void VirtualProtect(IProcessorEmulator emulator)
{
uint esp = (uint)emulator.ReadRegister(Registers.esp);
uint uAddress = ReadLeUInt32(esp + 4u);
uint dwSize = ReadLeUInt32(esp + 8u);
uint newProtect = ReadLeUInt32(esp + 12u);
uint pOldProtect = ReadLeUInt32(esp + 16u);
Debug.Print("VirtualProtect({0:X8},{1:X8},{2:X8},{3:X8})", uAddress, dwSize, newProtect, pOldProtect);
//$TODO: to make this work we have to keep a mapping (page -> permissions)
// For now, return the protection of the segment.
if (!this.map.TryFindSegment(Address.Ptr32(uAddress), out var seg))
{
var prot = MapProtectionToWin32(seg.Access);
WriteLeUInt32(Address.Ptr32(pOldProtect), prot);
emulator.WriteRegister(Registers.eax, 0u);
}
else
{
// RWX = 0x70
WriteLeUInt32(Address.Ptr32(pOldProtect), 0x70);
emulator.WriteRegister(Registers.eax, 1u);
}
emulator.WriteRegister(Registers.esp, esp + 20);
}
public ImageSegment InitializeStack(IProcessorEmulator emu, ProcessorState state)
{
var stack = new MemoryArea(Address.Ptr32(0x7FE00000), new byte[1024 * 1024]);
var stackSeg = this.map.AddSegment(stack, "stack", AccessMode.ReadWrite);
emu.WriteRegister(Registers.esp, (uint)stack.EndAddress.ToLinear() - 4u);
return(stackSeg);
}
public ImageSegment InitializeStack(IProcessorEmulator emu, ProcessorState state)
{
var stack = new ByteMemoryArea(Address.Ptr32(0x7FE00000), new byte[1024 * 1024]);
var stackSeg = this.map.AddSegment(stack, "stack", AccessMode.ReadWrite);
emu.WriteRegister(Registers.esp, (uint)stack.BaseAddress.ToLinear() + (uint)(stack.Length - this.platform.Architecture.PointerType.Size));
return(stackSeg);
}
public bool InterceptCall(IProcessorEmulator emu, TWord l)
{
if (!this.InterceptedCalls.TryGetValue(Address.Ptr32(l), out ExternalProcedure epProc))
{
return(false);
}
((SimulatedProc)epProc).Emulator(emu);
return(true);
}
public ImageSegment InitializeStack(IProcessorEmulator emulator, ProcessorState state)
{
var cs = ((Constant)state.GetValue(Registers.cs)).ToUInt16();
var ss = ((Constant)state.GetValue(Registers.ss)).ToUInt16();
var sp = ((Constant)state.GetValue(Registers.sp)).ToUInt16();
var ds = ((Constant)state.GetValue(Registers.ds)).ToUInt16();
emulator.WriteRegister(Registers.cs, cs);
emulator.WriteRegister(Registers.ss, ss);
emulator.WriteRegister(Registers.sp, sp);
emulator.WriteRegister(Registers.ds, ds);
return(null);
}
void VirtualProtect(IProcessorEmulator emulator)
{
uint esp = (uint)emulator.ReadRegister(Registers.esp);
uint arg1 = ReadLeUInt32(esp + 4u);
uint arg2 = ReadLeUInt32(esp + 8u);
uint arg3 = ReadLeUInt32(esp + 12u);
uint arg4 = ReadLeUInt32(esp + 16u);
Debug.Print("VirtualProtect({0:X8},{1:X8},{2:X8},{3:X8})", arg1, arg2, arg3, arg4);
emulator.WriteRegister(Registers.eax, 1u);
emulator.WriteRegister(Registers.esp, esp + 20);
}
void LoadLibraryA(IProcessorEmulator emulator)
{
// M[Esp] is return address.
// M[Esp + 4] is pointer to DLL name.
uint esp = (uint)emulator.ReadRegister(Registers.esp);
uint pstrLibName = ReadLeUInt32(esp + 4u);
string szLibName = ReadMbString(pstrLibName);
Module module = EnsureModule(szLibName);
emulator.WriteRegister(Registers.eax, module.Handle);
// Clean up the stack.
emulator.WriteRegister(Registers.esp, esp + 8);
}
void GetProcAddress(IProcessorEmulator emulator)
{
// M[esp] is return address
// M[esp + 4] is hmodule
// M[esp + 4] is pointer to function name
uint esp = (uint)emulator.ReadRegister(Registers.esp);
uint hmodule = ReadLeUInt32(esp + 4u);
uint pstrFnName = ReadLeUInt32(esp + 8u);
if ((pstrFnName & 0xFFFF0000) != 0)
{
string importName = ReadMbString(pstrFnName);
var module = modules.Values.First(m => m.Handle == hmodule);
SimulatedProc fn = EnsureProc(module, importName, NYI);
emulator.WriteRegister(Registers.eax, fn.uFakedAddress);
emulator.WriteRegister(Registers.esp, esp + 12);
}
else
{
//$TODO: import by ordinal.
throw new NotImplementedException();
}
}
void NYI(IProcessorEmulator emulator)
{
throw new NotImplementedException();
}
public Debugger(IProcessorEmulator emu)
{
this.emu = emu;
}
void ExitProcess(IProcessorEmulator emulator)
{
emulator.Stop();
}
public Debugger(IProcessorArchitecture arch, IProcessorEmulator emu)
{
this.arch = arch;
this.emu = emu;
}
void GetProcAddress(IProcessorEmulator emulator)
{
// M[esp] is return address
// M[esp + 4] is hmodule
// M[esp + 4] is pointer to function name
uint esp = (uint)emulator.ReadRegister(Registers.esp);
uint hmodule = img.ReadLeUInt32(esp + 4u - img.BaseAddress.ToUInt32());
uint pstrFnName = img.ReadLeUInt32(esp + 8u - img.BaseAddress.ToUInt32());
if ((pstrFnName & 0xFFFF0000) != 0)
{
string importName = ReadMbString(img, pstrFnName);
var module = modules.Values.First(m => m.Handle == hmodule);
SimulatedProc fn = EnsureProc(module, importName, NYI);
emulator.WriteRegister(Registers.eax, fn.uFakedAddress);
emulator.WriteRegister(Registers.esp, esp + 12);
}
else
{
//$TODO: import by ordinal.
throw new NotImplementedException();
}
}
public ImageSegment?InitializeStack(IProcessorEmulator emulator, ProcessorState state)
{
return(null);
}
public ImageSegment?InitializeStack(IProcessorEmulator emulator, ProcessorState state)
{
throw new NotImplementedException();
}
public bool InterceptCall(IProcessorEmulator emu, TWord l)
{
ExternalProcedure epProc;
if (!this.InterceptedCalls.TryGetValue(l, out epProc))
return false;
((SimulatedProc)epProc).Emulator(emu);
return true;
}
void NYI(IProcessorEmulator emulator)
{
throw new NotImplementedException();
}
void VirtualProtect(IProcessorEmulator emulator)
{
uint esp = (uint)emulator.ReadRegister(Registers.esp);
uint arg1 = img.ReadLeUInt32(esp + 4u - img.BaseAddress.ToUInt32());
uint arg2 = img.ReadLeUInt32(esp + 8u - img.BaseAddress.ToUInt32());
uint arg3 = img.ReadLeUInt32(esp + 12u - img.BaseAddress.ToUInt32());
uint arg4 = img.ReadLeUInt32(esp + 16u - img.BaseAddress.ToUInt32());
Debug.Print("VirtualProtect({0:X8},{1:X8},{2:X8},{3:X8})", arg1, arg2, arg3, arg4);
emulator.WriteRegister(Registers.eax, 1u);
emulator.WriteRegister(Registers.esp, esp + 20);
}
void ExitProcess(IProcessorEmulator emulator)
{
emulator.Stop();
}
public bool InterceptCall(IProcessorEmulator emulator, uint calledAddress)
{
throw new NotImplementedException();
}
public bool InterceptCall(IProcessorEmulator emulator, uint calledAddress)
{
return(false);
}
void LoadLibraryA(IProcessorEmulator emulator)
{
// M[Esp] is return address.
// M[Esp + 4] is pointer to DLL name.
uint esp = (uint)emulator.ReadRegister(Registers.esp);
uint pstrLibName = img.ReadLeUInt32(esp + 4u - img.BaseAddress.ToUInt32());
string szLibName = ReadMbString(img, pstrLibName);
Module module = EnsureModule(szLibName);
emulator.WriteRegister(Registers.eax, module.Handle);
// Clean up the stack.
emulator.WriteRegister(Registers.esp, esp + 8);
}
