Emulated applications are currently able to access files from the host
system, rather than being restricted to the virtualized file system, by
using `Section` related Syscalls. This behavior appears to have been
introduced in:
- 2024-12-13: [Prepare better section support
(syscalls.cpp:582)](719a50444e (diff-96c7de348bdc06e650bdc371a600a91f80594d4201afd7a28ffa160fa755be9dR582))
- 2025-10-13: [Comprehensive WOW64 subsystem implementation
(section.cpp:141)](65eecf1cfd (diff-415eed3b4b314dc10cc9f7926687770be53799766bc9a4edca2a7f4a45477169R141)))
Because the emulator is [advertised for malware
analysis](https://github.com/momo5502/sogen/blob/main/README.md), this
unintended access path could be considered a security concern.
This PR only fixes two current misuses of an API that interacts with the
host system. As a long term solution, APIs that interact with host
resources should consistently use C++ types that enforce translation of
resource identifiers (e.g., file and registry paths) into their emulated
equivalents. This would help prevent future misuse and ensure that
emulated applications remain isolated from the host environment.
Minor change to allow minidump load to work with pages with copy
permission set.
File was probing memory via VirtualQuery incrementally, previously this
ran forever as Sogen doesn't replicate Windows behaviour.
Added exclusive allocation end boundary so that allocation / info check
on last page of user space VA works. Modified
memory_manager::find_free_allocation_base and
memory_manager::get_region_info to use exclusive boundary.
Added check to NtQueryVirtualMemory - now correctly returns
STATUS_INVALID_PARAMETER when run against memory outside of user space
VA. Kernel modules should use ZwQueryVirtualMemory not the user land
API.
