first drivers winapi32

sha0coder · sha0coder · commit bc4304395bcf · 2025-09-09T13:07:38.000+02:00
diff --git a/crates/libmwemu/src/emu/loaders.rs b/crates/libmwemu/src/emu/loaders.rs
@@ -100,7 +100,6 @@ impl Emu {
         }
 
         // 4. map pe and then sections
-        log::info!("mapeando PE de {}", filename2);
         let pemap = self
             .maps
             .create_map(
diff --git a/crates/libmwemu/src/winapi/winapi32/kernel32/mod.rs b/crates/libmwemu/src/winapi/winapi32/kernel32/mod.rs
@@ -714,7 +714,7 @@ pub fn load_library(emu: &mut emu::Emu, libname: &str) -> u64 {
         return 0;
     }
 
-    if !dll.ends_with(".dll") {
+    if !dll.ends_with(".dll") && !dll.ends_with(".exe") {
         dll.push_str(".dll");
     }
 
diff --git a/crates/libmwemu/src/winapi/winapi32/mod.rs b/crates/libmwemu/src/winapi/winapi32/mod.rs
@@ -14,6 +14,7 @@ mod user32;
 mod wincrt;
 mod wininet;
 mod ws2_32;
+mod ntoskrnl;
 
 use crate::emu;
 
@@ -37,11 +38,13 @@ pub fn gateway(addr: u32, name: &str, emu: &mut emu::Emu) {
         "iphlpapi.text" => iphlpapi::gateway(addr, emu),
         "libgcc_s_dw2-1.text" => libgcc::gateway(addr, emu),
         "api-ms-win-crt-runtime-l1-1-0.text" => wincrt::gateway(addr, emu),
+        "ntoskrnl.text" => ntoskrnl::gateway(addr, emu),
+        "ntoskrnlPAGE" => ntoskrnl::gateway(addr, emu),
         "not_loaded" => {
             // TODO: banzai check?
             emu.pe32.as_ref().unwrap().import_addr_to_name(addr)
         }
-        _ => panic!("/!\\ trying to execute on {} at 0x{:x}", name, addr),
+        _ => panic!("/!\\ winapi32 gateway: trying to execute on {} at 0x{:x}", name, addr),
     };
     emu.call_stack_mut().pop();
 }
diff --git a/crates/libmwemu/src/winapi/winapi32/ntoskrnl.rs b/crates/libmwemu/src/winapi/winapi32/ntoskrnl.rs
@@ -0,0 +1,75 @@
+use crate::emu;
+use crate::serialization;
+//use crate::winapi::helper;
+use crate::winapi::winapi32::kernel32;
+use crate::structures::UnicodeString;
+use crate::constants;
+
+
+pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String {
+    let api = kernel32::guess_api_name(emu, addr);
+    match api.as_str() {
+        "RtlInitUnicodeString" => RtlInitUnicodeString(emu),
+        _ => {
+            if emu.cfg.skip_unimplemented == false {
+                if emu.cfg.dump_on_exit && emu.cfg.dump_filename.is_some() {
+                    serialization::Serialization::dump_to_file(
+                        &emu,
+                        emu.cfg.dump_filename.as_ref().unwrap(),
+                    );
+                }
+
+                unimplemented!("atemmpt to call unimplemented API 0x{:x} {}", addr, api);
+            }
+            log::warn!(
+                "calling unimplemented API 0x{:x} {} at 0x{:x}",
+                addr,
+                api,
+                emu.regs().rip
+            );
+            return api;
+        }
+    }
+
+    String::new()
+}
+
+
+fn RtlInitUnicodeString(emu: &mut emu::Emu) {
+    let dst_ptr = emu
+        .maps
+        .read_dword(emu.regs().get_esp())
+        .expect("ntoskrnl!RtlInitUnicodeString: error reading arg1 (dst_ptr)") as u64;
+    let src_ptr = emu
+        .maps
+        .read_dword(emu.regs().get_esp()+4)
+        .expect("ntoskrnl!RtlInitUnicodeString: error reading optional arg2 (src_ptr)") as u64;
+
+    if !emu.maps.is_mapped(dst_ptr) {
+        log_red!(emu, "ntoskrnl!RtlInitUnicodeString worng destination pointer 0x{:x}", dst_ptr);
+        panic!();
+    }
+
+    let mut s = "".to_string();
+    let ustr;
+
+    if src_ptr > 0 && emu.maps.is_mapped(src_ptr) {
+        ustr = UnicodeString::load(src_ptr, &emu.maps);
+        if emu.maps.is_mapped(ustr.buffer as u64) {
+            s = emu.maps.read_wide_string(ustr.buffer as u64);
+        } else {
+            log_red!(emu, "ntoskrnl!RtlInitUnicodeString ustr.buffer is not ok: 0x{:x}", ustr.buffer);
+        }
+    } else {
+        ustr = UnicodeString::new();
+    }
+
+    ustr.save(dst_ptr, &mut emu.maps);
+
+    log_red!(emu, "ntoskrnl!RtlInitUnicodeString dst: 0x{:x} str:'{}' src: 0x{:x}", dst_ptr, s, src_ptr);
+
+    emu.stack_pop32(false);
+    emu.stack_pop32(false);
+
+    emu.regs_mut().rax = constants::STATUS_SUCCESS;
+}
diff --git a/crates/libmwemu/src/winapi/winapi64/mod.rs b/crates/libmwemu/src/winapi/winapi64/mod.rs
@@ -48,7 +48,7 @@ pub fn gateway(addr: u64, name: &str, emu: &mut emu::Emu) {
             // TODO: banzai check?
             emu.pe64.as_ref().unwrap().import_addr_to_name(addr)
         }
-        _ => panic!("/!\\ trying to execute on {} at 0x{:x}", name, addr),
+        _ => panic!("/!\\ winapi64 gateway: trying to execute on {} at 0x{:x}", name, addr),
     };
 
     emu.call_stack_mut().pop();
diff --git a/maps/maps32/ntoskrnl.exe b/maps/maps32/ntoskrnl.exe
diff --git a/maps/maps64/ntoskrnl.exe b/maps/maps64/ntoskrnl.exe

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,6 @@ impl Emu {`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`// 4. map pe and then sections`
`103`		`- log::info!("mapeando PE de {}", filename2);`
`104`	`103`	`let pemap = self`
`105`	`104`	`.maps`
`106`	`105`	`.create_map(`
Original file line number	Diff line number	Diff line change
`@@ -714,7 +714,7 @@ pub fn load_library(emu: &mut emu::Emu, libname: &str) -> u64 {`
`714`	`714`	`return 0;`
`715`	`715`	`}`
`716`	`716`
`717`		`- if !dll.ends_with(".dll") {`
	`717`	`+ if !dll.ends_with(".dll") && !dll.ends_with(".exe") {`
`718`	`718`	`dll.push_str(".dll");`
`719`	`719`	`}`
`720`	`720`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ pub fn gateway(addr: u64, name: &str, emu: &mut emu::Emu) {`
`48`	`48`	`// TODO: banzai check?`
`49`	`49`	`emu.pe64.as_ref().unwrap().import_addr_to_name(addr)`
`50`	`50`	`}`
`51`		`- _ => panic!("/!\\ trying to execute on {} at 0x{:x}", name, addr),`
	`51`	`+ _ => panic!("/!\\ winapi64 gateway: trying to execute on {} at 0x{:x}", name, addr),`
`52`	`52`	`};`
`53`	`53`
`54`	`54`	`emu.call_stack_mut().pop();`