按照样本优化了一下

ai_anti_malware/sandbox_api_emu.cpp

@@ -113,7 +113,7 @@ auto Api_LoadLibraryA(void* sandbox, uc_engine* uc, uint64_t address) -> void {
 
             // 从模块列表中查找对应模块
             for (const auto& module : context->GetModuleList()) {
-                if (_stricmp((*module).name, module_name.c_str()) == 0) {
+                if ((*module).name == module_name.c_str()) {
                     return_address = (*module).base;
                     break;
                 }
@@ -183,7 +183,7 @@ auto Api_LoadLibraryExW(void* sandbox, uc_engine* uc, uint64_t address)
 
             // 从模块列表中查找对应模块
             for (const auto& module : context->GetModuleList()) {
-                if (_stricmp((*module).name, ansi_name.c_str()) == 0) {
+                if ((*module).name == ansi_name.c_str()) {
                     return_address = (*module).base;
                     break;
                 }
@@ -240,19 +240,21 @@ auto Api_GetProcAddress(void* sandbox, uc_engine* uc, uint64_t address)
         functionName[i] = byte;
         i++;
     } while (functionName[i - 1] != 0 && i < sizeof(functionName));
-    context->CheckMalwareActive_GetProcAddress(functionName);
+    std::string fnName = functionName;
+
+    context->CheckMalwareActive_GetProcAddress(fnName);
+    if (fnName == "FlsGetValue2") {
+        fnName = "FlsGetValue";
+    }
     // 在模块列表中查找对应模块
     for (const auto& module : context->GetModuleList()) {
-        if (module->base == moduleHandle) {
-            // 遍历导出函数查找对应名称
-            for (const auto& exp : module->export_function) {
-                // 使用 _stricmp 进行大小写不敏感的比较
-                if (_stricmp(exp->name, functionName) == 0) {
-                    return_address = module->base + exp->function_address;
-                    break;
-                }
+        // 遍历导出函数查找对应名称
+        for (const auto& exp : module->export_function) {
+            // 使用 _stricmp 进行大小写不敏感的比较
+            if (_stricmp(exp->name, fnName.c_str()) == 0) {
+                return_address = module->base + exp->function_address;
+                break;
             }
-            break;
         }
     }
 
@@ -923,7 +925,7 @@ auto Api_CreateDirectoryW(void* sandbox, uc_engine* uc, uint64_t address)
 auto Api_GetStringTypeW(void* sandbox, uc_engine* uc, uint64_t address)
     -> void {
     auto context = static_cast<Sandbox*>(sandbox);
-    uint32_t dwInfoType = 0;
+    uint64_t dwInfoType = 0;
     uint64_t lpSrcStr = 0;
     int32_t cchSrc = 0;
     uint64_t lpCharType = 0;