调不了了 终极大招了

ai_anti_malware/sandbox.cpp

@@ -399,8 +399,8 @@ auto Sandbox::SetupVirtualMachine() -> void {
     m_tebBase = TEB_BASE;  // 进程TEB地址
     m_pebBase = PEB_BASE;  // 进程PEB地址
     // stack
-    m_stackBase = this->m_peInfo->isX64 ? STACK_BASE_64 : STACK_BASE_32;
-    m_stackSize = this->m_peInfo->isX64 ? STACK_SIZE_64 : STACK_SIZE_32;
+    m_stackBase = AlignSize(this->m_peInfo->isX64 ? STACK_BASE_64 : STACK_BASE_32, 16);
+    m_stackSize = AlignSize(this->m_peInfo->isX64 ? STACK_SIZE_64 : STACK_SIZE_32, 16);
     m_stackEnd = m_stackBase + m_stackSize;
 
     // heap
@@ -525,7 +525,6 @@ auto Sandbox::InitEnv(std::shared_ptr<BasicPeInfo> peInfo) -> void {
     printf("map file to vm size: %llx\n", m_peInfo->peSize);
     SetupVirtualMachine();
     InitCommandLine(peInfo->inputFilePath);
-
 }
 
 auto Sandbox::Run() -> void {
@@ -544,12 +543,16 @@ auto Sandbox::Run() -> void {
     }
 
     // 设置寄存器
-    uint64_t rsp = m_stackEnd - 128;
+    uint64_t rsp = m_stackEnd - 256;
     err = uc_reg_write(m_ucEngine,
                        m_peInfo->isX64 ? UC_X86_REG_RSP : UC_X86_REG_ESP, &rsp);
     if (err != UC_ERR_OK) {
         throw std::runtime_error("Failed to write stack pointer");
     }
+    uint64_t rbp =
+        rsp - (m_peInfo->isX64 ? sizeof(uint64_t) : sizeof(uint32_t));
+    uc_reg_write(m_ucEngine, m_peInfo->isX64 ? UC_X86_REG_RBP : UC_X86_REG_EBP,
+                 &rbp);
 
     // 设置入口点
     uint64_t entryPoint = m_peInfo->RecImageBase + m_peInfo->entryPoint;
@@ -610,10 +613,9 @@ auto Sandbox::Run() -> void {
         throw std::runtime_error("Failed to set entry point");
     }
 
-    // 开始执行
+    InitApiHooks();
     std::cout << "Starting execution at " << std::hex << entryPoint
               << std::endl;
-    InitApiHooks();
     err = uc_emu_start(m_ucEngine, entryPoint, m_peInfo->imageEnd, 0, 0);
     if (err != UC_ERR_OK) {
         std::cerr << "Emulation error: " << uc_strerror(err) << std::endl;