#nullable enable
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;

namespace IPA.AntiMalware.WinAPI
{
    [Guid("82d29c2e-f062-44e6-b5c9-3d9a2f24a2df")]
    [ComVisible(true)]
    internal interface IAntimalware
    {
        void Scan([In] IAmsiStream stream, [Out] out AmsiResult result, [Out] out IAntimalwareProvider provider);
        void CloseSession([In] ulong session);
    }

    [Guid("3e47f2e5-81d4-4d3b-897f-545096770373")]
    [ComVisible(true)]
    internal interface IAmsiStream
    {
        unsafe void GetAttribute([In] AmsiAttribute attribute, [In] uint dataSize, [Out] byte* buffer, out uint writtenData);
        unsafe void Read([In] ulong position, [In] uint dataSize, [Out] byte* buffer, out uint readSize);
    }

    [Guid("b2cabfe3-fe04-42b1-a5df-08d483d4d125")]
    [ComVisible(true)]
    internal interface IAntimalwareProvider
    {
        [return: MarshalAs(UnmanagedType.LPWStr)] string DisplayName();

        AmsiResult Scan([In] IAmsiStream stream);
        void CloseSession([In] ulong session);
    }

    internal enum AmsiResult
    {
        Clean = 0,
        NotDetected = 1,
        BlockedByAdminStart = 0x4000,
        BlockedByAdminEnd = 0x4fff,
        Detected = 32768
    }

    internal enum AmsiAttribute
    {
        AppName = 0,
        ContentName = 1,
        ContentSize = 2,
        ContentAddress = 3,
        Session = 4,
        RedirectChainSize = 5,
        RedirectChainAddress = 6,
        AllSize = 7,
        AllAddress = 8,
    }
}