Windows Defender Antivirus scan from C# [AccessViolation exception]


we writing code on-demand scan of file c# using windows defender apis.

  [dllimport(@"c:\program files\windows defender\mpclient.dll")]         public static extern int wdstatus(out bool pfenabled);          [dllimport(@"c:\program files\windows defender\mpclient.dll")]         public static extern int mpmanageropen(uint dwreserved, out intptr phmphandle);          [dllimport(@"c:\program files\windows defender\mpclient.dll")]         public static extern int mpscanstart(intptr hmphandle, uint scantype, uint dwscanoptions, intptr pscanresources, intptr pcallbackinfo, out intptr phscanhandle);          [dllimport(@"c:\program files\windows defender\mpclient.dll")]         public static extern int mphandleclose(intptr hmphandle);          private void dodefenderscan_click(object sender, eventargs e)         {             try             {                 bool pfenabled;                 int result = wdstatus(out pfenabled); //returns defender status - it's working properly.                 errorhandler.throwonfailure(result, vsconstants.s_ok);                  intptr phmphandle;                 uint dwreserved = 0;                  intptr phscanhandle;                  mpmanageropen(dwreserved, out phmphandle); //opens defender , returns handle in phmphandle.                   tagmpresource_info mpresourceinfo = new tagmpresource_info();                 mpresourceinfo.path = "eicar.com";                 mpresourceinfo.scheme = "file";                 mpresourceinfo.class = new mpresource_class() { value = unchecked((int)0x0000) };                  tagmpresource_info[] presourcelist = new tagmpresource_info[1];                 presourcelist.setvalue(mpresourceinfo, 0);                  tagmpscan_resources scanresource = new tagmpscan_resources();                 scanresource.dwresourcecount = 1;                 scanresource.presourcelist = presourcelist;                 intptr resourcepointer = structtoptr(scanresource);                  result = mpscanstart(phmphandle, 3, 0, resourcepointer, intptr.zero, out phscanhandle); **//getting access violation exception here**.                  mphandleclose(phmphandle);                 mphandleclose(phscanhandle);                 marshal.freehglobal(resourcepointer);             }             catch (exception)             { }         }

and structure defined here.

[structlayout(layoutkind.sequential, pack = 1)]     public struct tagmpscan_resources     {         public uint dwresourcecount;          [marshalas(unmanagedtype.byvalarray, arraysubtype = unmanagedtype.struct, sizeconst = 1)]         public tagmpresource_info[] presourcelist;     }      [structlayout(layoutkind.sequential, pack = 1)]     public struct tagmpresource_info     {         [marshalas(unmanagedtype.lpwstr)]         public string scheme;          [marshalas(unmanagedtype.lpwstr)]         public string path;           public intptr class;     }      public class mpresource_class     {         public uint value;     }      private static intptr structtoptr(object obj)     {         var ptr = marshal.allochglobal(marshal.sizeof(obj));         marshal.structuretoptr(obj, ptr, false);         return ptr;     }

code written based on documentation available at

https://msdn.microsoft.com/en-us/library/vs/alm/dn920144(v=vs.85).aspx

getting exception.

attempted read or write protected memory. indication other memory corrupt.

problem? format of struct correct?

p.s - no information mpresource_class available in msdn.

i'm not sure, whether line of code correct.

 mpresourceinfo.class = intptr.zero;


midhunlal



p.s - no information mpresource_class available in msdn.

values mpresource_class type can found at :

https://msdn.microsoft.com/pl-pl/goglobal/dn920120



Visual Studio Languages  ,  .NET Framework  >  Visual C#



Comments

Post a Comment

Popular posts from this blog

Azure DocumentDB Owner resource does not exist

having same error microsoft.azure.documents.documentclientexception: message: {"errors":["owner resource not exist"]} , scenario. when deployed webapp azure , try document docdb throws error. docdb exists in azure , contains document looking for. weird local machine(running vs) works fine. i'm using same settings in azure , local. have , idea this. thanks Microsoft Azure  >  Azure Cosmos DB
Read more

job syspolicy_purge_history job fail in sqlserver 2008

Image
hello guys, when installed sqlserver,it automatically created 1 job name job syspolicy_purge_history. but failed @ step 1. the reason is: date                11/6/2010 2:00:00 am log                job history (syspolicy_purge_history) step id                1 server                mxosv-otsdb01 job name                syspolicy_purge_history step name                verify automation enabled. duration                00:00:00 sql severity                16 sql message id                34022 operator emailed                operator net sent                operator paged                retries attempted                0 message executed user: nt authority\system. policy automation turned off. [sqlstate 42000] (error 34022).  the step failed. have run statement: select msdb.dbo.fn_syspolicy_is_automation_enabled the returned valus 0. what can resolve it? or can delete job manually.   thanks in advance. if haven't things want,be
Read more

Trying to register with public marketplace error with 'Get-AzureStackStampInformation'

when trying register against public azure adfs azure stack error below. logs can found at: c:\maslogs\azurestack.azureregistration.2017-10-12.01-31-23.log  and  \\azs-ercs01\c$\maslogs error occurred checking stamp information: system.management.automation.remoteexception: term 'get-azurestackstampinformation' not recognized name of cmdlet, function, script file, or operable program. check spelling of name, or if path included, verify path correct , try again. @ c:\azurestack-tools-master\registration\registerwithazure.psm1:1106 char:5 +     throw "logs can found at: $global:azureregistrationlog  and  \ ... +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : operationstopped: (logs can fou... , try again.:string) [], runtimeexception     + fullyqualifiederrorid : logs can found at: c:\maslogs\azurestack.azureregistration.2017-10-12.01-31-23.log  a    nd  \\azs-ercs01\c$\maslogs error occurred chec
Read more