diff options
| author | André Zwing <nerv@dawncrow.de> | 2025-05-26 21:57:12 +0200 |
|---|---|---|
| committer | André Zwing <nerv@dawncrow.de> | 2025-05-26 22:01:02 +0200 |
| commit | 7a4cf9fc9ef17f9b5adbfa0458ca041d173d747c (patch) | |
| tree | a94a6b737cf8d89dfc4ebba534516d5dfabd6454 | |
| parent | 2fdd7f6188fb5ef6c53809535f63a022204129ee (diff) | |
| download | box64-7a4cf9fc9ef17f9b5adbfa0458ca041d173d747c.tar.gz box64-7a4cf9fc9ef17f9b5adbfa0458ca041d173d747c.zip | |
[WOW64] Implement BTCpuNotifyUnmapViewOfSection
| -rw-r--r-- | wow64/compiler.h | 20 | ||||
| -rw-r--r-- | wow64/wowbox64.c | 26 |
2 files changed, 45 insertions, 1 deletions
diff --git a/wow64/compiler.h b/wow64/compiler.h index f0697357..eac844e5 100644 --- a/wow64/compiler.h +++ b/wow64/compiler.h @@ -9,6 +9,23 @@ #define WOW64_TLS_MAX_NUMBER (19) #define WOW64_CPURESERVED_FLAG_RESET_STATE (1) +typedef enum _MEMORY_INFORMATION_CLASS { + MemoryBasicInformation, + MemoryWorkingSetInformation, + MemoryMappedFilenameInformation, + MemoryRegionInformation, + MemoryWorkingSetExInformation, + MemorySharedCommitInformation, + MemoryImageInformation, + MemoryRegionInformationEx, + MemoryPrivilegedBasicInformation, + MemoryEnclaveImageInformation, + MemoryBasicInformationCapped, + MemoryPhysicalContiguityInformation, + MemoryBadInformation, + MemoryBadInformationAllProcesses, +} MEMORY_INFORMATION_CLASS; + typedef struct _WOW64_CPURESERVED { USHORT Flags; @@ -34,10 +51,13 @@ typedef struct _XMM_SAVE_AREA32 { BYTE Reserved4[96]; } XMM_SAVE_AREA32; +#define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 ) + NTSTATUS WINAPI RtlWow64GetCurrentCpuArea(USHORT *, void **, void **); NTSTATUS WINAPI Wow64SystemServiceEx(UINT, UINT*); NTSYSAPI NTSTATUS WINAPI LdrGetDllHandle(LPCWSTR, ULONG, const UNICODE_STRING*, HMODULE*); NTSYSAPI NTSTATUS WINAPI NtContinue(PCONTEXT, BOOLEAN); +NTSYSAPI NTSTATUS WINAPI NtQueryVirtualMemory(HANDLE, LPCVOID, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, SIZE_T*); NTSYSAPI void* WINAPI RtlFindExportedRoutineByName(HMODULE, const char*); NTSYSAPI void DECLSPEC_NORETURN WINAPI RtlRaiseStatus(NTSTATUS); diff --git a/wow64/wowbox64.c b/wow64/wowbox64.c index 6cb6d18b..4bfb65b4 100644 --- a/wow64/wowbox64.c +++ b/wow64/wowbox64.c @@ -124,6 +124,30 @@ void box_to_fpu(WOW64_CONTEXT *ctx, x64emu_t *emu) memcpy(fpu->XmmRegisters, emu->xmm, sizeof(emu->xmm)); } +static NTSTATUS invalidate_mapped_section( PVOID addr ) +{ + MEMORY_BASIC_INFORMATION mem_info; + SIZE_T size; + void* base; + + NTSTATUS ret = NtQueryVirtualMemory( NtCurrentProcess(), addr, MemoryBasicInformation, &mem_info, sizeof(mem_info), NULL ); + + if (!NT_SUCCESS(ret)) + return ret; + + base = mem_info.AllocationBase; + size = (char*)mem_info.BaseAddress + mem_info.RegionSize - (char*)base; + + while (!NtQueryVirtualMemory( NtCurrentProcess(), (char*)base + size, MemoryBasicInformation, &mem_info, sizeof(mem_info), NULL) && + mem_info.AllocationBase == base) + { + size += mem_info.RegionSize; + } + + unprotectDB((uintptr_t)base, (DWORD64)size, 1); + return STATUS_SUCCESS; +} + void WINAPI BTCpuFlushInstructionCache2(LPCVOID addr, SIZE_T size) { // NYI @@ -160,7 +184,7 @@ void WINAPI BTCpuNotifyMemoryProtect(PVOID addr, SIZE_T size, DWORD new_protect) void WINAPI BTCpuNotifyUnmapViewOfSection(PVOID addr, ULONG flags) { - // NYI + invalidate_mapped_section( addr ); } NTSTATUS WINAPI BTCpuProcessInit(void) |