Browse Source

Finish implementation of Win32AntiMalware

pull/72/head
Anairkoen Schno 3 years ago
parent
commit
26c92ace94
Signed by: DaNike GPG Key ID: BEFB74D5F3FC4387
3 changed files with 18 additions and 12 deletions
  1. +13
    -0
      IPA.Loader/AntiMalware/AmsiResult.cs
  2. +5
    -3
      IPA.Loader/AntiMalware/WindowsWin32AntiMalware.cs
  3. +0
    -9
      IPA.Loader/AntiMalware/_HideInNet3/ComAPI/IAntimalware.cs

+ 13
- 0
IPA.Loader/AntiMalware/AmsiResult.cs View File

@ -0,0 +1,13 @@
#nullable enable
namespace IPA.AntiMalware
{
internal enum AmsiResult
{
Clean = 0,
NotDetected = 1,
BlockedByAdminStart = 0x4000,
BlockedByAdminEnd = 0x4fff,
Detected = 32768
}
}

+ 5
- 3
IPA.Loader/AntiMalware/WindowsWin32AntiMalware.cs View File

@ -54,9 +54,9 @@ namespace IPA.AntiMalware
{
contentName ??= $"unknown_data_{Guid.NewGuid()}";
AmsiScanBuffer(handle, data, (uint)data.Length, contentName, IntPtr.Zero, out var result);
Logger.AntiMalware.Debug($"Scanned data named '{contentName}' with {provider.DisplayName()}, and got '{result}'");
Logger.AntiMalware.Debug($"Scanned data named '{contentName}' and got '{result}'");
return ScanResultFromAmsiResult(result);
}
@ -99,6 +99,8 @@ namespace IPA.AntiMalware
[DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
private static extern void AmsiScanBuffer(IntPtr context,
[MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] byte[] buffer, uint length,
[MarshalAs(UnmanagedType.LPWStr)] string contentName, IntPtr session, [Out] out AmsiResult result);
[MarshalAs(UnmanagedType.LPWStr)] string contentName,
IntPtr session,
[Out] out AmsiResult result);
}
}

+ 0
- 9
IPA.Loader/AntiMalware/_HideInNet3/ComAPI/IAntimalware.cs View File

@ -34,15 +34,6 @@ namespace IPA.AntiMalware.WinAPI
void CloseSession([In] ulong session);
}
internal enum AmsiResult
{
Clean = 0,
NotDetected = 1,
BlockedByAdminStart = 0x4000,
BlockedByAdminEnd = 0x4fff,
Detected = 32768
}
internal enum AmsiAttribute
{
AppName = 0,


Loading…
Cancel
Save