AmsiScanBuffer function (amsi.h)
Scans a buffer-full of content for malware.
Syntax
HRESULT AmsiScanBuffer(
[in] HAMSICONTEXT amsiContext,
[in] PVOID buffer,
[in] ULONG length,
[in] LPCWSTR contentName,
[in, optional] HAMSISESSION amsiSession,
[out] AMSI_RESULT *result
);
Parameters
[in] amsiContext
The handle of type HAMSICONTEXT that was initially received from AmsiInitialize.
[in] buffer
The buffer from which to read the data to be scanned.
[in] length
The length, in bytes, of the data to be read from buffer.
[in] contentName
The filename, URL, unique script ID, or similar of the content being scanned.
[in, optional] amsiSession
If multiple scan requests are to be correlated within a session, set session to the handle of type HAMSISESSION that was initially received from AmsiOpenSession. Otherwise, set session to nullptr.
[out] result
The result of the scan. See AMSI_RESULT.
An app should use AmsiResultIsMalware to determine whether the content should be blocked.
Return value
If this function succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows 10 [desktop apps only] |
Minimum supported server | Windows Server 2016 [desktop apps only] |
Target Platform | Windows |
Header | amsi.h |
Library | Amsi.lib |
DLL | Amsi.dll |