初步增加32位支持(没加全)

ai_anti_malware/sandbox_callbacks.cpp

@@ -38,7 +38,6 @@ void handleCodeRun(uc_engine* uc, uint64_t address, uint32_t size,
             break;
         }
     }
-
     // 如果找到区段，并且与上次执行的区段不同，记录跨区段行为
     if (currentSectionIndex >= 0 &&
         sandbox->GetLastExecuteSectionIndex() != currentSectionIndex &&
@@ -84,7 +83,7 @@ void handleCodeRun(uc_engine* uc, uint64_t address, uint32_t size,
         }
         cs_free(instruction, instructionCount);
 
-        // dumpVmenv(uc, userData);
+        //dumpVmenv(uc, userData);
     }
 }
 
@@ -177,9 +176,9 @@ void dumpVmenv(uc_engine* uc, void* userData) {
         "%08x Ecx: %08x\n",
         Rip, Rax, Rsp, Rbp, Rcx, Rdx, Eax, Ecx);
 
-    // 打印16层栈内存
-    printf("\n[Stack Memory Dump (16 levels)]\n");
-    const int STACK_LEVELS = 16;
+    // 打印32层栈内存
+    printf("\n[Stack Memory Dump (32 levels)]\n");
+    const int STACK_LEVELS = 32;
     const int POINTER_SIZE = sandbox->GetPeInfo()->isX64 ? 8 : 4;
 
     for (int i = 0; i < STACK_LEVELS; i++) {
@@ -219,7 +218,7 @@ void dumpVmenv(uc_engine* uc, void* userData) {
         }
     }
 
-    printf("\n[Frame Pointer Stack (16 levels)]\n");
+    printf("\n[Frame Pointer Stack (32 levels)]\n");
     uint64_t currentBp = Rbp;
     for (int i = 0; i < STACK_LEVELS && currentBp != 0; i++) {
         uint64_t nextBp = 0;