|
@ -1,5 +1,4 @@ |
|
|
#nullable enable |
|
|
#nullable enable |
|
|
using IPA.AntiMalware.ComAPI; |
|
|
|
|
|
using IPA.Logging; |
|
|
using IPA.Logging; |
|
|
using System; |
|
|
using System; |
|
|
using System.Collections.Generic; |
|
|
using System.Collections.Generic; |
|
@ -21,7 +20,7 @@ namespace IPA.AntiMalware |
|
|
} |
|
|
} |
|
|
catch (Exception e) |
|
|
catch (Exception e) |
|
|
{ |
|
|
{ |
|
|
Logger.AntiMalware.Warn("Could not initialize antimalware engine:"); |
|
|
|
|
|
|
|
|
Logger.AntiMalware.Warn("Could not initialize Win32-based antimalware engine:"); |
|
|
Logger.AntiMalware.Warn(e); |
|
|
Logger.AntiMalware.Warn(e); |
|
|
return null; |
|
|
return null; |
|
|
} |
|
|
} |
|
@ -56,7 +55,7 @@ namespace IPA.AntiMalware |
|
|
|
|
|
|
|
|
AmsiScanBuffer(handle, data, (uint)data.Length, contentName, IntPtr.Zero, out var result); |
|
|
AmsiScanBuffer(handle, data, (uint)data.Length, contentName, IntPtr.Zero, out var result); |
|
|
|
|
|
|
|
|
Logger.AntiMalware.Debug($"Scanned data named '{contentName}' and got '{result}'"); |
|
|
|
|
|
|
|
|
Logger.AntiMalware.Trace($"Scanned data named '{contentName}' and got '{result}'"); |
|
|
return ScanResultFromAmsiResult(result); |
|
|
return ScanResultFromAmsiResult(result); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
@ -88,15 +87,21 @@ namespace IPA.AntiMalware |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
[DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)] |
|
|
[DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)] |
|
|
|
|
|
#if !NET35
|
|
|
[DefaultDllImportSearchPaths(DllImportSearchPath.System32)] |
|
|
[DefaultDllImportSearchPaths(DllImportSearchPath.System32)] |
|
|
|
|
|
#endif
|
|
|
private static extern void AmsiInitialize([MarshalAs(UnmanagedType.LPWStr)] string appName, [Out] out IntPtr handle); |
|
|
private static extern void AmsiInitialize([MarshalAs(UnmanagedType.LPWStr)] string appName, [Out] out IntPtr handle); |
|
|
|
|
|
|
|
|
[DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)] |
|
|
[DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)] |
|
|
|
|
|
#if !NET35
|
|
|
[DefaultDllImportSearchPaths(DllImportSearchPath.System32)] |
|
|
[DefaultDllImportSearchPaths(DllImportSearchPath.System32)] |
|
|
|
|
|
#endif
|
|
|
private static extern void AmsiUninitialize(IntPtr handle); |
|
|
private static extern void AmsiUninitialize(IntPtr handle); |
|
|
|
|
|
|
|
|
[DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)] |
|
|
[DllImport("amsi", CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, ExactSpelling = true)] |
|
|
|
|
|
#if !NET35
|
|
|
[DefaultDllImportSearchPaths(DllImportSearchPath.System32)] |
|
|
[DefaultDllImportSearchPaths(DllImportSearchPath.System32)] |
|
|
|
|
|
#endif
|
|
|
private static extern void AmsiScanBuffer(IntPtr context, |
|
|
private static extern void AmsiScanBuffer(IntPtr context, |
|
|
[MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] byte[] buffer, uint length, |
|
|
[MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] byte[] buffer, uint length, |
|
|
[MarshalAs(UnmanagedType.LPWStr)] string contentName, |
|
|
[MarshalAs(UnmanagedType.LPWStr)] string contentName, |
|
|