From a33e252e406417ff339b31afce8b0d9e7731c5b0 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Wed, 13 Aug 2025 19:06:09 +0200
Subject: [PATCH] Kill WinVerifyTrust

---
 src/analyzer/analysis.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/analyzer/analysis.cpp b/src/analyzer/analysis.cpp
index b7b9f7d1..634c0881 100644
--- a/src/analyzer/analysis.cpp
+++ b/src/analyzer/analysis.cpp
@@ -170,6 +170,13 @@ namespace
             print_module_name(*c.win_emu, 0);
             print_arg_as_string(*c.win_emu, 1);
         }
+        else if (function == "WinVerifyTrust")
+        {
+            auto& emu = c.win_emu->emu();
+            emu.reg(x86_register::rip, emu.read_stack(0));
+            emu.reg(x86_register::rsp, emu.reg(x86_register::rsp) + 8);
+            emu.reg(x86_register::rax, 1);
+        }
         else if (function == "lstrcmp" || function == "lstrcmpi")
         {
             print_arg_as_string(*c.win_emu, 0);