Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,068 questions
AntimalwareProvider implenemtation
Dgarvis Gohua
1
Reputation point
I am trying to implement AMSI provider. IAntimalwareProvider::Scan function received IAmsiStream *stream, via that stream we can get data (with type unsigned char) for scanning.
I sent some data from PowerShell and after viewing memory received in my AMSI provider i noticed that ascii data reserves only 1 byte and second is filled with '\0'
So my question is:
- It reserves 2 bytes for 1 character in order to support Unicode, or there is another reason for that?
Windows API - Win32
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
2,895 questions
{count} votes
-
Jeanine Zhang-MSFT 5,896 Reputation points Microsoft Vendor2022-11-11T03:02:43.393+00:00 Could you please provide the steps and sample to help us reproduce the issue? Whether you are referring to this sample or not?
-
Dgarvis Gohua 1 Reputation point
2022-11-11T10:29:34.763+00:00 I was using this sample https://github.com/microsoft/Windows-classic-samples/tree/main/Samples/AmsiProvider, data i captured in dynamic array of char
-
Jeanine Zhang-MSFT 5,896 Reputation points Microsoft Vendor
2022-11-15T09:35:07.343+00:00 IAntimalwareProvider interface sample is a dynamic library project. Could you please provide the steps to help us reproduce the issue?
-
Jeanine Zhang-MSFT 5,896 Reputation points Microsoft Vendor
2022-11-24T07:37:40.387+00:00 @Dgarvis Gohua
Have you got any updates?
Sign in to comment