0

使用Windows Defender API,我正在尝试扫描文件夹上的恶意软件。在我编写代码的文档之后:

MPRESOURCE_INFO ResourceInfo = { 0 };
MPSCAN_RESOURCES ScanResource = { 0 };
PMPRESOURCE_INFO ResourceInfoArray = NULL;
...
ResourceInfo.Scheme = L"dir";
ResourceInfo.Path = L"C:\\temp";
ResourceInfo.Class = 0;

// ResourceInfoArray was Allocated before
*ResourceInfoArray = ResourceInfo;
ScanResource.dwResourceCount = 1;
ScanResource.pResourceList = ResourceInfoArray;

// Opened hMpManager before using MpScanStart
hRetval = MpScanStart(hMpManager, MPSCAN_TYPE_RESOURCE, 0, &ScanResource, NULL, &ScanHnadle);

我从中收到一条错误消息:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

但是,如果我将 ResourceInfo 定义更改为:

ResourceInfo.Scheme = L"file";
ResourceInfo.Path = L"C:\\temp\\MyFile.exe";
ResourceInfo.Class = 0;

它工作得很好,以正确的方式检测文件。归根结底-代码适用于文件,但不适用于目录。有谁知道我在目录搜索中做错了什么?

4

1 回答 1

0

分析 MpCmdRun.exe 创建的事件日志,我发现它使用方案“文件夹”而不是“目录”。这种变化使我的代码工作。

ResourceInfo.Scheme = L"folder";

文件夹路径不必以反斜杠结尾,但驱动器需要它:(F:\)。

于 2020-04-22T12:16:07.163 回答