don't forget about ARM32

[wmjb]

can there be support for windows ARM32? it's very much alive with the surface RT1 and 2 devices that run windows 10 15035 and the community would like to see this. maybe this will be useful https://arm.syscall.sh/

[trungnt2910]

Yes, as mentioned in this X post.

ARM32 support is a priority in this iteration. Since the whole effort is to study Project Astoria, a ARM32 bringup is needed to load the driver on Windows 10 Mobile.

My uncommitted code builds well for ARM32 after some MSBuild hacks. I have binaries lying on my disk, but no compatible devices to test on.

[trungnt2910]

maybe this will be useful https://arm.syscall.sh/

Yes, the uname trap is handled in my uncommitted code:

extern "C"
VOID
MapLxssSystemCallHook(
    _In_ PPS_PICO_SYSTEM_CALL_INFORMATION pSyscallInfo
)
{
    struct old_utsname {
        char sysname[65];
        char nodename[65];
        char release[65];
        char version[65];
        char machine[65];
    }* pUtsName = NULL;

    // Check for SYS_uname
#ifdef _M_X64
    if (pSyscallInfo->TrapFrame->Rax == 63)
    {
        pUtsName = (old_utsname*)pSyscallInfo->TrapFrame->Rdi;
    }
#elif defined(_M_ARM64)
    if (pSyscallInfo->TrapFrame->X8 == 160)
    {
        pUtsName = (old_utsname*)pSyscallInfo->TrapFrame->X0;
    }
#elif defined(_M_IX86)
    if (pSyscallInfo->TrapFrame->Eax == 122)
    {
        pUtsName = (old_utsname*)pSyscallInfo->TrapFrame->Ebx;
    }
#elif defined(_M_ARM)
    if (pSyscallInfo->R7 == 122)
    {
        pUtsName = (old_utsname*)pSyscallInfo->TrapFrame->R0;
    }
#else
#error Detect the syscall arguments for this architecture!
#endif

    // Compared to the old checks, this will miss `uname` calls where the argument is NULL.
    // However, we do not intend to intercept such calls anyway.
    if (pUtsName != NULL)
    {
        Logger::LogTrace("uname(", pUtsName, ")");
    }

    MaLxssOriginalDispatchSystemCall(pSyscallInfo);

    if (pUtsName != NULL
        // Also check for a success return value.
        // Otherwise, pUtsName may be an invalid pointer.
#ifdef _M_X64
        && pSyscallInfo->TrapFrame->Rax == 0)
#elif defined(_M_ARM64)
        && pSyscallInfo->TrapFrame->X0 == 0)
#elif defined(_M_IX86)
        && pSyscallInfo->TrapFrame->Eax == 0)
#elif defined(_M_ARM)
        && pSyscallInfo->TrapFrame->R0 == 0)
#else
#error Detect the syscall return value for this architecture!
#endif
    {
        // We should be in the context of the calling process.
        // Therefore, it is safe to access the raw pointers.

        Logger::LogTrace("pUtsName->sysname  ", (PCSTR)pUtsName->sysname);
        Logger::LogTrace("pUtsName->nodename ", (PCSTR)pUtsName->nodename);
        Logger::LogTrace("pUtsName->release  ", (PCSTR)pUtsName->release);
        Logger::LogTrace("pUtsName->version  ", (PCSTR)pUtsName->version);
        Logger::LogTrace("pUtsName->machine  ", (PCSTR)pUtsName->machine);

        strcpy(pUtsName->sysname, "Monika");
        // "Microsoft" (case sensitive) is required.
        // Otherwise, Microsoft's `init` will detect the kernel as WSL2.
        strncpy(pUtsName->release, MONIKA_KERNEL_VERSION "-Monika-Microsoft",
            sizeof(pUtsName->release));
        strncpy(pUtsName->version,
            "#" MONIKA_KERNEL_BUILD_NUMBER "-Just-Monika " MONIKA_KERNEL_TIMESTAMP,
            sizeof(pUtsName->version));
    }
}

Once again, I have nothing to test this on. Let me know if you're interested so that I could send some test builds and/or source tarballs.

[wmjb]

I am ready to test.

[wmjb]

attempting to compile myself i've modified ntddk.h to include the extra registers and added defines for arm, only got one issue left lxmonika\src\reality.cpp(418,1): error C3493: 'Copy' cannot be implicitly captured because no default capture mode has been specified

[trungnt2910]

attempting to compile myself

Ahh, the source code up here is outdated. Try the staging branch instead.

You'll also need to follow specific installation instructions before the monika.exe CLI supports the new driver load strategy.