fix: reapply Windows compilation fixes after formatter revert

- Import GetThreadContext, CONTEXT, CONTEXT_CONTROL, CONTEXT_DEBUG_REGISTERS from Win32::System::Kernel (not Threading/Debug) - Add conditional HashMap import for Windows-only IAT detection - Prefix unused variables with underscore: _file_header, _suspicious_start_patterns
2025-11-21 14:59:11 +02:00
parent 4ea4972e6a
commit 753b7bda5c
2 changed files with 11 additions and 8 deletions
--- a/ghost-core/src/pe_parser.rs
+++ b/ghost-core/src/pe_parser.rs
@@ -7,6 +7,8 @@
 //! - Function address resolution
 use crate::{GhostError, Result};
 use serde::{Deserialize, Serialize};
+#[cfg(windows)]
+use std::collections::HashMap;

 /// PE data directory indices
 pub const IMAGE_DIRECTORY_ENTRY_EXPORT: usize = 0;
@@ -113,7 +115,7 @@ pub fn parse_iat_from_memory(
    // Read PE signature and file header
    let _pe_sig = read_u32(pid, nt_header_addr, &memory_reader)?;
    let file_header_addr = nt_header_addr + 4;
-    let file_header = read_file_header(pid, file_header_addr, &memory_reader)?;
+    let _file_header = read_file_header(pid, file_header_addr, &memory_reader)?;

    // Read optional header magic to determine if 32-bit or 64-bit
    let opt_header_addr = file_header_addr + mem::size_of::<crate::memory::ImageFileHeader>();
--- a/ghost-core/src/thread.rs
+++ b/ghost-core/src/thread.rs
@@ -284,8 +284,9 @@ mod platform {
        pid: u32,
        memory_regions: &[crate::MemoryRegion],
    ) -> Result<super::ThreadHijackingResult> {
+        use windows::Win32::System::Kernel::GetThreadContext;
        use windows::Win32::System::Threading::{
-            GetThreadContext, OpenProcess, ResumeThread, SuspendThread, PROCESS_QUERY_INFORMATION,
+            OpenProcess, ResumeThread, SuspendThread, PROCESS_QUERY_INFORMATION,
            PROCESS_VM_READ, THREAD_GET_CONTEXT, THREAD_SUSPEND_RESUME,
        };

@@ -320,8 +321,7 @@ mod platform {
                    // Get thread context (registers)
                    #[cfg(target_arch = "x86_64")]
                    {
-                        use windows::Win32::System::Diagnostics::Debug::CONTEXT;
-                        use windows::Win32::System::Diagnostics::Debug::CONTEXT_CONTROL;
+                        use windows::Win32::System::Kernel::{CONTEXT, CONTEXT_CONTROL};

                        let mut context = CONTEXT {
                            ContextFlags: CONTEXT_CONTROL,
@@ -513,7 +513,7 @@ mod platform {
                    // Check if thread start address is suspicious (common for APC injection)
                    if thread.start_address != 0 {
                        // Check common APC entry points
-                        let suspicious_start_patterns = [
+                        let _suspicious_start_patterns = [
                            "ntdll!LdrInitializeThunk",
                            "ntdll!RtlUserThreadStart",
                            "kernel32!BaseThreadInitThunk",
@@ -610,10 +610,11 @@ mod platform {

    /// Detect hardware breakpoints by examining debug registers (DR0-DR7)
    pub fn detect_hardware_breakpoints(pid: u32) -> Result<super::HardwareBreakpointResult> {
-        use windows::Win32::System::Diagnostics::Debug::CONTEXT;
-        use windows::Win32::System::Diagnostics::Debug::CONTEXT_DEBUG_REGISTERS;
+        use windows::Win32::System::Kernel::{
+            GetThreadContext, CONTEXT, CONTEXT_DEBUG_REGISTERS,
+        };
        use windows::Win32::System::Threading::{
-            GetThreadContext, ResumeThread, SuspendThread, THREAD_GET_CONTEXT,
+            ResumeThread, SuspendThread, THREAD_GET_CONTEXT,
            THREAD_SUSPEND_RESUME,
        };