DaNike
/
BeatSaber-IPA-Reloaded
mirror of https://github.com/bsmg/BeatSaber-IPA-Reloaded.git
1
1
Fork 0
Code Issues 0 Projects 0 Releases 78 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1085 Commits
9 Branches
2.9 GiB
Tree: 6c9a842e03
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6c9a842e03'
${ noResults }
BeatSaber-IPA-Reloaded/IPA.Loader/AntiMalware/WindowsWin32AntiMalware.cs

106 lines
3.7 KiB
Raw Normal View History

Move stuff around for supporting Win32 AMSI
3 years ago
Finish implementation of Win32AntiMalware
3 years ago
Move stuff around for supporting Win32 AMSI
3 years ago
Finish implementation of Win32AntiMalware
3 years ago
Move stuff around for supporting Win32 AMSI
3 years ago
Finish implementation of Win32AntiMalware
3 years ago
Move stuff around for supporting Win32 AMSI
3 years ago
 
  1. #nullable enable
  2. using IPA.AntiMalware.ComAPI;
  3. using IPA.Logging;
  4. using System;
  5. using System.Collections.Generic;
  6. using System.IO;
  7. using System.Linq;
  8. using System.Runtime.InteropServices;
  9. using System.Text;
  10. using System.Threading.Tasks;
  11. 

  12. namespace IPA.AntiMalware
  13. {
  14.     internal class WindowsWin32AntiMalware : IAntiMalware, IDisposable
  15.     {
  16.         internal static WindowsWin32AntiMalware? TryInitialize()
  17.         {
  18.             try
  19.             {
  20.                 return new();
  21.             }
  22.             catch (Exception e)
  23.             {
  24.                 Logger.AntiMalware.Warn("Could not initialize antimalware engine:");
  25.                 Logger.AntiMalware.Warn(e);
  26.                 return null;
  27.             }
  28.         }
  29. 

  30.         private readonly IntPtr handle;
  31.         private bool disposedValue;
  32. 

  33.         private WindowsWin32AntiMalware()
  34.         {
  35.             AmsiInitialize(AmsiConstants.AppName, out handle);
  36.         }
  37. 

  38.         private static ScanResult ScanResultFromAmsiResult(AmsiResult result)
  39.             => result switch
  40.             {
  41.                 AmsiResult.Clean => ScanResult.KnownSafe,
  42.                 AmsiResult.NotDetected => ScanResult.NotDetected,
  43.                 AmsiResult.Detected => ScanResult.Detected,
  44.                 _ => ScanResult.MaybeMalware
  45.             };
  46. 

  47.         public ScanResult ScanFile(FileInfo file)
  48.         {
  49.             var data = File.ReadAllBytes(file.FullName);
  50.             return ScanData(data, file.FullName);
  51.         }
  52. 

  53.         public ScanResult ScanData(byte[] data, string? contentName = null)
  54.         {
  55.             contentName ??= $"unknown_data_{Guid.NewGuid()}";
  56. 

  57.             AmsiScanBuffer(handle, data, (uint)data.Length, contentName, IntPtr.Zero, out var result);
  58. 

  59.             Logger.AntiMalware.Debug($"Scanned data named '{contentName}' and got '{result}'");
  60.             return ScanResultFromAmsiResult(result);
  61.         }
  62. 

  63.         protected virtual void Dispose(bool disposing)
  64.         {
  65.             if (!disposedValue)
  66.             {
  67.                 if (disposing)
  68.                 {
  69.                     // we have no disposable managed state

  70.                 }
  71. 

  72.                 AmsiUninitialize(handle);
  73.                 disposedValue = true;
  74.             }
  75.         }
  76. 

  77.         ~WindowsWin32AntiMalware()
  78.         {
  79.             // Do not change this code. Put cleanup code in 'Dispose(bool disposing)' method

  80.             Dispose(disposing: false);
  81.         }
  82. 

  83.         public void Dispose()
  84.         {
  85.             // Do not change this code. Put cleanup code in 'Dispose(bool disposing)' method

  86.             Dispose(disposing: true);
  87.             GC.SuppressFinalize(this);
  88.         }
  89. 

  90.         [DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)]
  91.         [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
  92.         private static extern void AmsiInitialize([MarshalAs(UnmanagedType.LPWStr)] string appName, [Out] out IntPtr handle);
  93. 

  94.         [DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)]
  95.         [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
  96.         private static extern void AmsiUninitialize(IntPtr handle);
  97. 

  98.         [DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)]
  99.         [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
  100.         private static extern void AmsiScanBuffer(IntPtr context,
  101.             [MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] byte[] buffer, uint length,
  102.             [MarshalAs(UnmanagedType.LPWStr)] string contentName, 
  103.             IntPtr session, 
  104.             [Out] out AmsiResult result);
  105.     }
  106. }