Browse Source

Attempt to make COM anti-malware work, find out that Mono is utterly broken

pull/72/head
Anairkoen Schno 3 years ago
parent
commit
a70bc77869
Signed by: DaNike GPG Key ID: BEFB74D5F3FC4387
3 changed files with 40 additions and 9 deletions
  1. +3
    -0
      IPA.Loader/AntiMalware/AmsiConstants.cs
  2. +9
    -6
      IPA.Loader/AntiMalware/_HideInNet3/ComAPI/IAntimalware.cs
  3. +28
    -3
      IPA.Loader/AntiMalware/_HideInNet3/WindowsCOMAntiMalware.cs

+ 3
- 0
IPA.Loader/AntiMalware/AmsiConstants.cs View File

@ -6,6 +6,9 @@ namespace IPA.AntiMalware
internal static class AmsiConstants internal static class AmsiConstants
{ {
public const string AppName = "BSIPA/" + Config.SelfConfig.IPAVersion; public const string AppName = "BSIPA/" + Config.SelfConfig.IPAVersion;
public const string IAntimalwareGuidStr = "82d29c2e-f062-44e6-b5c9-3d9a2f24a2df";
public static readonly Guid IAntimalwareGuid = new(IAntimalwareGuidStr);
public static readonly Guid CAntimalwareGuid = new("fdb00e52-a214-4aa1-8fba-4357bb0072ec"); public static readonly Guid CAntimalwareGuid = new("fdb00e52-a214-4aa1-8fba-4357bb0072ec");
public static readonly Guid IUnknownGuid = new("00000000-0000-0000-C000-000000000046");
} }
} }

+ 9
- 6
IPA.Loader/AntiMalware/_HideInNet3/ComAPI/IAntimalware.cs View File

@ -8,24 +8,27 @@ using System.Threading.Tasks;
namespace IPA.AntiMalware.ComAPI namespace IPA.AntiMalware.ComAPI
{ {
[Guid("82d29c2e-f062-44e6-b5c9-3d9a2f24a2df")]
[ComVisible(true)]
[ComImport]
[Guid(AmsiConstants.IAntimalwareGuidStr)]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
internal interface IAntimalware internal interface IAntimalware
{ {
void Scan([In] IAmsiStream stream, [Out] out AmsiResult result, [Out] out IAntimalwareProvider provider); void Scan([In] IAmsiStream stream, [Out] out AmsiResult result, [Out] out IAntimalwareProvider provider);
void CloseSession([In] ulong session); void CloseSession([In] ulong session);
} }
[ComImport]
[Guid("3e47f2e5-81d4-4d3b-897f-545096770373")] [Guid("3e47f2e5-81d4-4d3b-897f-545096770373")]
[ComVisible(true)]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
internal interface IAmsiStream internal interface IAmsiStream
{ {
unsafe void GetAttribute([In] AmsiAttribute attribute, [In] uint dataSize, [Out] byte* buffer, out uint writtenData);
unsafe void Read([In] ulong position, [In] uint dataSize, [Out] byte* buffer, out uint readSize);
unsafe void GetAttribute([In] AmsiAttribute attribute, [In] uint dataSize, [Out] byte* buffer, [Out] out uint writtenData);
unsafe void Read([In] ulong position, [In] uint dataSize, [Out] byte* buffer, [Out] out uint readSize);
} }
[ComImport]
[Guid("b2cabfe3-fe04-42b1-a5df-08d483d4d125")] [Guid("b2cabfe3-fe04-42b1-a5df-08d483d4d125")]
[ComVisible(true)]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
internal interface IAntimalwareProvider internal interface IAntimalwareProvider
{ {
[return: MarshalAs(UnmanagedType.LPWStr)] string DisplayName(); [return: MarshalAs(UnmanagedType.LPWStr)] string DisplayName();


+ 28
- 3
IPA.Loader/AntiMalware/_HideInNet3/WindowsCOMAntiMalware.cs View File

@ -5,6 +5,7 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Runtime.InteropServices;
using System.Text; using System.Text;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -14,6 +15,9 @@ namespace IPA.AntiMalware
{ {
internal static WindowsCOMAntiMalware? TryInitialize() internal static WindowsCOMAntiMalware? TryInitialize()
{ {
// Mono's COM interop *fundamentally doesn't work.*
// End of story.
#if false
try try
{ {
return new(); return new();
@ -22,18 +26,39 @@ namespace IPA.AntiMalware
{ {
Logger.AntiMalware.Warn("Could not initialize COM-based antimalware engine:"); Logger.AntiMalware.Warn("Could not initialize COM-based antimalware engine:");
Logger.AntiMalware.Warn(e); Logger.AntiMalware.Warn(e);
return null;
} }
#endif
return null;
} }
private readonly IAntimalware amInterface; private readonly IAntimalware amInterface;
private WindowsCOMAntiMalware() private WindowsCOMAntiMalware()
{ {
var amType = Type.GetTypeFromCLSID(AmsiConstants.CAntimalwareGuid, true);
amInterface = (IAntimalware)Activator.CreateInstance(amType);
var hr = CoCreateInstanceAM(AmsiConstants.CAntimalwareGuid,
null,
0x1 | 0x4 /* inproc server, local server */,
AmsiConstants.IAntimalwareGuid,
out var antimalware);
Marshal.ThrowExceptionForHR(hr);
amInterface = antimalware;
} }
[DllImport("ole32",
CallingConvention = CallingConvention.Winapi,
ExactSpelling = true,
PreserveSig = false,
EntryPoint = "CoCreateInstance")]
[DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
private static extern int CoCreateInstanceAM(
[In] in Guid clsid,
[In, MarshalAs(UnmanagedType.Interface)] object? unkOuter,
[In] int dwClsContext,
[In] in Guid iid,
[Out, MarshalAs(UnmanagedType.Interface)] out IAntimalware @interface);
private static ScanResult ScanResultFromAmsiResult(AmsiResult result) private static ScanResult ScanResultFromAmsiResult(AmsiResult result)
=> result switch => result switch
{ {


Loading…
Cancel
Save