admin/awesome_anti_virus_engine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update & fix logic bug

Browse Source
This commit is contained in:
Huoji's
2025-03-20 04:56:31 +08:00
parent 3a6e331f31
commit 91dca661ba
5 changed files with 243 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
ai_anti_malware/sandbox.h
View File

@@ -235,11 +235,13 @@ class Sandbox {
auto GetImpFuncDict() -> std::vector<std::shared_ptr<moudle_import>> {
return m_impFuncDict;
}
auto GetLastImpRead() -> std::pair<uint64_t, std::shared_ptr<moudle_import>> {
auto GetLastImpRead()
-> std::pair<uint64_t, std::shared_ptr<moudle_import>> {
return m_lastImpRead;
}
auto SetLastImpRead(uint64_t address, std::shared_ptr<moudle_import> imp) -> void {
m_lastImpRead = { address, imp };
auto SetLastImpRead(uint64_t address, std::shared_ptr<moudle_import> imp)
-> void {
m_lastImpRead = {address, imp};
}
private:
@@ -292,16 +294,16 @@ class Sandbox {
L"PROMPT=$P$G",
L"SystemDrive=C:",
L"SystemRoot=C:\\Windows",
L"TEMP=C:\\Users\\User\\AppData\\Local\\Temp",
L"TMP=C:\\Users\\User\\AppData\\Local\\Temp",
L"TEMP=C:\\Users\\huoji\\AppData\\Local\\Temp",
L"TMP=C:\\Users\\huoji\\AppData\\Local\\Temp",
L"USERDOMAIN=DESKTOP",
L"USERNAME=User",
L"USERPROFILE=C:\\Users\\User",
L"USERPROFILE=C:\\Users\\huoji",
L"windir=C:\\Windows"};
auto ResoveImport() -> void;
auto ResolveImportExports() -> void;
auto CreateModuleInfo(const char* dllName, uint64_t moduleBase, uint64_t realModuleBase,
uint64_t bufferAddress)
auto CreateModuleInfo(const char* dllName, uint64_t moduleBase,
uint64_t realModuleBase, uint64_t bufferAddress)
-> std::shared_ptr<struct_moudle>;
auto ResolveExport(uint64_t moduleBase)
-> std::vector<std::shared_ptr<moudle_export>>;
@@ -439,4 +441,6 @@ auto Api_FwpmEngineClose0(void* sandbox, uc_engine* uc, uint64_t address)
-> void;
auto Api_TlsFree(void* sandbox, uc_engine* uc, uint64_t address) -> void;
auto Api_FlsAlloc(void* sandbox, uc_engine* uc, uint64_t address) -> void;
auto Api_FlsGetValue(void* sandbox, uc_engine* uc, uint64_t address) -> void;
auto Api_FlsGetValue(void* sandbox, uc_engine* uc, uint64_t address) -> void;
auto Api__initterm_e(void* sandbox, uc_engine* uc, uint64_t address) -> void;
auto Api_getenv(void* sandbox, uc_engine* uc, uint64_t address) -> void;