libmwemu 0.24.1

x86 32/64bits and system internals emulator, for securely emulating malware and other stuff.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

use crate::emu;
use crate::winapi::helper;
use crate::winapi::winapi64::kernel32::COUNT_WRITE;

pub fn WriteFile(emu: &mut emu::Emu) {
    let file_hndl = emu.regs().rcx;
    let buff = emu.regs().rdx;
    let size = emu.regs().r8;
    let bytes_written = emu.regs().r9;
    let overlapped = emu
        .maps
        .read_qword(emu.regs().rsp + 0x20)
        .expect("kernel32!WriteFile cannot read the overlapped");

    let mut count = COUNT_WRITE.lock().unwrap();
    *count += 1;

    emu.maps.write_qword(bytes_written, size);

    log_red!(
        emu,
        "kernel32!WriteFile hndl: 0x{:x} buff: 0x{:x} sz: {}",
        file_hndl,
        buff,
        size
    );

    if !helper::handler_exist(file_hndl) {
        log::trace!("\tinvalid handle.")
    }

    emu.regs_mut().rax = 1;
}