So I ended up with Antimalware Scan Interface (AMSI) available starting from Windows 10. Quick scan is working fine with this code: result = MpScanStart(phMpHandle, 1, 0, IntPtr.Zero, IntPtr.Zero, out phScanHandle) ĭefender logs in the event viewer as
I'm not sure, whether this line of code is correct. P.S - No information about MPRESOURCE_CLASS is available in msdn.
What could be the problem? Is the format of struct is correct? This is often an indication that other memory is corrupt.Īt result = MpScanStart(phMpHandle, 3, 0, resourcePointer, IntPtr.Zero, out phScanHandle) **//Getting Access violation exception here**. The code is written based on the documentation available atĪttempted to read or write protected memory. Var ptr = Marshal.AllocHGlobal(Marshal.SizeOf(obj)) Private static IntPtr StructToPtr(object obj) Result = MpScanStart(phMpHandle, 3, 0, resourcePointer, IntPtr.Zero, out phScanHandle) **//Getting Access violation exception here**.Īnd the structure is defined here. IntPtr resourcePointer = StructToPtr(scanResource) ScanResource.pResourceList = pResourceList TagMPSCAN_RESOURCES scanResource = new tagMPSCAN_RESOURCES() PResourceList.SetValue(mpResourceInfo, 0) TagMPRESOURCE_INFO pResourceList = new tagMPRESOURCE_INFO TagMPRESOURCE_INFO mpResourceInfo = new tagMPRESOURCE_INFO() MpManagerOpen(dwReserved, out phMpHandle) //Opens Defender and returns the handle in phMpHandle. Int result = WDStatus(out pfEnabled) //Returns the defender status - It's working properly.ĮrrorHandler.ThrowOnFailure(result, VSConstants.S_OK) Private void DoDefenderScan_Click(object sender, EventArgs e) Public static extern int MpHandleClose(IntPtr hMpHandle) Public static extern int MpScanStart(IntPtr hMpHandle, uint ScanType, uint dwScanOptions, IntPtr pScanResources, IntPtr pCallbackInfo, out IntPtr Files\Windows Defender\MpClient.dll")] Public static extern int MpManagerOpen(uint dwReserved, out IntPtr Files\Windows Defender\MpClient.dll")] Public static extern int WDStatus(out bool Files\Windows Defender\MpClient.dll")] We are writing a code to do on-demand scan of a file from C# using Windows Defender APIs.
0 kommentar(er)
