DaNike
/
BeatSaber-IPA-Reloaded
mirror of https://github.com/bsmg/BeatSaber-IPA-Reloaded.git
1
1
Fork 0
Code Issues 0 Projects 0 Releases 78 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1080 Commits
9 Branches
1.8 GiB
Tree: 3c1b26811d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3c1b26811d'
${ noResults }
BeatSaber-IPA-Reloaded/IPA.Loader/AntiMalware/_HideInNet3/WindowsAntiMalware.cs

64 lines
2.3 KiB
Raw Normal View History

Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
 
  1. #nullable enable
  2. using IPA.AntiMalware.WinAPI;
  3. using IPA.Logging;
  4. using System;
  5. using System.Collections.Generic;
  6. using System.IO;
  7. using System.Linq;
  8. using System.Text;
  9. using System.Threading.Tasks;
  10. 

  11. namespace IPA.AntiMalware
  12. {
  13.     internal class WindowsAntiMalware : IAntiMalware
  14.     {
  15.         internal static WindowsAntiMalware? TryInitialize()
  16.         {
  17.             try
  18.             {
  19.                 return new();
  20.             }
  21.             catch (Exception e)
  22.             {
  23.                 Logger.AntiMalware.Warn("Could not initialize antimalware engine:");
  24.                 Logger.AntiMalware.Warn(e);
  25.                 return null;
  26.             }
  27.         }
  28. 

  29.         private readonly IAntimalware amInterface;
  30. 

  31.         private WindowsAntiMalware()
  32.         {
  33.             var amType = Type.GetTypeFromCLSID(AmsiConstants.CAntimalwareGuid, true);
  34.             amInterface = (IAntimalware)Activator.CreateInstance(amType);
  35.         }
  36. 

  37.         private static ScanResult ScanResultFromAmsiResult(AmsiResult result)
  38.             => result switch
  39.             {
  40.                 AmsiResult.Clean => ScanResult.KnownSafe,
  41.                 AmsiResult.NotDetected => ScanResult.NotDetected,
  42.                 AmsiResult.Detected => ScanResult.Detected,
  43.                 var a when a is >= AmsiResult.BlockedByAdminStart and <= AmsiResult.BlockedByAdminEnd => ScanResult.BlockedByPolicy,
  44.                 _ => ScanResult.NotDetected,
  45.             };
  46. 

  47.         public ScanResult ScanFile(FileInfo file)
  48.         {
  49.             using var stream = new AmsiFileStream(file, IntPtr.Zero);
  50.             amInterface.Scan(stream, out var result, out var provider);
  51.             Logger.AntiMalware.Debug($"Scanned file '{file}' with {provider.DisplayName()}, and got '{result}'");
  52.             return ScanResultFromAmsiResult(result);
  53.         }
  54. 

  55.         public ScanResult ScanData(byte[] data, string? contentName = null)
  56.         {
  57.             contentName ??= $"unknown_data_{Guid.NewGuid()}";
  58.             using var stream = new AmsiMemoryStream(contentName, data, IntPtr.Zero);
  59.             amInterface.Scan(stream, out var result, out var provider);
  60.             Logger.AntiMalware.Debug($"Scanned data named '{contentName}' with {provider.DisplayName()}, and got '{result}'");
  61.             return ScanResultFromAmsiResult(result);
  62.         }
  63.     }
  64. }