diff --git a/ai_anti_malware/ai_anti_malware.cpp b/ai_anti_malware/ai_anti_malware.cpp index 4d84582..7051b4d 100644 --- a/ai_anti_malware/ai_anti_malware.cpp +++ b/ai_anti_malware/ai_anti_malware.cpp @@ -314,7 +314,7 @@ auto doMalwareScan(int argc, char* argv[]) -> void { int doSandbox(int argc, char* argv[]) { - std::string filePath = "Z:\\opengl32.dll"; + std::string filePath = "C:\\wangkun_muma\\opengl32.dll.bin"; auto peInfo = getPeInfo(filePath); if (peInfo == nullptr) { std::cout << "无法加载PE文件: " << filePath << std::endl; diff --git a/ai_anti_malware/head.h b/ai_anti_malware/head.h index 0cc949c..f99b4c4 100644 --- a/ai_anti_malware/head.h +++ b/ai_anti_malware/head.h @@ -1,5 +1,5 @@ #pragma once -#define LOG_LEVEL 1 +#define LOG_LEVEL 0 #define _CRT_SECURE_NO_WARNINGS #include diff --git a/ai_anti_malware/sandbox_api_winhttp.cpp b/ai_anti_malware/sandbox_api_winhttp.cpp index 7c8cf14..cce6dab 100644 --- a/ai_anti_malware/sandbox_api_winhttp.cpp +++ b/ai_anti_malware/sandbox_api_winhttp.cpp @@ -396,8 +396,40 @@ auto Api_URLDownloadToFileW(void* sandbox, uc_engine* uc, uint64_t address) // 读取URL (宽字符) std::wstring wUrlString; if (szURL != 0) { - wchar_t buffer[1024] = {0}; - uc_mem_read(uc, szURL, buffer, sizeof(buffer) - sizeof(wchar_t)); + wchar_t buffer[4096] = {0}; + // 循环读取URL,每次读取一个wchar_t字符 + size_t totalRead = 0; + const size_t maxSize = + sizeof(buffer) - sizeof(wchar_t); // 预留null终止符空间 + bool readError = false; + + while (totalRead < maxSize) { + wchar_t ch = 0; + auto ucError = + uc_mem_read(uc, szURL + totalRead, &ch, sizeof(wchar_t)); + + if (ucError != UC_ERR_OK) { + readError = true; + break; + } + + // 检查是否遇到宽字符终止符(0x0000) + if (ch == 0x0000) { + break; + } + + buffer[totalRead / sizeof(wchar_t)] = ch; + totalRead += sizeof(wchar_t); + } + + // 确保字符串以宽字符null结尾 + buffer[totalRead / sizeof(wchar_t)] = 0x0000; + + if (readError) { + printf("[警告] URL读取时发生错误\n"); + __debugbreak(); + } + wUrlString = buffer; // 转换为UTF-8字符串用于日志记录