From f032ae84551704c5be3eb1ab99fb24c8b3f790cd Mon Sep 17 00:00:00 2001 From: Kelsi Date: Thu, 12 Feb 2026 03:04:08 -0800 Subject: [PATCH] Integrate Unicorn emulator into WardenModule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Connected cross-platform emulation to module execution pipeline! Integration Points: - Added emulator_ member to WardenModule - Initialize emulator in initializeModule() when HAVE_UNICORN defined - Setup Windows API hooks automatically - Ready to call module entry point via emulated execution Changes: - WardenModule now has moduleBase_ (0x400000 default) - Emulator initialized with loaded module code - Common Windows APIs hooked (VirtualAlloc, GetTickCount, etc.) - processCheckRequest() prepared for emulated execution Build Flow: #ifdef HAVE_UNICORN → Use Unicorn emulator (Linux/macOS/ARM) #elif _WIN32 → Native Windows execution #else → Platform not supported #endif Status: ✅ Emulator infrastructure integrated ✅ Module code loaded into emulated environment ✅ API hooks ready ⏳ Entry point calling (TODO - needs callback struct setup) ⏳ PacketHandler execution (TODO - needs implementation) Next: Call module entry point with ClientCallbacks structure --- include/game/warden_module.hpp | 7 ++++- src/game/warden_module.cpp | 56 +++++++++++++++++++++++++++++----- 2 files changed, 54 insertions(+), 9 deletions(-) diff --git a/include/game/warden_module.hpp b/include/game/warden_module.hpp index 8722058b..8f216240 100644 --- a/include/game/warden_module.hpp +++ b/include/game/warden_module.hpp @@ -11,6 +11,9 @@ namespace wowee { namespace game { +// Forward declarations +class WardenEmulator; + /** * Represents Warden callback functions exported by loaded module * @@ -126,10 +129,12 @@ private: std::vector decryptedData_; // RC4 decrypted data std::vector decompressedData_; // zlib decompressed data - // Module execution context (for future native code execution) + // Module execution context void* moduleMemory_; // Allocated executable memory region size_t moduleSize_; // Size of loaded code + uint32_t moduleBase_; // Module base address (for emulator) WardenFuncList funcList_; // Callback functions + std::unique_ptr emulator_; // Cross-platform x86 emulator // Validation and loading steps bool verifyMD5(const std::vector& data, diff --git a/src/game/warden_module.cpp b/src/game/warden_module.cpp index ff33475b..edfd0cd9 100644 --- a/src/game/warden_module.cpp +++ b/src/game/warden_module.cpp @@ -14,6 +14,10 @@ #include #endif +#ifdef HAVE_UNICORN + #include "game/warden_emulator.hpp" +#endif + namespace wowee { namespace game { @@ -25,6 +29,7 @@ WardenModule::WardenModule() : loaded_(false) , moduleMemory_(nullptr) , moduleSize_(0) + , moduleBase_(0x400000) // Default module base address { } @@ -116,13 +121,23 @@ bool WardenModule::processCheckRequest(const std::vector& checkData, return false; } - // TODO: Call module's PacketHandler function - // This would execute native x86 code to: - // - Parse check opcodes (0xF3 MEM_CHECK, 0xB2 PAGE_CHECK, etc.) - // - Read actual memory from process - // - Compute real SHA1 hashes - // - Scan MPQ files - // - Generate authentic response data + #ifdef HAVE_UNICORN + if (emulator_ && emulator_->isInitialized()) { + std::cout << "[WardenModule] Processing check request via emulator..." << std::endl; + + // TODO: Call module's PacketHandler function via emulator + // This would execute native x86 code to: + // - Parse check opcodes (0xF3 MEM_CHECK, 0xB2 PAGE_CHECK, etc.) + // - Read actual memory from process + // - Compute real SHA1 hashes + // - Scan MPQ files + // - Generate authentic response data + + // For now, not implemented + std::cout << "[WardenModule] ⚠ Emulated PacketHandler call not yet implemented" << std::endl; + return false; + } + #endif std::cout << "[WardenModule] ⚠ processCheckRequest NOT IMPLEMENTED" << std::endl; std::cout << "[WardenModule] Would call module->PacketHandler() here" << std::endl; @@ -729,7 +744,32 @@ bool WardenModule::initializeModule() { // Module entry point is typically at offset 0 (first bytes of loaded code) // Function signature: WardenFuncList* (*entryPoint)(ClientCallbacks*) - #ifdef _WIN32 + #ifdef HAVE_UNICORN + // Use Unicorn emulator for cross-platform execution + std::cout << "[WardenModule] Initializing Unicorn emulator..." << std::endl; + + emulator_ = std::make_unique(); + if (!emulator_->initialize(moduleMemory_, moduleSize_, moduleBase_)) { + std::cerr << "[WardenModule] Failed to initialize emulator" << std::endl; + return false; + } + + // Setup Windows API hooks + emulator_->setupCommonAPIHooks(); + + std::cout << "[WardenModule] ✓ Emulator initialized successfully" << std::endl; + std::cout << "[WardenModule] Ready to execute module at 0x" << std::hex << moduleBase_ << std::dec << std::endl; + + // TODO: Call module entry point via emulator + // uint32_t entryPoint = moduleBase_; // Typically at module base + // std::vector args = { ... }; // Pass ClientCallbacks struct address + // uint32_t result = emulator_->callFunction(entryPoint, args); + + std::cout << "[WardenModule] ⚠ Module entry call via emulator not yet implemented" << std::endl; + std::cout << "[WardenModule] Infrastructure ready for execution" << std::endl; + + #elif defined(_WIN32) + // Native Windows execution (dangerous without sandboxing) typedef void* (*ModuleEntryPoint)(ClientCallbacks*); ModuleEntryPoint entryPoint = reinterpret_cast(moduleMemory_);