From 26c92ace947d37ec2910dec378905c1136d72871 Mon Sep 17 00:00:00 2001
From: Anairkoen Schno <aaron.cirr.com@gmail.com>
Date: Tue, 6 Apr 2021 21:26:16 -0500
Subject: [PATCH] Finish implementation of Win32AntiMalware

---
 IPA.Loader/AntiMalware/AmsiResult.cs                | 13 +++++++++++++
 IPA.Loader/AntiMalware/WindowsWin32AntiMalware.cs   |  8 +++++---
 .../AntiMalware/_HideInNet3/ComAPI/IAntimalware.cs  |  9 ---------
 3 files changed, 18 insertions(+), 12 deletions(-)
 create mode 100644 IPA.Loader/AntiMalware/AmsiResult.cs

diff --git a/IPA.Loader/AntiMalware/AmsiResult.cs b/IPA.Loader/AntiMalware/AmsiResult.cs
new file mode 100644
index 00000000..ff755180
--- /dev/null
+++ b/IPA.Loader/AntiMalware/AmsiResult.cs
@@ -0,0 +1,13 @@
+﻿#nullable enable
+
+namespace IPA.AntiMalware
+{
+    internal enum AmsiResult
+    {
+        Clean = 0,
+        NotDetected = 1,
+        BlockedByAdminStart = 0x4000,
+        BlockedByAdminEnd = 0x4fff,
+        Detected = 32768
+    }
+}
diff --git a/IPA.Loader/AntiMalware/WindowsWin32AntiMalware.cs b/IPA.Loader/AntiMalware/WindowsWin32AntiMalware.cs
index aef3c1a4..ba3f5daf 100644
--- a/IPA.Loader/AntiMalware/WindowsWin32AntiMalware.cs
+++ b/IPA.Loader/AntiMalware/WindowsWin32AntiMalware.cs
@@ -54,9 +54,9 @@ namespace IPA.AntiMalware
         {
             contentName ??= $"unknown_data_{Guid.NewGuid()}";
 
+            AmsiScanBuffer(handle, data, (uint)data.Length, contentName, IntPtr.Zero, out var result);
 
-
-            Logger.AntiMalware.Debug($"Scanned data named '{contentName}' with {provider.DisplayName()}, and got '{result}'");
+            Logger.AntiMalware.Debug($"Scanned data named '{contentName}' and got '{result}'");
             return ScanResultFromAmsiResult(result);
         }
 
@@ -99,6 +99,8 @@ namespace IPA.AntiMalware
         [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
         private static extern void AmsiScanBuffer(IntPtr context,
             [MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] byte[] buffer, uint length,
-            [MarshalAs(UnmanagedType.LPWStr)] string contentName, IntPtr session, [Out] out AmsiResult result);
+            [MarshalAs(UnmanagedType.LPWStr)] string contentName, 
+            IntPtr session, 
+            [Out] out AmsiResult result);
     }
 }
diff --git a/IPA.Loader/AntiMalware/_HideInNet3/ComAPI/IAntimalware.cs b/IPA.Loader/AntiMalware/_HideInNet3/ComAPI/IAntimalware.cs
index 61b7ca1a..76743397 100644
--- a/IPA.Loader/AntiMalware/_HideInNet3/ComAPI/IAntimalware.cs
+++ b/IPA.Loader/AntiMalware/_HideInNet3/ComAPI/IAntimalware.cs
@@ -34,15 +34,6 @@ namespace IPA.AntiMalware.WinAPI
         void CloseSession([In] ulong session);
     }
 
-    internal enum AmsiResult
-    {
-        Clean = 0,
-        NotDetected = 1,
-        BlockedByAdminStart = 0x4000,
-        BlockedByAdminEnd = 0x4fff,
-        Detected = 32768
-    }
-
     internal enum AmsiAttribute
     {
         AppName = 0,