Win32 syscall emulator based on OpenSolaris branded zone

Chimera project team: Vizovitin Nicolay Sizov Mikhail Kolbin Dmitry Khlebnikov Sergey

Tutor: Irtegov D.V.

2

Outline

1. Idea behind the project2. Sources and the goal3. How system call emulation works4. Project status: progress and plans5. Q&A

3

The idea…

…is to mix OpenSolaris and Windows

4

Why OpenSolaris?

1. Open source2. Zones & Containers3. BrandZ infrastructure – support for

non-native kernel personalities4. Numerous interesting kernel

features (e.g. DTrace)

5

The chimera parts

1. OpenSolaris sources (ON)2. Windows Research Kernel (WRK) –

some kernel parts of Windows 2003 SP1

3. Other open-source projects like Wine and ReactOS

6

Our goal

Create new win brand, that supports execution of Windows applications on top of OpenSolaris kernel

7

System call emulation: global zone

userland

kernel

Global zone (native)

Solaris process{ … open(); …}

Solaris kernel

Syscall handlerif (process is branded) brand_syscall_handler();else rval = do_native_syscall();return to userspace;

Native ‘open’ implementationopen() { … return (fd);}

8

System call emulation: win zone

userland

kernel

Windows zone

Windows process{ … NtCreateFile(); …}

Solaris kernel

Syscall handlerif (process is branded) brand_syscall_handler();else rval = do_native_syscall();return to userspace;

Native ‘open’ implementationopen() { … return (fd);}

Windows brand module

win_syscall() { trampoline to userland;}

Win brand support librarywin_NtCreateFile(args) { fd = open(win2sol(args)); if (fd < 0) return (sol2win(errno)); else return (fd);}

9

Project progress

1. Set of scripts for convenient brand testing

2. Dynamic memory allocation is now available in brand support library

3. Arbitrary calls to libraries from brand support library is safe now (first of all to libc.so)

4. Partially implemented PE loader5. Emulation code for several syscalls

10

Current project status

1. Extensive documentation of WRK sources2. Learned to build ON and WRK3. Created basic win zone

win brand kernel module win brand support library zone configuration files support for system calls via sysenter

4. Number of test programs5. Partial PE loader implementation6. Some system calls implemented

11

Plans on project development

1. Finish PE loader implementation2. Emulation code for other Windows

system calls3. Create minimal Windows

environment in the zone4. Allowing other technics for

entering the kernel (int 2e, syscall)

12

Q&A