windows_targets::link!("amsi.dll" "system" fn AmsiCloseSession(amsicontext : HAMSICONTEXT, amsisession : HAMSISESSION)); windows_targets::link!("amsi.dll" "system" fn AmsiInitialize(appname : windows_sys::core::PCWSTR, amsicontext : *mut HAMSICONTEXT) -> windows_sys::core::HRESULT); windows_targets::link!("amsi.dll" "system" fn AmsiNotifyOperation(amsicontext : HAMSICONTEXT, buffer : *const core::ffi::c_void, length : u32, contentname : windows_sys::core::PCWSTR, result : *mut AMSI_RESULT) -> windows_sys::core::HRESULT); windows_targets::link!("amsi.dll" "system" fn AmsiOpenSession(amsicontext : HAMSICONTEXT, amsisession : *mut HAMSISESSION) -> windows_sys::core::HRESULT); windows_targets::link!("amsi.dll" "system" fn AmsiScanBuffer(amsicontext : HAMSICONTEXT, buffer : *const core::ffi::c_void, length : u32, contentname : windows_sys::core::PCWSTR, amsisession : HAMSISESSION, result : *mut AMSI_RESULT) -> windows_sys::core::HRESULT); windows_targets::link!("amsi.dll" "system" fn AmsiScanString(amsicontext : HAMSICONTEXT, string : windows_sys::core::PCWSTR, contentname : windows_sys::core::PCWSTR, amsisession : HAMSISESSION, result : *mut AMSI_RESULT) -> windows_sys::core::HRESULT); windows_targets::link!("amsi.dll" "system" fn AmsiUninitialize(amsicontext : HAMSICONTEXT)); windows_targets::link!("kernel32.dll" "system" fn InstallELAMCertificateInfo(elamfile : super::super::Foundation:: HANDLE) -> super::super::Foundation:: BOOL); pub const AMSI_ATTRIBUTE_ALL_ADDRESS: AMSI_ATTRIBUTE = 8i32; pub const AMSI_ATTRIBUTE_ALL_SIZE: AMSI_ATTRIBUTE = 7i32; pub const AMSI_ATTRIBUTE_APP_NAME: AMSI_ATTRIBUTE = 0i32; pub const AMSI_ATTRIBUTE_CONTENT_ADDRESS: AMSI_ATTRIBUTE = 3i32; pub const AMSI_ATTRIBUTE_CONTENT_NAME: AMSI_ATTRIBUTE = 1i32; pub const AMSI_ATTRIBUTE_CONTENT_SIZE: AMSI_ATTRIBUTE = 2i32; pub const AMSI_ATTRIBUTE_QUIET: AMSI_ATTRIBUTE = 9i32; pub const AMSI_ATTRIBUTE_REDIRECT_CHAIN_ADDRESS: AMSI_ATTRIBUTE = 6i32; pub const AMSI_ATTRIBUTE_REDIRECT_CHAIN_SIZE: AMSI_ATTRIBUTE = 5i32; pub const AMSI_ATTRIBUTE_SESSION: AMSI_ATTRIBUTE = 4i32; pub const AMSI_RESULT_BLOCKED_BY_ADMIN_END: AMSI_RESULT = 20479i32; pub const AMSI_RESULT_BLOCKED_BY_ADMIN_START: AMSI_RESULT = 16384i32; pub const AMSI_RESULT_CLEAN: AMSI_RESULT = 0i32; pub const AMSI_RESULT_DETECTED: AMSI_RESULT = 32768i32; pub const AMSI_RESULT_NOT_DETECTED: AMSI_RESULT = 1i32; pub const AMSI_UAC_MSI_ACTION_INSTALL: AMSI_UAC_MSI_ACTION = 0i32; pub const AMSI_UAC_MSI_ACTION_MAINTENANCE: AMSI_UAC_MSI_ACTION = 3i32; pub const AMSI_UAC_MSI_ACTION_MAX: AMSI_UAC_MSI_ACTION = 4i32; pub const AMSI_UAC_MSI_ACTION_UNINSTALL: AMSI_UAC_MSI_ACTION = 1i32; pub const AMSI_UAC_MSI_ACTION_UPDATE: AMSI_UAC_MSI_ACTION = 2i32; pub const AMSI_UAC_REQUEST_TYPE_AX: AMSI_UAC_REQUEST_TYPE = 3i32; pub const AMSI_UAC_REQUEST_TYPE_COM: AMSI_UAC_REQUEST_TYPE = 1i32; pub const AMSI_UAC_REQUEST_TYPE_EXE: AMSI_UAC_REQUEST_TYPE = 0i32; pub const AMSI_UAC_REQUEST_TYPE_MAX: AMSI_UAC_REQUEST_TYPE = 5i32; pub const AMSI_UAC_REQUEST_TYPE_MSI: AMSI_UAC_REQUEST_TYPE = 2i32; pub const AMSI_UAC_REQUEST_TYPE_PACKAGED_APP: AMSI_UAC_REQUEST_TYPE = 4i32; pub const AMSI_UAC_TRUST_STATE_BLOCKED: AMSI_UAC_TRUST_STATE = 2i32; pub const AMSI_UAC_TRUST_STATE_MAX: AMSI_UAC_TRUST_STATE = 3i32; pub const AMSI_UAC_TRUST_STATE_TRUSTED: AMSI_UAC_TRUST_STATE = 0i32; pub const AMSI_UAC_TRUST_STATE_UNTRUSTED: AMSI_UAC_TRUST_STATE = 1i32; pub type AMSI_ATTRIBUTE = i32; pub type AMSI_RESULT = i32; pub type AMSI_UAC_MSI_ACTION = i32; pub type AMSI_UAC_REQUEST_TYPE = i32; pub type AMSI_UAC_TRUST_STATE = i32; #[repr(C)] #[derive(Clone, Copy)] pub struct AMSI_UAC_REQUEST_AX_INFO { pub ulLength: u32, pub lpwszLocalInstallPath: windows_sys::core::PWSTR, pub lpwszSourceURL: windows_sys::core::PWSTR, } #[repr(C)] #[derive(Clone, Copy)] pub struct AMSI_UAC_REQUEST_COM_INFO { pub ulLength: u32, pub lpwszServerBinary: windows_sys::core::PWSTR, pub lpwszRequestor: windows_sys::core::PWSTR, pub Clsid: windows_sys::core::GUID, } #[repr(C)] #[derive(Clone, Copy)] pub struct AMSI_UAC_REQUEST_CONTEXT { pub ulLength: u32, pub ulRequestorProcessId: u32, pub UACTrustState: AMSI_UAC_TRUST_STATE, pub Type: AMSI_UAC_REQUEST_TYPE, pub RequestType: AMSI_UAC_REQUEST_CONTEXT_0, pub bAutoElevateRequest: super::super::Foundation::BOOL, } #[repr(C)] #[derive(Clone, Copy)] pub union AMSI_UAC_REQUEST_CONTEXT_0 { pub ExeInfo: AMSI_UAC_REQUEST_EXE_INFO, pub ComInfo: AMSI_UAC_REQUEST_COM_INFO, pub MsiInfo: AMSI_UAC_REQUEST_MSI_INFO, pub ActiveXInfo: AMSI_UAC_REQUEST_AX_INFO, pub PackagedAppInfo: AMSI_UAC_REQUEST_PACKAGED_APP_INFO, } #[repr(C)] #[derive(Clone, Copy)] pub struct AMSI_UAC_REQUEST_EXE_INFO { pub ulLength: u32, pub lpwszApplicationName: windows_sys::core::PWSTR, pub lpwszCommandLine: windows_sys::core::PWSTR, pub lpwszDLLParameter: windows_sys::core::PWSTR, } #[repr(C)] #[derive(Clone, Copy)] pub struct AMSI_UAC_REQUEST_MSI_INFO { pub ulLength: u32, pub MsiAction: AMSI_UAC_MSI_ACTION, pub lpwszProductName: windows_sys::core::PWSTR, pub lpwszVersion: windows_sys::core::PWSTR, pub lpwszLanguage: windows_sys::core::PWSTR, pub lpwszManufacturer: windows_sys::core::PWSTR, pub lpwszPackagePath: windows_sys::core::PWSTR, pub lpwszPackageSource: windows_sys::core::PWSTR, pub ulUpdates: u32, pub ppwszUpdates: *mut windows_sys::core::PWSTR, pub ppwszUpdateSources: *mut windows_sys::core::PWSTR, } #[repr(C)] #[derive(Clone, Copy)] pub struct AMSI_UAC_REQUEST_PACKAGED_APP_INFO { pub ulLength: u32, pub lpwszApplicationName: windows_sys::core::PWSTR, pub lpwszCommandLine: windows_sys::core::PWSTR, pub lpPackageFamilyName: windows_sys::core::PWSTR, pub lpApplicationId: windows_sys::core::PWSTR, } pub const CAntimalware: windows_sys::core::GUID = windows_sys::core::GUID::from_u128(0xfdb00e52_a214_4aa1_8fba_4357bb0072ec); pub type HAMSICONTEXT = *mut core::ffi::c_void; pub type HAMSISESSION = *mut core::ffi::c_void;