fix up

2025-03-06 20:08:12 +08:00
parent 9a5ea0f919
commit ed5e7ae994
3 changed files with 47 additions and 14 deletions
--- a/ai_anti_malware/sandbox.cpp
+++ b/ai_anti_malware/sandbox.cpp
@@ -487,6 +487,12 @@ auto Sandbox::SetupVirtualMachine() -> void {
        msr.value = m_tebBase;
        uc_reg_write(m_ucEngine, UC_X86_REG_MSR, &msr);
    }
+    for (DWORD i = 0; i < 64; i++) {
+        GetTeb64()->TlsSlots[i] = (void*)0x1337ffffff;
+    }
+    for (DWORD i = 0; i < 64; i++) {
+        GetTeb32()->TlsSlots[i] = 0x1337;
+    }
 }
 auto Sandbox::InitEnv(std::shared_ptr<BasicPeInfo> peInfo) -> void {
    m_peInfo = peInfo;
--- a/ai_anti_malware/sandbox_api_emu.cpp
+++ b/ai_anti_malware/sandbox_api_emu.cpp
@@ -264,8 +264,8 @@ auto Api_TlsAlloc(void* sandbox, uc_engine* uc, uint64_t address) -> void {
        auto teb = context->GetTeb64();
        // 在TLS槽中查找第一个可用的位置
        for (DWORD i = 0; i < 64; i++) {  // TEB中TlsSlots数组大小为64
-            if (teb->TlsSlots[i] == nullptr) {
-                teb->TlsSlots[i] = (void*)1;  // 标记为已使用
+            if (teb->TlsSlots[i] == (void*)0x1337ffffff) {
+                teb->TlsSlots[i] = (void*)0;  // 标记为已使用
                tls_index = i;
                break;
            }
@@ -274,8 +274,8 @@ auto Api_TlsAlloc(void* sandbox, uc_engine* uc, uint64_t address) -> void {
        auto teb = context->GetTeb32();
        // 在TLS槽中查找第一个可用的位置
        for (DWORD i = 0; i < 64; i++) {  // TEB中TlsSlots数组大小为64
-            if (teb->TlsSlots[i] == 0) {
-                teb->TlsSlots[i] = 1;  // 标记为已使用
+            if (teb->TlsSlots[i] == 0x1337) {
+                teb->TlsSlots[i] = 0;  // 标记为已使用
                tls_index = i;
                break;
            }
@@ -329,14 +329,14 @@ auto Api_TlsSetValue(void* sandbox, uc_engine* uc, uint64_t address) -> void {
        if (context->GetPeInfo()->isX64) {
            auto teb = context->GetTeb64();
            // 检查槽是否已分配（不为nullptr）
-            if (teb->TlsSlots[dwTlsIndex] != nullptr) {
+            if (teb->TlsSlots[dwTlsIndex] != (void*)0x1337ffffff) {
                teb->TlsSlots[dwTlsIndex] = (void*)lpTlsValue;
                success = TRUE;
            }
        } else {
            auto teb = context->GetTeb32();
            // 检查槽是否已分配（不为0）
-            if (teb->TlsSlots[dwTlsIndex] != 0) {
+            if (teb->TlsSlots[dwTlsIndex] != 0x1337) {
                teb->TlsSlots[dwTlsIndex] = static_cast<uint32_t>(lpTlsValue);
                success = TRUE;
            }
@@ -699,7 +699,7 @@ auto Api_TlsGetValue(void* sandbox, uc_engine* uc, uint64_t address) -> void {
        if (context->GetPeInfo()->isX64) {
            auto teb = context->GetTeb64();
            // 检查槽是否已分配（不为nullptr）
-            if (teb->TlsSlots[dwTlsIndex] != nullptr) {
+            if (teb->TlsSlots[dwTlsIndex] != (void*)0x1337ffffff) {
                return_value =
                    reinterpret_cast<uint64_t>(teb->TlsSlots[dwTlsIndex]);
            } else {
@@ -710,7 +710,7 @@ auto Api_TlsGetValue(void* sandbox, uc_engine* uc, uint64_t address) -> void {
        } else {
            auto teb = context->GetTeb32();
            // 检查槽是否已分配（不为0）
-            if (teb->TlsSlots[dwTlsIndex] != 0) {
+            if (teb->TlsSlots[dwTlsIndex] != 0x1337) {
                return_value = teb->TlsSlots[dwTlsIndex];
            } else {
                // 槽未分配，设置LastError
--- a/ai_anti_malware/sandbox_callbacks.cpp
+++ b/ai_anti_malware/sandbox_callbacks.cpp
@@ -72,17 +72,44 @@ void handleMemoryRead(uc_engine* uc, uc_mem_type type, uint64_t address,
            address, size, regRax, regRip, readError, readAddress);
    }
 }
+void dumpVmenv(uc_engine* uc, void* userData) {
+    auto* sandbox = static_cast<Sandbox*>(userData);

+    uint64_t Rip = 0;
+    uint64_t Rax = 0;
+    uint64_t Rsp = 0;
+    uint64_t Rbp = 0;
+    uint64_t Rcx = 0;
+    uint64_t Rdx = 0;
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RIP : UC_X86_REG_EIP,
+                &Rip);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RAX : UC_X86_REG_EAX,
+                &Rax);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RSP : UC_X86_REG_ESP,
+                &Rsp);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RBP : UC_X86_REG_EBP,
+                &Rbp);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RCX : UC_X86_REG_ECX,
+                &Rcx);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RDX : UC_X86_REG_EDX,
+                &Rdx);
+    printf("[dumpVmenv] Rip: %p Rax: %p Rsp: %p Rbp: %p Rcx: %p Rdx: %p\n", Rip,
+           Rax, Rsp, Rbp, Rcx, Rdx);
+}
 void handleMemoryUnmapRead(uc_engine* uc, uc_mem_type type, uint64_t address,
                           int size, int64_t value, void* userData) {
    // 待实现
    auto* sandbox = static_cast<Sandbox*>(userData);
-    uint64_t Rip = 0;
-    uc_reg_read(uc,
-                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RIP : UC_X86_REG_EIP,
-                &Rip);
-    printf("[handleMemoryUnmapRead] Address: %p Size: %p Value: %p Rip: %p\n",
-           address, size, value, Rip);
+
+    printf("[handleMemoryUnmapRead] Address: %p Size: %p Value: %p\n", address,
+           size, value);
+    dumpVmenv(uc, userData);
 }

 void handleMemoryWrite(uc_engine* uc, uc_mem_type type, uint64_t address,