修复沙箱功能和API实现

- 在沙箱中添加了对CreateProcessW的支持，整合了CreateProcessA和CreateProcessW的共同逻辑
- 实现了URLDownloadToFileW函数，增加了对可疑URL的检测
- 更新了API钩子以支持新的API功能
- 改进了错误处理和日志记录，确保更好的调试信息输出
- 调整了主函数中的恶意软件扫描和沙箱功能调用顺序，确保恶意软件扫描优先执行

ai_anti_malware/sandbox_api_stl.cpp

@@ -1726,16 +1726,6 @@ auto Api_MultiByteToWideChar(void* sandbox, uc_engine* uc, uint64_t address)
         uint64_t rsp = 0;
         uc_reg_read(uc, UC_X86_REG_RSP, &rsp);
 
-        // 为了确保安全访问，先验证栈地址的有效性
-        if (rsp < 0x8000000000000000 || rsp + 0x40 > 0x8000000000010000) {
-            // 无效的栈地址
-            DWORD error = ERROR_INVALID_PARAMETER;
-            context->GetTeb64()->LastErrorValue = error;
-            int result = 0;
-            uc_reg_write(uc, UC_X86_REG_RAX, &result);
-            return;
-        }
-
         // 读取栈上的参数
         uint64_t shadow_space = 0x20;  // x64调用约定中的shadow space
         uc_mem_read(uc, rsp + shadow_space + 0x8, &lpWideCharStr,
@@ -1783,9 +1773,9 @@ auto Api_MultiByteToWideChar(void* sandbox, uc_engine* uc, uint64_t address)
             }
             srcBuffer.push_back(ch);
             len++;
-        } while (ch != 0 && len < MAX_PATH);  // 添加长度限制防止无限循环
+        } while (ch != 0 && len < 2 * 1024);  // 添加长度限制防止无限循环
 
-        if (len >= MAX_PATH) {
+        if (len >= 2 * 1024) {
             // 设置错误码
             DWORD error = ERROR_INSUFFICIENT_BUFFER;
             if (context->GetPeInfo()->isX64) {
@@ -1922,7 +1912,7 @@ auto Api_MultiByteToWideChar(void* sandbox, uc_engine* uc, uint64_t address)
         "InputLen=%d, Output=%p, OutputLen=%d, Result=%d\n",
         CodePage, dwFlags, (void*)lpMultiByteStr, cbMultiByte,
         (void*)lpWideCharStr, cchWideChar, result);
-
+    printf("MultiByteToWideChar pre cover string: %s\n", srcBuffer.data());
     uc_reg_write(uc,
                  context->GetPeInfo()->isX64 ? UC_X86_REG_RAX : UC_X86_REG_EAX,
                  &result);