update

ai_anti_malware/sandbox_api_emu.cpp

@@ -1,6 +1,7 @@
 #include "sandbox.h"
 #include "sandbox_callbacks.h"
 #include "sandbox_api_winhttp.h"
+#include "sandbox_api_com.h"
 #include <tlhelp32.h>
 
 auto Api_QueryPerformanceCounter(void* sandbox, uc_engine* uc, uint64_t address)
@@ -1362,6 +1363,17 @@ auto Sandbox::InitApiHooks() -> void {
     auto FakeApi__initterm_e =
         _fakeApi{.func = Api__initterm_e, .paramCount = 2};
     auto FakeApi_getenv = _fakeApi{.func = Api_getenv, .paramCount = 1};
+    // 添加COM API
+    auto FakeApi_CoInitializeEx =
+        _fakeApi{.func = Api_CoInitializeEx, .paramCount = 2};
+    auto FakeApi_CoCreateInstance =
+        _fakeApi{.func = Api_CoCreateInstance, .paramCount = 5};
+    auto FakeApi_VariantInit =
+        _fakeApi{.func = Api_VariantInit, .paramCount = 1};
+    auto FakeApi_VariantClear =
+        _fakeApi{.func = Api_VariantClear, .paramCount = 1};
+    auto FakeApi_SysAllocString =
+        _fakeApi{.func = Api_SysAllocString, .paramCount = 1};
 
     api_map = {
         {"GetSystemTimeAsFileTime",
@@ -1499,6 +1511,12 @@ auto Sandbox::InitApiHooks() -> void {
         {"GetStringTypeW", std::make_shared<_fakeApi>(FakeApi_GetStringTypeW)},
         {"LCMapStringW", std::make_shared<_fakeApi>(FakeApi_LCMapStringW)},
         {"getenv", std::make_shared<_fakeApi>(FakeApi_getenv)},
+        {"CoInitializeEx", std::make_shared<_fakeApi>(FakeApi_CoInitializeEx)},
+        {"CoCreateInstance",
+         std::make_shared<_fakeApi>(FakeApi_CoCreateInstance)},
+        {"VariantInit", std::make_shared<_fakeApi>(FakeApi_VariantInit)},
+        {"VariantClear", std::make_shared<_fakeApi>(FakeApi_VariantClear)},
+        {"SysAllocString", std::make_shared<_fakeApi>(FakeApi_SysAllocString)},
     };
 }
 auto Sandbox::EmulateApi(uc_engine* uc, uint64_t address, uint64_t rip,