Closed TheoTurletti closed 3 weeks ago
The IAmsiStream::GetAttribute
method does not consistently use variable-sized return buffers. For example, the AMSI_ATTRIBUTE_CONTENT_SIZE
attribute returns a ULONGLONG
(u64) value, which requires the dataSize
parameter to be set to 8
. Therefore, make sure to resize the buffer to the appropriate size before making the call.
Closing this for now, but feel free to keep the discussion going.
Thank you very much !
Summary
The GetAttribute function return ERROR_INVALID_PARAMETERS with these following AMSI_ATTRIBUTE :
windows crate version : 0.58
Here is my implementation of the scan function of my amsi_provider.
And here is the result from a log file when i register my customamsi.dll COM server and launch a command on powershell that will call the Scan function :
The content of both get_attribute functions starts with :