AmsiScanBuffer function (amsi.h)
Scans a buffer-full of content for malware.
HRESULT AmsiScanBuffer( [in] HAMSICONTEXT amsiContext, [in] PVOID buffer, [in] ULONG length, [in] LPCWSTR contentName, [in, optional] HAMSISESSION amsiSession, [out] AMSI_RESULT *result );
The handle of type HAMSICONTEXT that was initially received from AmsiInitialize.
The buffer from which to read the data to be scanned.
The length, in bytes, of the data to be read from buffer.
The filename, URL, unique script ID, or similar of the content being scanned.
[in, optional] amsiSession
If multiple scan requests are to be correlated within a session, set session to the handle of type HAMSISESSION that was initially received from AmsiOpenSession. Otherwise, set session to nullptr.
The result of the scan. See AMSI_RESULT.
An app should use AmsiResultIsMalware to determine whether the content should be blocked.
If this function succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.
|Minimum supported client||Windows 10 [desktop apps only]|
|Minimum supported server||Windows Server 2016 [desktop apps only]|