Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,427 questions
AntimalwareProvider implenemtation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 55.00000000000001%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Dgarvis Gohua
1
Reputation point
I am trying to implement AMSI provider. IAntimalwareProvider::Scan function received IAmsiStream *stream, via that stream we can get data (with type unsigned char) for scanning.
I sent some data from PowerShell and after viewing memory received in my AMSI provider i noticed that ascii data reserves only 1 byte and second is filled with '\0'
So my question is:
- It reserves 2 bytes for 1 character in order to support Unicode, or there is another reason for that?
Windows API - Win32
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,540 questions
{count} votes
-
Jeanine Zhang-MSFT 9,181 Reputation points Microsoft Vendor2022-11-11T03:02:43.393+00:00 Could you please provide the steps and sample to help us reproduce the issue? Whether you are referring to this sample or not?
-
Dgarvis Gohua 1 Reputation point
2022-11-11T10:29:34.763+00:00 I was using this sample https://github.com/microsoft/Windows-classic-samples/tree/main/Samples/AmsiProvider, data i captured in dynamic array of char
-
Jeanine Zhang-MSFT 9,181 Reputation points Microsoft Vendor
2022-11-15T09:35:07.343+00:00 IAntimalwareProvider interface sample is a dynamic library project. Could you please provide the steps to help us reproduce the issue?
-
Jeanine Zhang-MSFT 9,181 Reputation points Microsoft Vendor
2022-11-24T07:37:40.387+00:00 @Dgarvis Gohua
Have you got any updates?
Sign in to comment