DaNike
/
BeatSaber-IPA-Reloaded
mirror of https://github.com/bsmg/BeatSaber-IPA-Reloaded.git

﻿#nullable enableusing IPA.Logging;using System;using System.Collections.Generic;using System.IO;using System.Linq;using System.Runtime.InteropServices;using System.Text;using System.Threading.Tasks;
namespace IPA.AntiMalware{    internal class WindowsWin32AntiMalware : IAntiMalware, IDisposable    {        internal static WindowsWin32AntiMalware? TryInitialize()        {            try            {                return new();            }            catch (Exception e)            {                Logger.AntiMalware.Warn("Could not initialize Win32-based antimalware engine:");                Logger.AntiMalware.Warn(e);                return null;            }        }
        private readonly IntPtr handle;        private bool disposedValue;
        private WindowsWin32AntiMalware()        {            AmsiInitialize(AmsiConstants.AppName, out handle);        }
        private static ScanResult ScanResultFromAmsiResult(AmsiResult result)            => result switch            {                AmsiResult.Clean => ScanResult.KnownSafe,                AmsiResult.NotDetected => ScanResult.NotDetected,                AmsiResult.Detected => ScanResult.Detected,                _ => ScanResult.MaybeMalware            };
        public ScanResult ScanFile(FileInfo file)        {            var data = File.ReadAllBytes(file.FullName);            return ScanData(data, file.FullName);        }
        public ScanResult ScanData(byte[] data, string? contentName = null)        {            contentName ??= $"unknown_data_{Guid.NewGuid()}";
            AmsiScanBuffer(handle, data, (uint)data.Length, contentName, IntPtr.Zero, out var result);
            Logger.AntiMalware.Trace($"Scanned data named '{contentName}' and got '{result}'");            return ScanResultFromAmsiResult(result);        }
        protected virtual void Dispose(bool disposing)        {            if (!disposedValue)            {                if (disposing)                {                    // we have no disposable managed state
                }
                AmsiUninitialize(handle);                disposedValue = true;            }        }
        ~WindowsWin32AntiMalware()        {            // Do not change this code. Put cleanup code in 'Dispose(bool disposing)' method
            Dispose(disposing: false);        }
        public void Dispose()        {            // Do not change this code. Put cleanup code in 'Dispose(bool disposing)' method
            Dispose(disposing: true);            GC.SuppressFinalize(this);        }
        [DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)]#if !NET35
        [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]#endif
        private static extern void AmsiInitialize([MarshalAs(UnmanagedType.LPWStr)] string appName, [Out] out IntPtr handle);
        [DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)]#if !NET35
        [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]#endif
        private static extern void AmsiUninitialize(IntPtr handle);
        [DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)]#if !NET35
        [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]#endif
        private static extern void AmsiScanBuffer(IntPtr context,            [MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] byte[] buffer, uint length,            [MarshalAs(UnmanagedType.LPWStr)] string contentName,             IntPtr session,             [Out] out AmsiResult result);    }}