Merge pull request #242 from dmsft/master

mandiant · Apr 12, 2024 · cdf4424 · cdf4424
2 parents 5a9eb33 + ab563cb
commit cdf4424
Show file tree

Hide file tree

Showing 2 changed files with 101 additions and 0 deletions.
diff --git a/speakeasy/winenv/api/usermode/kernel32.py b/speakeasy/winenv/api/usermode/kernel32.py
@@ -6064,3 +6064,48 @@ def WaitForSingleObjectEx(self, emu, argv, ctx={}):
     def GetProfileInt(self, emu, argv, ctx={}):
         _, _, nDefault = argv
         return nDefault
+
+    @apihook('CreateSemaphoreW', argc=4)
+    def CreateSemaphoreW(self, emu, argv, ctx={}):
+        '''
+        HANDLE CreateSemaphoreW(
+            [in, optional] LPSECURITY_ATTRIBUTES lpSemaphoreAttributes,
+            [in]           LONG                  lInitialCount,
+            [in]           LONG                  lMaximumCount,
+            [in, optional] LPCWSTR               lpName
+        );
+        '''
+        return 0
+
+    @apihook('SetThreadStackGuarantee', argc=1)
+    def SetThreadStackGuarantee(self, emu, argv, ctx={}):
+        '''
+        BOOL SetThreadStackGuarantee(
+            [in, out] PULONG StackSizeInBytes
+        );
+        '''
+        return 1
+
+    @apihook('SetThreadDescription', argc=2)
+    def SetThreadDescription(self, emu, argv, ctx={}):
+        '''
+        HRESULT SetThreadDescription(
+            [in] HANDLE hThread,
+            [in] PCWSTR lpThreadDescription
+        );
+        '''
+        return windefs.ERROR_SUCCESS
+
+    @apihook('InitOnceBeginInitialize', argc=4)
+    def InitOnceBeginInitialize(self, emu, argv, ctx={}):
+        '''
+        BOOL InitOnceBeginInitialize(
+            [in, out]       LPINIT_ONCE lpInitOnce,
+            [in]            DWORD       dwFlags,
+            [out]           PBOOL       fPending,
+            [out, optional] LPVOID      *lpContext
+        );
+        '''
+        return 1
+
+
diff --git a/speakeasy/winenv/api/usermode/msvcrt.py b/speakeasy/winenv/api/usermode/msvcrt.py
@@ -16,6 +16,23 @@
 RAND_BASE = 0
 TICK_BASE = 86400000  # 1 day in millisecs
 
+# Signal types
+SIGINT   = 2   # interrupt
+SIGILL   = 4   # illegal instruction - invalid function image
+SIGFPE   = 8   # floating point exception
+SIGSEGV  = 11  # segment violation
+SIGTERM  = 15  # Software termination signal from kill
+SIGBREAK = 21  # Ctrl-Break sequence
+SIGABRT  = 22  # abnormal termination triggered by abort call
+
+# Signal action codes
+SIG_DFL = 0     # default signal action
+SIG_IGN = 1     # ignore signal
+SIG_GET = 2     # return current value
+SIG_SGE = 3     # signal gets error
+SIG_ACK = 4     # acknowledge
+SIG_ERR = -1    # signal error value
+
 
 class Msvcrt(api.ApiHandler):
     """
@@ -40,6 +57,7 @@ def __init__(self, emu):
         self.wintypes = windef
 
         self.tick_counter = TICK_BASE
+        self.errno_t = None
 
         super(Msvcrt, self).__get_hook_attrs__(self)
 
@@ -1667,3 +1685,41 @@ def _snwprintf(self, emu, argv, ctx={}):
         argv = [buf, cnt, fmt] + argv
         argv[2] = fmt_str
         return len(fin)
+
+    @apihook('_errno', argc=0)
+    def _errno(self, emu, argv, ctx={}):
+        '''
+        '''
+        _VAL = 0x0C
+
+        if not self.errno_t:
+            self.errno_t = self.mem_alloc(4, tag='api.msvcrt._errno')
+            self.mem_write(self.errno_t, _VAL.to_bytes(4, 'little'))
+
+        return self.errno_t
+
+    @apihook('fputc', argc=2)
+    def fputc(self, emu, argv, ctx={}):
+        '''
+        int fputc(
+            int c,
+            FILE *stream
+        );
+        '''
+        c, _ = argv
+        return c
+
+    @apihook('signal', argc=2)
+    def signal(self, emu, argv, ctx={}):
+        '''
+        void __cdecl *signal(
+            int sig,
+            int (*func)(int, int)
+        );
+        '''
+        sig, _ = argv
+
+        if sig in [SIGINT, SIGILL, SIGFPE, SIGSEGV, SIGTERM, SIGBREAK, SIGABRT]:
+            return SIG_IGN
+        else:
+            return SIG_ERR