Slightly better logging

momo5502 · Sep 22, 2024 · 9cba4cd · 9cba4cd
1 parent 88b01bd
commit 9cba4cd
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 30 deletions.
diff --git a/src/sample/main.cpp b/src/sample/main.cpp
@@ -68,6 +68,7 @@ namespace
 
 		//watch_system_objects(win_emu);
 		win_emu.buffer_stdout = true;
+		//win_emu.verbose_calls = true;
 
 		const auto& exe = *win_emu.process().executable;
 
@@ -84,36 +85,32 @@ namespace
 			}
 		});
 
-		win_emu.add_syscall_hook([&]
+		/*win_emu.add_syscall_hook([&]
 		{
-			const auto rip = win_emu.emu().read_instruction_pointer();
-			if (rip >= text_start && rip < text_end)
+			const auto syscall_id = win_emu.emu().reg(x64_register::eax);
+			const auto syscall_name = win_emu.dispatcher().get_syscall_name(syscall_id);
+
+			if (syscall_name != "NtQueryInformationProcess")
 			{
-				const auto syscall_id = win_emu.emu().reg(x64_register::eax);
-				const auto syscall_name = win_emu.dispatcher().get_syscall_name(syscall_id);
-
-				win_emu.logger.print(color::blue, "Executing inline syscall: %s (0x%X) at 0x%llX\n",
-				                     syscall_name.c_str(),
-				                     syscall_id, rip);
-
-				/*if (syscall_name == "NtQueryInformationProcess")
-				{
-					const auto info_class = win_emu.emu().reg(x64_register::rdx);
-					if (info_class == ProcessImageFileNameWin32)
-					{
-						const auto data = win_emu.emu().reg(x64_register::r8);
-
-						emulator_allocator data_allocator{win_emu.emu(), data, 0x100};
-						data_allocator.make_unicode_string(
-							L"C:\\Users\\mauri\\source\\repos\\lul\\x64\\Release\\lul.exe");
-						win_emu.emu().reg(x64_register::rax, STATUS_SUCCESS);
-						return instruction_hook_continuation::skip_instruction;
-					}
-				}*/
+				return instruction_hook_continuation::run_instruction;
 			}
 
-			return instruction_hook_continuation::run_instruction;
-		});
+			const auto info_class = win_emu.emu().reg(x64_register::rdx);
+			if (info_class != ProcessImageFileNameWin32)
+			{
+				return instruction_hook_continuation::run_instruction;
+			}
+
+			win_emu.logger.print(color::pink, "Patching NtQueryInformationProcess...\n");
+
+			const auto data = win_emu.emu().reg(x64_register::r8);
+
+			emulator_allocator data_allocator{win_emu.emu(), data, 0x100};
+			data_allocator.make_unicode_string(
+				L"C:\\Users\\mauri\\source\\repos\\lul\\x64\\Release\\lul.exe");
+			win_emu.emu().reg(x64_register::rax, STATUS_SUCCESS);
+			return instruction_hook_continuation::skip_instruction;
+		});*/
 
 		run_emulation(win_emu);
 	}

diff --git a/src/windows_emulator/syscalls.cpp b/src/windows_emulator/syscalls.cpp
@@ -657,7 +657,7 @@ namespace
 			}
 
 			const auto region_info = c.emu.get_region_info(base_address);
-			if(!region_info.is_reserved)
+			if (!region_info.is_reserved)
 			{
 				return STATUS_INVALID_ADDRESS;
 			}
@@ -1961,8 +1961,22 @@ void syscall_dispatcher::dispatch(windows_emulator& win_emu)
 			return;
 		}
 
-		win_emu.logger.print(color::dark_gray, "Syscall: %s (0x%X) at 0x%llX\n", entry->second.name.c_str(), syscall_id,
-		                     address);
+		const auto* mod = context.module_manager.find_by_address(address);
+		if (mod != context.ntdll && mod != context.win32u)
+		{
+			win_emu.logger.print(color::blue, "Executing inline syscall: %s (0x%X) at 0x%llX (%s)\n",
+			                     entry->second.name.c_str(),
+			                     syscall_id,
+			                     address, mod ? mod->name.c_str() : "<N/A>");
+		}
+		else
+		{
+			win_emu.logger.print(color::dark_gray, "Executing syscall: %s (0x%X) at 0x%llX\n",
+			                     entry->second.name.c_str(),
+			                     syscall_id,
+			                     address);
+		}
+
 		entry->second.handler(c);
 	}
 	catch (std::exception& e)

diff --git a/src/windows_emulator/windows_emulator.cpp b/src/windows_emulator/windows_emulator.cpp
@@ -614,7 +614,7 @@ void windows_emulator::setup_hooks()
 			                                  const auto export_entry = binary->address_names.find(address);
 			                                  if (export_entry != binary->address_names.end())
 			                                  {
-				                                  logger.print(is_interesting_call ? color::yellow : color::gray,
+				                                  logger.print(is_interesting_call ? color::yellow : color::dark_gray,
 				                                               "Executing function: %s - %s (0x%llX)\n",
 				                                               binary->name.c_str(),
 				                                               export_entry->second.c_str(), address);