AntimalwareProvider implenemtation

Dgarvis Gohua 1 Reputation point
2022-11-10T13:21:55.4+00:00

I am trying to implement AMSI provider. IAntimalwareProvider::Scan function received IAmsiStream *stream, via that stream we can get data (with type unsigned char) for scanning.
I sent some data from PowerShell and after viewing memory received in my AMSI provider i noticed that ascii data reserves only 1 byte and second is filled with '\0'
259047-image.png

So my question is:

  1. It reserves 2 bytes for 1 character in order to support Unicode, or there is another reason for that?
Windows development | Windows API - Win32
Developer technologies | C++
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.