/// <summary>Opens a session within which multiple scan requests can be correlated.</summary> /// <param name="amsiContext">The handle of type HAMSICONTEXT that was initially received from AmsiInitialize.</param> /// <param name="amsiSession"> /// A handle of type HAMSISESSION that must be passed to all subsequent calls to the AMSI API within the session. /// </param> /// <returns>If this function succeeds, it returns <c>S_OK</c>. Otherwise, it returns an <c>HRESULT</c> error code.</returns> /// <remarks>When the app is finished with the session it must call AmsiCloseSession.</remarks> // https://docs.microsoft.com/en-us/windows/win32/api/amsi/nf-amsi-amsiopensession HRESULT AmsiOpenSession( [in] HAMSICONTEXT // amsiContext, [out] HAMSISESSION *amsiSession ); public static HRESULT AmsiOpenSession([In] HAMSICONTEXT amsiContext, out SafeHAMSISESSION amsiSession) { HRESULT hr = AmsiOpenSessionInternal(amsiContext, out HAMSISESSION h); amsiSession = hr.Succeeded ? new SafeHAMSISESSION((IntPtr)h, true) : new SafeHAMSISESSION(IntPtr.Zero, false); return(hr); }
public void AmsiNotifyOperationTest() { using var hsess = new SafeHAMSISESSION(Guid.NewGuid().ToString()); var fn = TestCaseSources.BmpFile; using var fs = File.OpenRead(fn); using var mem = new NativeMemoryStream(); fs.CopyTo(mem); Assert.That(AmsiNotifyOperation(hsess.Context, mem.Pointer, (uint)mem.Length, fn, out var ret), ResultIs.Successful); Assert.IsFalse(AmsiResultIsMalware(ret)); Assert.That(AmsiScanBuffer(hsess.Context, mem.Pointer, (uint)mem.Length, fn, hsess, out ret), ResultIs.Successful); Assert.IsFalse(AmsiResultIsMalware(ret)); }
public void AmsiScanStringTest2() { SafeHAMSISESSION hsess; using (hsess = new SafeHAMSISESSION(Guid.NewGuid().ToString())) { Assert.That(hsess, ResultIs.ValidHandle); var fn = TestCaseSources.LogFile; Assert.That(AmsiScanString(hsess.Context, File.ReadAllText(fn), fn, hsess, out var ret), ResultIs.Successful); Assert.IsFalse(AmsiResultIsMalware(ret)); } Assert.That(hsess, Is.Not.Null); Assert.That(hsess.Context, ResultIs.Not.ValidHandle); Assert.That(hsess, ResultIs.Not.ValidHandle); }