diff --git a/src/windows-emulator/process_context.hpp b/src/windows-emulator/process_context.hpp index 8a572d5..3a1a780 100644 --- a/src/windows-emulator/process_context.hpp +++ b/src/windows-emulator/process_context.hpp @@ -363,7 +363,7 @@ struct process_context { } - registry_manager registry{R"(C:\Users\mauri\Desktop\windows\win-x64\registry)"}; // TODO: Fix + registry_manager registry{}; uint64_t executed_instructions{0}; uint64_t current_ip{0}; diff --git a/src/windows-emulator/registry/hive_parser.cpp b/src/windows-emulator/registry/hive_parser.cpp index 425d141..03190cb 100644 --- a/src/windows-emulator/registry/hive_parser.cpp +++ b/src/windows-emulator/registry/hive_parser.cpp @@ -114,14 +114,21 @@ namespace hive_key parse_root_block(std::ifstream& file, const std::filesystem::path& file_path) { - if (read_file_data_string(file, 0, 4) != "regf") + try { - throw std::runtime_error("Bad hive file: " + file_path.string()); - } + if (read_file_data_string(file, 0, 4) != "regf") + { + throw std::runtime_error("Invalid signature"); + } - const auto key_block = read_file_object(file, MAIN_KEY_BLOCK_OFFSET); + const auto key_block = read_file_object(file, MAIN_KEY_BLOCK_OFFSET); - return {key_block.subkeys, key_block.value_count, key_block.offsets}; + return {key_block.subkeys, key_block.value_count, key_block.offsets}; + } + catch (const std::exception& e) + { + throw std::runtime_error("Bad hive file '" + file_path.string() + "': " + e.what()); + } } char char_to_lower(const char val) diff --git a/src/windows-emulator/registry/registry_manager.cpp b/src/windows-emulator/registry/registry_manager.cpp index a5440b9..ad88cb2 100644 --- a/src/windows-emulator/registry/registry_manager.cpp +++ b/src/windows-emulator/registry/registry_manager.cpp @@ -33,21 +33,17 @@ namespace void register_hive(registry_manager::hive_map& hives, const std::filesystem::path& key, const std::filesystem::path& file) { - try - { - hives[canonicalize_path(key)] = std::make_unique(file); - } - catch (const std::exception& e) - { - - } + hives[canonicalize_path(key)] = std::make_unique(file); } } +registry_manager::registry_manager() = default; registry_manager::~registry_manager() = default; +registry_manager::registry_manager(registry_manager&&) noexcept = default; +registry_manager& registry_manager::operator=(registry_manager&&) noexcept = default; -registry_manager::registry_manager(std::filesystem::path hive_path) - : hive_path_(std::move(hive_path)) +registry_manager::registry_manager(const std::filesystem::path& hive_path) + : hive_path_(absolute(hive_path)) { this->setup(); } diff --git a/src/windows-emulator/registry/registry_manager.hpp b/src/windows-emulator/registry/registry_manager.hpp index d63b7f3..7115337 100644 --- a/src/windows-emulator/registry/registry_manager.hpp +++ b/src/windows-emulator/registry/registry_manager.hpp @@ -36,10 +36,17 @@ class registry_manager using hive_ptr = std::unique_ptr; using hive_map = std::unordered_map; - registry_manager() = default; - registry_manager(std::filesystem::path hive_path); + registry_manager(); + registry_manager(const std::filesystem::path& hive_path); ~registry_manager(); + registry_manager(registry_manager&&) noexcept; + registry_manager& operator=(registry_manager&&) noexcept; + + registry_manager(const registry_manager&) = delete; + registry_manager& operator=(const registry_manager&) = delete; + + void serialize(utils::buffer_serializer& buffer) const; void deserialize(utils::buffer_deserializer& buffer); diff --git a/src/windows-emulator/syscalls.cpp b/src/windows-emulator/syscalls.cpp index 7aa165d..e0d810f 100644 --- a/src/windows-emulator/syscalls.cpp +++ b/src/windows-emulator/syscalls.cpp @@ -1,12 +1,10 @@ #include "std_include.hpp" #include "syscall_dispatcher.hpp" - -#include - #include "context_frame.hpp" #include "emulator_utils.hpp" #include "syscall_utils.hpp" +#include #include namespace @@ -168,8 +166,9 @@ namespace if (key_value_information_class == KeyValueFullInformation) { - const auto required_size = sizeof(KEY_VALUE_FULL_INFORMATION) + (original_name.size() * 2) + value->data. - size() - 1; + const auto name_size = original_name.size() * 2; + const auto value_size = value->data.size(); + const auto required_size = sizeof(KEY_VALUE_FULL_INFORMATION) + name_size + value_size + -1; result_length.write(static_cast(required_size)); if (required_size > length) diff --git a/src/windows-emulator/windows_emulator.cpp b/src/windows-emulator/windows_emulator.cpp index 393520b..8e4c0eb 100644 --- a/src/windows-emulator/windows_emulator.cpp +++ b/src/windows-emulator/windows_emulator.cpp @@ -255,6 +255,8 @@ namespace { setup_gdt(emu); + context.registry = registry_manager(settings.registry_directory); + context.kusd = setup_kusd(emu); context.base_allocator = create_allocator(emu, PEB_SEGMENT_SIZE); diff --git a/src/windows-emulator/windows_emulator.hpp b/src/windows-emulator/windows_emulator.hpp index 7ae773e..5e858ca 100644 --- a/src/windows-emulator/windows_emulator.hpp +++ b/src/windows-emulator/windows_emulator.hpp @@ -11,9 +11,10 @@ std::unique_ptr create_default_x64_emulator(); struct emulator_settings { - std::filesystem::path application; - std::filesystem::path working_directory; - std::vector arguments; + std::filesystem::path application{}; + std::filesystem::path working_directory{}; + std::filesystem::path registry_directory{"./registry"}; + std::vector arguments{}; bool disable_logging{false}; };