Windows Defender Antivirus scan from C# [AccessViolation exception]


we writing code on-demand scan of file c# using windows defender apis.

  [dllimport(@"c:\program files\windows defender\mpclient.dll")]         public static extern int wdstatus(out bool pfenabled);          [dllimport(@"c:\program files\windows defender\mpclient.dll")]         public static extern int mpmanageropen(uint dwreserved, out intptr phmphandle);          [dllimport(@"c:\program files\windows defender\mpclient.dll")]         public static extern int mpscanstart(intptr hmphandle, uint scantype, uint dwscanoptions, intptr pscanresources, intptr pcallbackinfo, out intptr phscanhandle);          [dllimport(@"c:\program files\windows defender\mpclient.dll")]         public static extern int mphandleclose(intptr hmphandle);          private void dodefenderscan_click(object sender, eventargs e)         {             try             {                 bool pfenabled;                 int result = wdstatus(out pfenabled); //returns defender status - it's working properly.                 errorhandler.throwonfailure(result, vsconstants.s_ok);                  intptr phmphandle;                 uint dwreserved = 0;                  intptr phscanhandle;                  mpmanageropen(dwreserved, out phmphandle); //opens defender , returns handle in phmphandle.                   tagmpresource_info mpresourceinfo = new tagmpresource_info();                 mpresourceinfo.path = "eicar.com";                 mpresourceinfo.scheme = "file";                 mpresourceinfo.class = new mpresource_class() { value = unchecked((int)0x0000) };                  tagmpresource_info[] presourcelist = new tagmpresource_info[1];                 presourcelist.setvalue(mpresourceinfo, 0);                  tagmpscan_resources scanresource = new tagmpscan_resources();                 scanresource.dwresourcecount = 1;                 scanresource.presourcelist = presourcelist;                 intptr resourcepointer = structtoptr(scanresource);                  result = mpscanstart(phmphandle, 3, 0, resourcepointer, intptr.zero, out phscanhandle); **//getting access violation exception here**.                  mphandleclose(phmphandle);                 mphandleclose(phscanhandle);                 marshal.freehglobal(resourcepointer);             }             catch (exception)             { }         }

and structure defined here.

[structlayout(layoutkind.sequential, pack = 1)]     public struct tagmpscan_resources     {         public uint dwresourcecount;          [marshalas(unmanagedtype.byvalarray, arraysubtype = unmanagedtype.struct, sizeconst = 1)]         public tagmpresource_info[] presourcelist;     }      [structlayout(layoutkind.sequential, pack = 1)]     public struct tagmpresource_info     {         [marshalas(unmanagedtype.lpwstr)]         public string scheme;          [marshalas(unmanagedtype.lpwstr)]         public string path;           public intptr class;     }      public class mpresource_class     {         public uint value;     }      private static intptr structtoptr(object obj)     {         var ptr = marshal.allochglobal(marshal.sizeof(obj));         marshal.structuretoptr(obj, ptr, false);         return ptr;     }

code written based on documentation available at

https://msdn.microsoft.com/en-us/library/vs/alm/dn920144(v=vs.85).aspx

getting exception.

attempted read or write protected memory. indication other memory corrupt.

problem? format of struct correct?

p.s - no information mpresource_class available in msdn.

i'm not sure, whether line of code correct.

 mpresourceinfo.class = intptr.zero;


midhunlal



p.s - no information mpresource_class available in msdn.

values mpresource_class type can found at :

https://msdn.microsoft.com/pl-pl/goglobal/dn920120



Visual Studio Languages  ,  .NET Framework  >  Visual C#



Comments

Post a Comment

Popular posts from this blog

Azure DocumentDB Owner resource does not exist

having same error microsoft.azure.documents.documentclientexception: message: {"errors":["owner resource not exist"]} , scenario. when deployed webapp azure , try document docdb throws error. docdb exists in azure , contains document looking for. weird local machine(running vs) works fine. i'm using same settings in azure , local. have , idea this. thanks Microsoft Azure  >  Azure Cosmos DB
Read more

RFC_ERROR_SYSTEM_FAILURE with SAP ECC 6 Unicode

hi all, i using biztalk 2006 r2, microsoft biztalk adapter v2.0 mysap business suite sp1 & sql server 2005 database server. we have developed orchestrations communicating sap version 4.7.   currently sap has been upgraded in ecc 6(unicode) system. i have configured new send port on dev server. orchestration can communicate sap ecc 6.0 (non- unicode) system while trying connect sap ecc 6.0 (unicode) getting error. a message sent adapter "sap" on send port "ecc 6 sendport" uri "sap://as:***.**.***.***/**/***/" suspended.   error details: rfc_error_system_failure   messageid:   {b7dd677e-0ef3-480b-835a-d389f2e24179} is there can configure setting unicode ?   thanks in advance     ajay dabhade problem solved: standard table data types appear not unicode compatible in sap ecc 6.0. make rfcgetfunctiondesc raise error. solution: used other data types scratch in rfcs in sap   ajay dabhad...
Read more

C# System.Data.Common DbCommand and getting Datasets from Oracle

i found no oracle specific forum area, decided post here. getting dataset oracle c# system.data.common library's dbcommand seems tricky task. i using command object in project along dbproviderfactory , dbdataadapter because meant allow use same library multiple database providers, , don't have clutter data access layer of project separate classes accessing each individual database provider. my problem is, stored procedures fetching data oracle require refcursor object added in parameters. however, dbtype library not contain definition object. using "object"-type not work. i have read many places not have add refcursor parameter, endless failed attempts @ running command without refcursor object has brought me conclusion leaving out refcursor object not option when using system.data.common library. here coded example connectionstring purposefully left out.                 dbconnection.ope...
Read more