DaNike
/
BeatSaber-IPA-Reloaded
mirror of https://github.com/bsmg/BeatSaber-IPA-Reloaded.git
1
1
Fork 0
Code Issues 0 Projects 0 Releases 78 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1185 Commits
9 Branches
341 MiB
Tree: dd00c7442b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dd00c7442b'
${ noResults }
BeatSaber-IPA-Reloaded/IPA.Loader/AntiMalware/_HideInNet3/WindowsCOMAntiMalware.cs

88 lines
3.1 KiB
Raw Normal View History

Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Move stuff around for supporting Win32 AMSI
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Attempt to make COM anti-malware work, find out that Mono is utterly broken
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Move stuff around for supporting Win32 AMSI
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Move stuff around for supporting Win32 AMSI
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Attempt to make COM anti-malware work, find out that Mono is utterly broken
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Adjusted log messages to be marginally more helpful
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Attempt to make COM anti-malware work, find out that Mono is utterly broken
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Move stuff around for supporting Win32 AMSI
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Attempt to make COM anti-malware work, find out that Mono is utterly broken
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Attempt to make COM anti-malware work, find out that Mono is utterly broken
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Document new public APIs
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Adjusted log messages to be marginally more helpful
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
Adjusted log messages to be marginally more helpful
3 years ago
Expose Windows AMSI interface through common interface to BSIPA plugins
3 years ago
 
  1. #nullable enable
  2. using IPA.AntiMalware.ComAPI;
  3. using IPA.Logging;
  4. using System;
  5. using System.Collections.Generic;
  6. using System.IO;
  7. using System.Linq;
  8. using System.Runtime.InteropServices;
  9. using System.Text;
  10. using System.Threading.Tasks;
  11. 

  12. namespace IPA.AntiMalware
  13. {
  14.     internal class WindowsCOMAntiMalware : IAntiMalware
  15.     {
  16.         internal static WindowsCOMAntiMalware? TryInitialize()
  17.         {
  18.             // Mono's COM interop *fundamentally doesn't work.*

  19.             // End of story.

  20. #if false

  21.             try
  22.             {
  23.                 return new();
  24.             }
  25.             catch (Exception e)
  26.             {
  27.                 Logger.AntiMalware.Warn("Could not initialize COM-based antimalware engine:");
  28.                 Logger.AntiMalware.Warn(e);
  29.             }
  30. #endif

  31.             return null;
  32.         }
  33. 

  34.         private readonly IAntimalware amInterface;
  35. 

  36.         private WindowsCOMAntiMalware()
  37.         {
  38.             var hr = CoCreateInstanceAM(AmsiConstants.CAntimalwareGuid,
  39.                 null,
  40.                 0x1 | 0x4 /* inproc server, local server */,
  41.                 AmsiConstants.IAntimalwareGuid,
  42.                 out var antimalware);
  43.             Marshal.ThrowExceptionForHR(hr);
  44. 

  45.             amInterface = antimalware;
  46.         }
  47. 

  48.         [DllImport("ole32",
  49.             CallingConvention = CallingConvention.Winapi,
  50.             ExactSpelling = true,
  51.             PreserveSig = false,
  52.             EntryPoint = "CoCreateInstance")]
  53.         [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
  54.         private static extern int CoCreateInstanceAM(
  55.             [In] in Guid clsid,
  56.             [In, MarshalAs(UnmanagedType.Interface)] object? unkOuter,
  57.             [In] int dwClsContext,
  58.             [In] in Guid iid,
  59.             [Out, MarshalAs(UnmanagedType.Interface)] out IAntimalware @interface);
  60. 

  61. 

  62.         private static ScanResult ScanResultFromAmsiResult(AmsiResult result)
  63.             => result switch
  64.             {
  65.                 AmsiResult.Clean => ScanResult.KnownSafe,
  66.                 AmsiResult.NotDetected => ScanResult.NotDetected,
  67.                 AmsiResult.Detected => ScanResult.Detected,
  68.                 _ => ScanResult.MaybeMalware
  69.             };
  70. 

  71.         public ScanResult ScanFile(FileInfo file)
  72.         {
  73.             using var stream = new AmsiFileStream(file, IntPtr.Zero);
  74.             amInterface.Scan(stream, out var result, out var provider);
  75.             Logger.AntiMalware.Trace($"Scanned file '{file}' with {provider.DisplayName()}, and got '{result}'");
  76.             return ScanResultFromAmsiResult(result);
  77.         }
  78. 

  79.         public ScanResult ScanData(byte[] data, string? contentName = null)
  80.         {
  81.             contentName ??= $"unknown_data_{Guid.NewGuid()}";
  82.             using var stream = new AmsiMemoryStream(contentName, data, IntPtr.Zero);
  83.             amInterface.Scan(stream, out var result, out var provider);
  84.             Logger.AntiMalware.Trace($"Scanned data named '{contentName}' with {provider.DisplayName()}, and got '{result}'");
  85.             return ScanResultFromAmsiResult(result);
  86.         }
  87.     }
  88. }