Minor change to allow minidump load to work with pages with copy
permission set.
File was probing memory via VirtualQuery incrementally, previously this
ran forever as Sogen doesn't replicate Windows behaviour.
Added exclusive allocation end boundary so that allocation / info check
on last page of user space VA works. Modified
memory_manager::find_free_allocation_base and
memory_manager::get_region_info to use exclusive boundary.
Added check to NtQueryVirtualMemory - now correctly returns
STATUS_INVALID_PARAMETER when run against memory outside of user space
VA. Kernel modules should use ZwQueryVirtualMemory not the user land
API.
This PR introduces an abstraction for ALPC ports to make them easier to
manage in the future, and implements the DNS resolver port, at least
enough to get host address queries working.
There's a lot of code in this PR that I'm not very confident about, so
don't hesitate on the feedback 😄
<img width="1377" height="624" alt="image"
src="https://github.com/user-attachments/assets/4d56b84d-4b87-42ed-9bfa-be04dbbf3735"
/>
This PR introduces several enhancements, mainly to the file system
syscalls:
- Implements file renaming via `NtSetInformationFile` by adding a
deferred rename mechanism to `file_handle`. The rename operation occurs
when the file handle is closed.
- Adds support for the `RootDirectory` parameter in
`NtQueryAttributesFile` to handle relative file paths.
- Adds support for opening the console output device (`\\??\\CONOUT$`).
- Stubs out the `NtLockVirtualMemory` syscall.
- Fixes an incorrect assertion in `socket_wrapper` that could fire on
`recvfrom` errors.
In `ntdll!RtlGetSystemTimePrecise`, `kusd.SystemTime` is queried first, and QPC offset (`QPC() - kusd.BaselineSystemTimeQpc`) is added if it's larger than 0.
Setting `kusd.BaselineSystemTimeQpc` to `UINT64_MAX` avoids the adjustment, so incorrect adjustments won't happen.
Alternatively, We can update `kusd.BaselineSystemTimeQpc` to be the QPC value just when `kusd.SystemTime` changes, but that's not possible, because we cannot monitor `kusd.SystemTime` for change.
