예제 #1
0
        /// <summary>Opens a session within which multiple scan requests can be correlated.</summary>
        /// <param name="amsiContext">The handle of type HAMSICONTEXT that was initially received from AmsiInitialize.</param>
        /// <param name="amsiSession">
        /// A handle of type HAMSISESSION that must be passed to all subsequent calls to the AMSI API within the session.
        /// </param>
        /// <returns>If this function succeeds, it returns <c>S_OK</c>. Otherwise, it returns an <c>HRESULT</c> error code.</returns>
        /// <remarks>When the app is finished with the session it must call AmsiCloseSession.</remarks>
        // https://docs.microsoft.com/en-us/windows/win32/api/amsi/nf-amsi-amsiopensession HRESULT AmsiOpenSession( [in] HAMSICONTEXT
        // amsiContext, [out] HAMSISESSION *amsiSession );
        public static HRESULT AmsiOpenSession([In] HAMSICONTEXT amsiContext, out SafeHAMSISESSION amsiSession)
        {
            HRESULT hr = AmsiOpenSessionInternal(amsiContext, out HAMSISESSION h);

            amsiSession = hr.Succeeded ? new SafeHAMSISESSION((IntPtr)h, true) : new SafeHAMSISESSION(IntPtr.Zero, false);
            return(hr);
        }
예제 #2
0
파일: AMSITests.cs 프로젝트: dahall/Vanara 
        public void AmsiNotifyOperationTest()
        {
            using var hsess = new SafeHAMSISESSION(Guid.NewGuid().ToString());
            var fn = TestCaseSources.BmpFile;

            using var fs  = File.OpenRead(fn);
            using var mem = new NativeMemoryStream();
            fs.CopyTo(mem);
            Assert.That(AmsiNotifyOperation(hsess.Context, mem.Pointer, (uint)mem.Length, fn, out var ret), ResultIs.Successful);
            Assert.IsFalse(AmsiResultIsMalware(ret));
            Assert.That(AmsiScanBuffer(hsess.Context, mem.Pointer, (uint)mem.Length, fn, hsess, out ret), ResultIs.Successful);
            Assert.IsFalse(AmsiResultIsMalware(ret));
        }
예제 #3
0
파일: AMSITests.cs 프로젝트: dahall/Vanara 
        public void AmsiScanStringTest2()
        {
            SafeHAMSISESSION hsess;

            using (hsess = new SafeHAMSISESSION(Guid.NewGuid().ToString()))
            {
                Assert.That(hsess, ResultIs.ValidHandle);

                var fn = TestCaseSources.LogFile;
                Assert.That(AmsiScanString(hsess.Context, File.ReadAllText(fn), fn, hsess, out var ret), ResultIs.Successful);
                Assert.IsFalse(AmsiResultIsMalware(ret));
            }
            Assert.That(hsess, Is.Not.Null);
            Assert.That(hsess.Context, ResultIs.Not.ValidHandle);
            Assert.That(hsess, ResultIs.Not.ValidHandle);
        }