2,790 questions
AntimalwareProvider implenemtation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 55.00000000000001%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Dgarvis Gohua
1
Reputation point
I am trying to implement AMSI provider. IAntimalwareProvider::Scan function received IAmsiStream *stream, via that stream we can get data (with type unsigned char) for scanning.
I sent some data from PowerShell and after viewing memory received in my AMSI provider i noticed that ascii data reserves only 1 byte and second is filled with '\0'
So my question is:
- It reserves 2 bytes for 1 character in order to support Unicode, or there is another reason for that?
Windows development | Windows API - Win32
Developer technologies | C++
3,977 questions
{count} votes
-
Jeanine Zhang-MSFT 11,356 Reputation points Microsoft External Staff2022-11-11T03:02:43.393+00:00 Could you please provide the steps and sample to help us reproduce the issue? Whether you are referring to this sample or not?
-
Dgarvis Gohua 1 Reputation point
2022-11-11T10:29:34.763+00:00 I was using this sample https://github.com/microsoft/Windows-classic-samples/tree/main/Samples/AmsiProvider, data i captured in dynamic array of char
-
Jeanine Zhang-MSFT 11,356 Reputation points Microsoft External Staff
2022-11-15T09:35:07.343+00:00 IAntimalwareProvider interface sample is a dynamic library project. Could you please provide the steps to help us reproduce the issue?
-
Jeanine Zhang-MSFT 11,356 Reputation points Microsoft External Staff
2022-11-24T07:37:40.387+00:00 @Dgarvis Gohua
Have you got any updates?
Sign in to comment
Sign in to answer