AmsiScanBuffer function

Scans a buffer-full of content for malware.

Syntax

HRESULT AmsiScanBuffer(
  HAMSICONTEXT amsiContext,
  PVOID        buffer,
  ULONG        length,
  LPCWSTR      contentName,
  HAMSISESSION amsiSession,
  AMSI_RESULT  *result
);

Parameters

amsiContext

The handle of type HAMSICONTEXT that was initially received from AmsiInitialize.

buffer

The buffer from which to read the data to be scanned.

length

The length, in bytes, of the data to be read from buffer.

contentName

The filename, URL, unique script ID, or similar of the content being scanned.

amsiSession

If multiple scan requests are to be correlated within a session, set session to the handle of type HAMSISESSION that was initially received from AmsiOpenSession. Otherwise, set session to nullptr.

result

The result of the scan. See AMSI_RESULT.

An app should use AmsiResultIsMalware to determine whether the content should be blocked.

Return Value

If this function succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.

Requirements

   
Windows version Windows 10 [desktop apps only] Windows Server 2016 [desktop apps only]
Target Platform Windows
Header amsi.h
Library Amsi.lib
DLL Amsi.dll

See Also

AMSI_RESULT

AmsiInitialize

AmsiOpenSession

AmsiResultIsMalware