update

2025-03-06 18:39:01 +08:00
parent dbe2e6a92b
commit 2c18f7fd15
11 changed files with 1642 additions and 90 deletions
--- a/ai_anti_malware/sandbox_callbacks.h
+++ b/ai_anti_malware/sandbox_callbacks.h
@@ -1,70 +1,16 @@
 #pragma once
 #include "sandbox.h"
-
 namespace sandboxCallbacks {
-static void handleCodeRun(uc_engine* uc, uint64_t address, uint32_t size,
-                          void* userData) {
-    auto* sandbox = static_cast<Sandbox*>(userData);
-    if (!sandbox) return;
-
-    // 读取当前执行的代码
-    uint8_t* codeBuffer = new uint8_t[size];
-    if (uc_mem_read(uc, address, codeBuffer, size) != UC_ERR_OK) {
-        delete[] codeBuffer;
-        return;
-    }
-
-    // 使用Capstone反汇编
-    cs_insn* instruction;
-    size_t instructionCount =
-        cs_disasm(sandbox->GetCapstoneHandle(), codeBuffer, size, address, 0,
-                  &instruction);
-
-    if (instructionCount > 0) {
-        // 打印地址和反汇编结果
-        printf("0x%016" PRIx64 " %-12s %s\n", instruction[0].address,
-               instruction[0].mnemonic, instruction[0].op_str);
-        cs_free(instruction, instructionCount);
-    }
-
-    delete[] codeBuffer;
-}
-
-static void handleMemoryRead(uc_engine* uc, uc_mem_type type, uint64_t address,
-                             int size, int64_t value, void* userData) {
-    auto* sandbox = static_cast<Sandbox*>(userData);
-    if (!sandbox) return;
-
-    uint64_t regRax, regRip;
-    uc_reg_read(uc,
-                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RAX : UC_X86_REG_EAX,
-                &regRax);
-    uc_reg_read(uc,
-                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RIP : UC_X86_REG_EIP,
-                &regRip);
-
-    uint64_t readAddress;
-    auto readError =
-        uc_mem_read(sandbox->GetUnicornHandle(), address, &readAddress, size);
-    printf(
-        "[handleMemoryRead] Address: %p Size: %p Rax: %p Rip: %p Error: %d "
-        "ReadData: %p\n",
-        address, size, regRax, regRip, readError, readAddress);
-}
-
-static void handleMemoryUnmapRead(uc_engine* uc, uc_mem_type type,
+void handleCodeRun(uc_engine* uc, uint64_t address, uint32_t size,
+                          void* userData);
+void handleMemoryRead(uc_engine* uc, uc_mem_type type, uint64_t address,
+                             int size, int64_t value, void* userData);
+void handleMemoryUnmapRead(uc_engine* uc, uc_mem_type type,
                                  uint64_t address, int size, int64_t value,
-                                  void* userData) {
-    // 待实现
-}
+                                  void* userData);
+void handleMemoryWrite(uc_engine* uc, uc_mem_type type, uint64_t address,
+                              int size, int64_t value, void* userData);
+void handleSyscall(uc_engine* uc, void* userData);
+auto InitApiHooks() -> void;

-static void handleMemoryWrite(uc_engine* uc, uc_mem_type type, uint64_t address,
-                              int size, int64_t value, void* userData) {
-    // 待实现
-}
-
-static void handleSyscall(uc_engine* uc, void* userData) {
-    // 待实现
-}
-
-}  // namespace sandboxCallbacks
+};  // namespace sandboxCallbacks