diff --git a/ai_anti_malware/sandbox_api_emu.cpp b/ai_anti_malware/sandbox_api_emu.cpp
index 6de4e25..e7148ef 100644
--- a/ai_anti_malware/sandbox_api_emu.cpp
+++ b/ai_anti_malware/sandbox_api_emu.cpp
@@ -2015,6 +2015,38 @@ auto Api_FreeEnvironmentStringsW(void* sandbox, uc_engine* uc, uint64_t address)
                  &success);
 }
 
+// 实现 SetUnhandledExceptionFilter API
+auto Api_SetUnhandledExceptionFilter(void* sandbox, uc_engine* uc,
+                                     uint64_t address) -> void {
+    auto context = static_cast<Sandbox*>(sandbox);
+    uint64_t lpTopLevelExceptionFilter = 0;
+
+    // 获取参数
+    if (context->GetPeInfo()->isX64) {
+        // x64: rcx = lpTopLevelExceptionFilter
+        uc_reg_read(uc, UC_X86_REG_RCX, &lpTopLevelExceptionFilter);
+    } else {
+        // x86: 从栈上读取参数
+        uint32_t esp_address = 0;
+        uint32_t temp_filter = 0;
+        uc_reg_read(uc, UC_X86_REG_ESP, &esp_address);
+        esp_address += 0x4;  // 跳过返回地址
+        uc_mem_read(uc, esp_address, &temp_filter, sizeof(uint32_t));
+        lpTopLevelExceptionFilter = temp_filter;
+    }
+
+    // 简单实现：返回NULL表示没有之前的过滤器
+    uint64_t prev_filter = 0;
+
+    printf("[*] SetUnhandledExceptionFilter: Filter=0x%llx\n",
+           lpTopLevelExceptionFilter);
+
+    // 返回之前的过滤器（在这里始终返回NULL）
+    uc_reg_write(uc,
+                 context->GetPeInfo()->isX64 ? UC_X86_REG_RAX : UC_X86_REG_EAX,
+                 &prev_filter);
+}
+
 auto Sandbox::InitApiHooks() -> void {
     auto FakeApi_GetSystemTimeAsFileTime =
         _fakeApi{.func = Api_GetSystemTimeAsFileTime, .paramCount = 1};
@@ -2079,6 +2111,8 @@ auto Sandbox::InitApiHooks() -> void {
         _fakeApi{.func = Api_GetEnvironmentStringsW, .paramCount = 0};
     auto FakeApi_FreeEnvironmentStringsW =
         _fakeApi{.func = Api_FreeEnvironmentStringsW, .paramCount = 1};
+    auto FakeApi_SetUnhandledExceptionFilter =
+        _fakeApi{.func = Api_SetUnhandledExceptionFilter, .paramCount = 1};
 
     api_map = {
         {"GetSystemTimeAsFileTime",
@@ -2135,6 +2169,8 @@ auto Sandbox::InitApiHooks() -> void {
          std::make_shared<_fakeApi>(FakeApi_GetEnvironmentStringsW)},
         {"FreeEnvironmentStringsW",
          std::make_shared<_fakeApi>(FakeApi_FreeEnvironmentStringsW)},
+        {"SetUnhandledExceptionFilter",
+         std::make_shared<_fakeApi>(FakeApi_SetUnhandledExceptionFilter)},
     };
 }
 auto Sandbox::EmulateApi(uc_engine* uc, uint64_t address, uint64_t rip,