admin/awesome_anti_virus_engine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix up

Browse Source
This commit is contained in:
huoji
2025-03-06 20:08:12 +08:00
parent 9a5ea0f919
commit ed5e7ae994
3 changed files with 47 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
ai_anti_malware/sandbox_callbacks.cpp
View File

@@ -72,17 +72,44 @@ void handleMemoryRead(uc_engine* uc, uc_mem_type type, uint64_t address,
address, size, regRax, regRip, readError, readAddress);
}
}
void dumpVmenv(uc_engine* uc, void* userData) {
auto* sandbox = static_cast<Sandbox*>(userData);
uint64_t Rip = 0;
uint64_t Rax = 0;
uint64_t Rsp = 0;
uint64_t Rbp = 0;
uint64_t Rcx = 0;
uint64_t Rdx = 0;
uc_reg_read(uc,
sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RIP : UC_X86_REG_EIP,
&Rip);
uc_reg_read(uc,
sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RAX : UC_X86_REG_EAX,
&Rax);
uc_reg_read(uc,
sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RSP : UC_X86_REG_ESP,
&Rsp);
uc_reg_read(uc,
sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RBP : UC_X86_REG_EBP,
&Rbp);
uc_reg_read(uc,
sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RCX : UC_X86_REG_ECX,
&Rcx);
uc_reg_read(uc,
sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RDX : UC_X86_REG_EDX,
&Rdx);
printf("[dumpVmenv] Rip: %p Rax: %p Rsp: %p Rbp: %p Rcx: %p Rdx: %p\n", Rip,
Rax, Rsp, Rbp, Rcx, Rdx);
}
void handleMemoryUnmapRead(uc_engine* uc, uc_mem_type type, uint64_t address,
int size, int64_t value, void* userData) {
// 待实现
auto* sandbox = static_cast<Sandbox*>(userData);
uint64_t Rip = 0;
uc_reg_read(uc,
sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RIP : UC_X86_REG_EIP,
&Rip);
printf("[handleMemoryUnmapRead] Address: %p Size: %p Value: %p Rip: %p\n",
address, size, value, Rip);
printf("[handleMemoryUnmapRead] Address: %p Size: %p Value: %p\n", address,
size, value);
dumpVmenv(uc, userData);
}
void handleMemoryWrite(uc_engine* uc, uc_mem_type type, uint64_t address,