via 0x180033579 (ntdll.dll)
Bad address for memory image request: 0x5f0000
Executing syscall: NtRaiseException (0x168) at 0x18009fcd2 via 0x1800a0ee3 (ntdll.dll)
!!! NtRaiseException: Code=0x80000003, Flags=0x0, Address=0x1800ac7d7, NumParams=0, HandleException=0
Emulation terminated without status!
```

**Root cause:** PS_SYSTEM_DLL_INIT_BLOCK has different sizes across
Windows versions. It needs to detect the Windows version from ntdll and
use the appropriate size. I will submit a PR to fix this issue soon.
 2026-01-08 11:42:34 +01:00
Brian Wynn
7ba5a7b2e4 Revert "module manager: safer ldr init block setup" 2026-01-08 17:37:01 +08:00
ahm3dgg
06cc62042c Serialize and Deserialize KnownDLLs Tables 2026-01-08 00:36:53 +02:00
ahm3dgg
bb98f2cee3 no need to set maximum size for section 2026-01-07 21:03:52 +02:00
ahm3dgg
63fad67e8f no need to set maximum size 2026-01-07 20:49:37 +02:00
ahm3dgg
f12766f027 use local path for fs ops 2026-01-07 20:34:33 +02:00
ahm3dgg
49ae9ef68a Add dummy stub for NtFlushInstructionCache 2026-01-07 20:21:19 +02:00
ahm3dgg
0b47eb77f1 Formatting fix 2026-01-07 19:54:34 +02:00
ahm3dgg
1ec9816d9a Return STATUS_IMAGE_MACHINE_TYPE_MISMATCH in case a 64-bit process tries to map a 32-bit executable 2026-01-07 19:50:26 +02:00
ahm3dgg
fdcc7455a1 Separated KnownDLLs and KnownDLLs32 2026-01-07 19:37:36 +02:00
ahm3dgg
72ea3e0f0d format fix 2026-01-07 09:35:13 +02:00
ahm3dgg
200b39359e Fix 2026-01-07 09:33:06 +02:00
ahm3dgg
c92e7bff5f fix cast 2026-01-07 09:15:57 +02:00
ahm3dgg
6958954f82 Fix another warning 2026-01-07 09:04:37 +02:00
Maurice Heumann
01851ad571 Update description for Security Research section 2026-01-07 08:02:34 +01:00
ahm3dgg
f61946335c fix cast 2026-01-07 08:57:09 +02:00
ahm3dgg
741dadfced Remove redundant code 2026-01-07 08:54:05 +02:00
Maurice Heumann
e7abe50f00 module manager: safer ldr init block setup (#693) 2026-01-07 07:50:23 +01:00
ahm3dgg
981faf3600 fix 2026-01-07 08:42:12 +02:00
ahm3dgg
4dadc42284 weird c++ moments 2026-01-07 08:36:01 +02:00
ahm3dgg
6c508eb15e formatting fix 2026-01-07 08:30:13 +02:00
ahm3dgg
d4b59cc3cd Fix 2026-01-07 08:27:25 +02:00
ahm3dgg
c3a760dace Fixed Formatting 2026-01-07 08:23:00 +02:00
ahm3dgg
1806eeb2e0 Fix types 2026-01-07 08:18:08 +02:00
ahm3dgg
4f8745ce1b Support for KnownDLLs and Some Refactoring 2026-01-07 08:06:19 +02:00