diff --git a/ai_anti_malware/sandbox.cpp b/ai_anti_malware/sandbox.cpp
index 1172591..26d36d4 100644
--- a/ai_anti_malware/sandbox.cpp
+++ b/ai_anti_malware/sandbox.cpp
@@ -487,6 +487,12 @@ auto Sandbox::SetupVirtualMachine() -> void {
         msr.value = m_tebBase;
         uc_reg_write(m_ucEngine, UC_X86_REG_MSR, &msr);
     }
+    for (DWORD i = 0; i < 64; i++) {
+        GetTeb64()->TlsSlots[i] = (void*)0x1337ffffff;
+    }
+    for (DWORD i = 0; i < 64; i++) {
+        GetTeb32()->TlsSlots[i] = 0x1337;
+    }
 }
 auto Sandbox::InitEnv(std::shared_ptr<BasicPeInfo> peInfo) -> void {
     m_peInfo = peInfo;
diff --git a/ai_anti_malware/sandbox_api_emu.cpp b/ai_anti_malware/sandbox_api_emu.cpp
index 2651aba..c073399 100644
--- a/ai_anti_malware/sandbox_api_emu.cpp
+++ b/ai_anti_malware/sandbox_api_emu.cpp
@@ -264,8 +264,8 @@ auto Api_TlsAlloc(void* sandbox, uc_engine* uc, uint64_t address) -> void {
         auto teb = context->GetTeb64();
         // 在TLS槽中查找第一个可用的位置
         for (DWORD i = 0; i < 64; i++) {  // TEB中TlsSlots数组大小为64
-            if (teb->TlsSlots[i] == nullptr) {
-                teb->TlsSlots[i] = (void*)1;  // 标记为已使用
+            if (teb->TlsSlots[i] == (void*)0x1337ffffff) {
+                teb->TlsSlots[i] = (void*)0;  // 标记为已使用
                 tls_index = i;
                 break;
             }
@@ -274,8 +274,8 @@ auto Api_TlsAlloc(void* sandbox, uc_engine* uc, uint64_t address) -> void {
         auto teb = context->GetTeb32();
         // 在TLS槽中查找第一个可用的位置
         for (DWORD i = 0; i < 64; i++) {  // TEB中TlsSlots数组大小为64
-            if (teb->TlsSlots[i] == 0) {
-                teb->TlsSlots[i] = 1;  // 标记为已使用
+            if (teb->TlsSlots[i] == 0x1337) {
+                teb->TlsSlots[i] = 0;  // 标记为已使用
                 tls_index = i;
                 break;
             }
@@ -329,14 +329,14 @@ auto Api_TlsSetValue(void* sandbox, uc_engine* uc, uint64_t address) -> void {
         if (context->GetPeInfo()->isX64) {
             auto teb = context->GetTeb64();
             // 检查槽是否已分配（不为nullptr）
-            if (teb->TlsSlots[dwTlsIndex] != nullptr) {
+            if (teb->TlsSlots[dwTlsIndex] != (void*)0x1337ffffff) {
                 teb->TlsSlots[dwTlsIndex] = (void*)lpTlsValue;
                 success = TRUE;
             }
         } else {
             auto teb = context->GetTeb32();
             // 检查槽是否已分配（不为0）
-            if (teb->TlsSlots[dwTlsIndex] != 0) {
+            if (teb->TlsSlots[dwTlsIndex] != 0x1337) {
                 teb->TlsSlots[dwTlsIndex] = static_cast<uint32_t>(lpTlsValue);
                 success = TRUE;
             }
@@ -699,7 +699,7 @@ auto Api_TlsGetValue(void* sandbox, uc_engine* uc, uint64_t address) -> void {
         if (context->GetPeInfo()->isX64) {
             auto teb = context->GetTeb64();
             // 检查槽是否已分配（不为nullptr）
-            if (teb->TlsSlots[dwTlsIndex] != nullptr) {
+            if (teb->TlsSlots[dwTlsIndex] != (void*)0x1337ffffff) {
                 return_value =
                     reinterpret_cast<uint64_t>(teb->TlsSlots[dwTlsIndex]);
             } else {
@@ -710,7 +710,7 @@ auto Api_TlsGetValue(void* sandbox, uc_engine* uc, uint64_t address) -> void {
         } else {
             auto teb = context->GetTeb32();
             // 检查槽是否已分配（不为0）
-            if (teb->TlsSlots[dwTlsIndex] != 0) {
+            if (teb->TlsSlots[dwTlsIndex] != 0x1337) {
                 return_value = teb->TlsSlots[dwTlsIndex];
             } else {
                 // 槽未分配，设置LastError
diff --git a/ai_anti_malware/sandbox_callbacks.cpp b/ai_anti_malware/sandbox_callbacks.cpp
index 0e890f7..9145062 100644
--- a/ai_anti_malware/sandbox_callbacks.cpp
+++ b/ai_anti_malware/sandbox_callbacks.cpp
@@ -72,17 +72,44 @@ void handleMemoryRead(uc_engine* uc, uc_mem_type type, uint64_t address,
             address, size, regRax, regRip, readError, readAddress);
     }
 }
+void dumpVmenv(uc_engine* uc, void* userData) {
+    auto* sandbox = static_cast<Sandbox*>(userData);
 
+    uint64_t Rip = 0;
+    uint64_t Rax = 0;
+    uint64_t Rsp = 0;
+    uint64_t Rbp = 0;
+    uint64_t Rcx = 0;
+    uint64_t Rdx = 0;
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RIP : UC_X86_REG_EIP,
+                &Rip);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RAX : UC_X86_REG_EAX,
+                &Rax);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RSP : UC_X86_REG_ESP,
+                &Rsp);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RBP : UC_X86_REG_EBP,
+                &Rbp);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RCX : UC_X86_REG_ECX,
+                &Rcx);
+    uc_reg_read(uc,
+                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RDX : UC_X86_REG_EDX,
+                &Rdx);
+    printf("[dumpVmenv] Rip: %p Rax: %p Rsp: %p Rbp: %p Rcx: %p Rdx: %p\n", Rip,
+           Rax, Rsp, Rbp, Rcx, Rdx);
+}
 void handleMemoryUnmapRead(uc_engine* uc, uc_mem_type type, uint64_t address,
                            int size, int64_t value, void* userData) {
     // 待实现
     auto* sandbox = static_cast<Sandbox*>(userData);
-    uint64_t Rip = 0;
-    uc_reg_read(uc,
-                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RIP : UC_X86_REG_EIP,
-                &Rip);
-    printf("[handleMemoryUnmapRead] Address: %p Size: %p Value: %p Rip: %p\n",
-           address, size, value, Rip);
+
+    printf("[handleMemoryUnmapRead] Address: %p Size: %p Value: %p\n", address,
+           size, value);
+    dumpVmenv(uc, userData);
 }
 
 void handleMemoryWrite(uc_engine* uc, uc_mem_type type, uint64_t address,