AntimalwareProvider implenemtation

Dgarvis Gohua
1
Reputation point
I am trying to implement AMSI provider. IAntimalwareProvider::Scan function received IAmsiStream *stream, via that stream we can get data (with type unsigned char) for scanning.
I sent some data from PowerShell and after viewing memory received in my AMSI provider i noticed that ascii data reserves only 1 byte and second is filled with '\0'
So my question is:
- It reserves 2 bytes for 1 character in order to support Unicode, or there is another reason for that?