awesome_anti_virus_engine/ai_anti_malware/sandbox_callbacks.h

#pragma once
#include "sandbox.h"

namespace sandboxCallbacks {
static void handleCodeRun(uc_engine* uc, uint64_t address, uint32_t size,
                          void* userData) {
    auto* sandbox = static_cast<Sandbox*>(userData);
    if (!sandbox) return;

    // 读取当前执行的代码
    uint8_t* codeBuffer = new uint8_t[size];
    if (uc_mem_read(uc, address, codeBuffer, size) != UC_ERR_OK) {
        delete[] codeBuffer;
        return;
    }

    // 使用Capstone反汇编
    cs_insn* instruction;
    size_t instructionCount =
        cs_disasm(sandbox->GetCapstoneHandle(), codeBuffer, size, address, 0,
                  &instruction);

    if (instructionCount > 0) {
        // 打印地址和反汇编结果
        printf("0x%016" PRIx64 " %-12s %s\n", instruction[0].address,
               instruction[0].mnemonic, instruction[0].op_str);
        cs_free(instruction, instructionCount);
    }

    delete[] codeBuffer;
}

static void handleMemoryRead(uc_engine* uc, uc_mem_type type, uint64_t address,
                             int size, int64_t value, void* userData) {
    auto* sandbox = static_cast<Sandbox*>(userData);
    if (!sandbox) return;

    uint64_t regRax, regRip;
    uc_reg_read(uc,
                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RAX : UC_X86_REG_EAX,
                &regRax);
    uc_reg_read(uc,
                sandbox->GetPeInfo()->isX64 ? UC_X86_REG_RIP : UC_X86_REG_EIP,
                &regRip);

    uint64_t readAddress;
    auto readError =
        uc_mem_read(sandbox->GetUnicornHandle(), address, &readAddress, size);
    printf(
        "[handleMemoryRead] Address: %p Size: %p Rax: %p Rip: %p Error: %d "
        "ReadData: %p\n",
        address, size, regRax, regRip, readError, readAddress);
}

static void handleMemoryUnmapRead(uc_engine* uc, uc_mem_type type,
                                  uint64_t address, int size, int64_t value,
                                  void* userData) {
    // 待实现
}

static void handleMemoryWrite(uc_engine* uc, uc_mem_type type, uint64_t address,
                              int size, int64_t value, void* userData) {
    // 待实现
}

static void handleSyscall(uc_engine* uc, void* userData) {
    // 待实现
}

}  // namespace sandboxCallbacks