sha0coder · sha0coder · Mar 10, 2025 · Jan 22, 2025 · Jan 22, 2025 · Jan 22, 2025
diff --git a/libmwemu/src/emu.rs b/libmwemu/src/emu.rs
@@ -96,8 +96,7 @@ pub struct Emu {
     pub tick: usize,
     pub trace_file: Option<File>,
     pub base: u64,
-    //pub stack_lvl: Vec<i32>,
-    //pub stack_lvl_idx: usize,
+    pub call_stack: Vec<String>,
 }
 
 impl Default for Emu {
@@ -163,8 +162,7 @@ impl Emu {
             tick: 0,
             trace_file: None,
             base: 0,
-            //stack_lvl: vec![],
-            //stack_lvl_idx: 0,
+            call_stack: vec![],
         }
     }
 
@@ -1865,13 +1863,8 @@ impl Emu {
             }
 
             self.gateway_return = self.stack_pop64(false).unwrap_or(0);
-
-            //self.stack_lvl.pop();
-            //self.stack_lvl_idx -= 1;
-
             self.regs.rip = self.gateway_return;
 
-
             let handle_winapi: bool = match self.hooks.hook_on_winapi_call {
                 Some(hook_fn) => hook_fn(self, self.regs.rip, addr),
                 None => true,
@@ -1932,18 +1925,8 @@ impl Emu {
                 return false;
             }
 
-            // anular el call
-            //self.stack_lvl.pop();
-            //self.stack_lvl_idx += 1;
-            // anular el pop previo
-            //self.stack_lvl[self.stack_lvl_idx] -= 1;
-
             self.gateway_return = self.stack_pop32(false).unwrap_or(0).into();
 
-            //self.stack_lvl.pop();
-            //self.stack_lvl_idx -= 1;
-
-
             self.regs.set_eip(self.gateway_return);
 
             let handle_winapi: bool = match self.hooks.hook_on_winapi_call {

diff --git a/libmwemu/src/engine/mod.rs b/libmwemu/src/engine/mod.rs
@@ -46,8 +46,6 @@ pub fn emulate_instruction(
                 unimplemented!("weird variant of call");
             }
 
-
-
             let addr = match emu.get_operand_value(ins, 0, true) {
                 Some(a) => a,
                 None => return false,
@@ -63,6 +61,8 @@ pub fn emulate_instruction(
                 emu.stack_lvl_idx += 1;
             }*/
 
+            emu.call_stack.push(format!("{:x}:call:{:x}", emu.regs.rip, addr));
+
             if emu.cfg.is_64bits {
                 if !emu.stack_push64(emu.regs.rip + instruction_sz as u64) {
                     return false;
@@ -238,12 +238,7 @@ pub fn emulate_instruction(
                 }
             }
 
-            //if emu.stack_lvl[emu.stack_lvl_idx] != 0 {
-            //    log::info!("/!\\ error stack level is {}", emu.stack_lvl[emu.stack_lvl_idx]);
-            //}
-            //emu.stack_lvl.pop();
-            //emu.stack_lvl_idx -= 1;
-
+            emu.call_stack.pop();
 
             if emu.run_until_ret {
                 return true; 
@@ -4207,7 +4202,8 @@ pub fn emulate_instruction(
                     }
 
                     0x29 => {
-                        log::info!("int 0x21: __fastfail {}", emu.regs.rcx);
+                        log::info!("call_stack = {:?}", emu.call_stack);
+                        log::info!("int 0x29: __fastfail {}", emu.regs.rcx);
                         std::process::exit(1);
                     }
 

diff --git a/libmwemu/src/maps/mod.rs b/libmwemu/src/maps/mod.rs
@@ -19,6 +19,8 @@ impl Default for Maps {
 }
 
 impl Maps {
+    const DEFAULT_ALIGNMENT: u64 = 16;
+
     pub fn new() -> Maps {
         Maps {
             maps: Vec::new(),
@@ -1092,13 +1094,16 @@ impl Maps {
     }
 
     fn _alloc(&self, mut sz: u64, bottom: u64, top: u64, lib: bool) -> Option<u64> {
-        let mut prev: u64 = bottom;
+        let mut prev: u64 = self.align_up(bottom, Self::DEFAULT_ALIGNMENT);
         let debug = false;
 
         if sz > 0xffffff {
             sz = 0xffffff;
         }
 
+        // Round up size to alignment
+        sz = self.align_up(sz, Self::DEFAULT_ALIGNMENT);
+
         if debug {
             log::info!("allocating {} bytes from 0x{:x} to 0x{:x}", sz, bottom, top);
         }
@@ -1111,14 +1116,13 @@ impl Maps {
                 if debug {
                     log::info!("skipping: 0x{:x}", base);
                 }
-                continue; // a lib finding allocs that are not lib
+                continue;
             }
 
             if debug {
                 log::info!("base: 0x{:x} prev: 0x{:x} sz: 0x{:x}", base, prev, sz);
             }
             if prev > base {
-                //self.show_maps();
                 panic!("alloc error");
             }
             if debug {
@@ -1131,12 +1135,11 @@ impl Maps {
                 return Some(prev);
             }
 
-            prev = mem.get_bottom();
+            prev = self.align_up(mem.get_bottom(), Self::DEFAULT_ALIGNMENT);
         }
 
         if top < prev {
-            //TODO: check this case!!
-            prev = top;
+            prev = self.align_up(top, Self::DEFAULT_ALIGNMENT);
         }
         if top - prev > sz {
             if debug {
@@ -1149,28 +1152,12 @@ impl Maps {
         None
     }
 
-    pub fn alloc_deprecated(&self, sz: u64) -> Option<u64> {
-        let mut addr: u64 = 0;
-        let inc = 0x10;
-
-        loop {
-            addr += inc;
-
-            if addr >= 0x70000000 {
-                return None;
-            }
-
-            for mem in self.maps.iter() {
-                if addr >= mem.get_base() && addr <= mem.get_bottom() {
-                    addr = mem.get_bottom();
-                    continue;
-                }
-            }
+    fn align_up(&self, addr: u64, align: u64) -> u64 {
+        (addr + (align - 1)) & !(align - 1)
+    }
 
-            if !self.overlaps(addr, sz) {
-                return Some(addr);
-            }
-        }
+    fn align_down(&self, addr: u64, align: u64) -> u64 {
+        addr & !(align - 1)
     }
 
     pub fn save_all_allocs(&mut self, path: String) {

diff --git a/libmwemu/src/serialization.rs b/libmwemu/src/serialization.rs
@@ -215,8 +215,7 @@ pub struct SerializableEmu {
     pub rep: Option<u64>,
     pub tick: usize,
     pub base: u64,
-    //pub stack_lvl: Vec<i32>,
-    //pub stack_lvl_idx: usize,
+    pub call_stack: Vec<String>,
 }
 
 impl From<SerializableFPU> for FPU {
@@ -316,8 +315,7 @@ impl<'a> From<&'a Emu> for SerializableEmu {
                 rep: emu.rep,
                 tick: emu.tick,
                 base: emu.base,
-                //stack_lvl: emu.stack_lvl.clone(),
-                //stack_lvl_idx: emu.stack_lvl_idx,
+                call_stack: emu.call_stack.clone(),
         }
     }
 }   
@@ -386,8 +384,7 @@ impl From<SerializableEmu> for Emu {
             tick: serialized.tick,
             trace_file: trace_file,
             base: serialized.base,
-            //stack_lvl: serialized.stack_lvl,
-            //stack_lvl_idx: serialized.stack_lvl_idx,
+            call_stack: serialized.call_stack,
         }
     }
 }

diff --git a/libmwemu/src/winapi32/mod.rs b/libmwemu/src/winapi32/mod.rs
@@ -44,4 +44,5 @@ pub fn gateway(addr: u32, name: String, emu: &mut emu::Emu) {
         },
         _ => panic!("/!\\ trying to execute on {} at 0x{:x}", name, addr),
     };
+    emu.call_stack.pop();
 }
diff --git a/libmwemu/src/winapi64/mod.rs b/libmwemu/src/winapi64/mod.rs
@@ -50,4 +50,6 @@ pub fn gateway(addr: u64, name: String, emu: &mut emu::Emu) {
         },
         _ => panic!("/!\\ trying to execute on {} at 0x{:x}", name, addr),
     };
+
+    emu.call_stack.pop();
 }
diff --git a/libmwemu/src/winapi64/ntdll.rs b/libmwemu/src/winapi64/ntdll.rs
@@ -47,6 +47,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String {
         "RtlAddFunctionTable" => RtlAddFunctionTable(emu),
         "RtlCaptureContext" => RtlCaptureContext(emu),
         "RtlLookupFunctionEntry" => RtlLookupFunctionEntry(emu),
+        "strlen" => strlen(emu),
         _ => {
             if emu.cfg.skip_unimplemented == false {
                 if emu.cfg.dump_on_exit && emu.cfg.dump_filename.is_some() {
@@ -1024,4 +1025,28 @@ fn RtlLookupFunctionEntry(emu: &mut emu::Emu) {
     log_red!(emu, "** {} ntdll!RtlLookupFunctionEntry {:x} {:x} {:x}", emu.pos, control_pc, image_base, history_table);
     // TODO: implement this
     emu.regs.rax = 0;
+}
+
+fn strlen(emu: &mut emu::Emu) {
+    let s_ptr = emu.regs.rcx as usize;
+    log_red!(emu, "** {} ntdll!strlen {:x}", emu.pos, s_ptr);
+
+    if s_ptr == 0 {
+        emu.regs.rax = 0;
+        return;
+    }
+
+    let s = emu.maps.read_string(s_ptr as u64);
+    let l = s.len();
+
+    log::info!(
+        "{}** {} ntdll!strlen: `{}` {} {}",
+        emu.colors.light_red,
+        emu.pos,
+        s,
+        l,
+        emu.colors.nc
+    );
+
+    emu.regs.rax = l as u32 as u64;
 }
diff --git a/scripts/enigma-protector.sh b/scripts/enigma-protector.sh
@@ -27,7 +27,7 @@ if [ "$MODE" == "dump" ]; then
         --release \
         --target $TARGET \
         -- \
-        --filename ~/Desktop/enigma/pe_loader-20250122.exe \
+        --filename ~/Desktop/enigma/pe_loader-20250122-v2.exe \
         --maps ./maps64/ \
         --64bits \
         -vv
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,4 +44,5 @@ pub fn gateway(addr: u32, name: String, emu: &mut emu::Emu) { @@
             },
             _ => panic!("/!\\ trying to execute on {} at 0x{:x}", name, addr),
         };
+        emu.call_stack.pop();
     }