使用Windows Defender API,我正在尝试扫描文件夹上的恶意软件。 在The documentation之后我编写了代码:
MPRESOURCE_INFO ResourceInfo = { 0 };
MPSCAN_RESOURCES ScanResource = { 0 };
PMPRESOURCE_INFO ResourceInfoArray = NULL;
...
ResourceInfo.Scheme = L"dir";
ResourceInfo.Path = L"C:\\temp";
ResourceInfo.Class = 0;
// ResourceInfoArray was Allocated before
*ResourceInfoArray = ResourceInfo;
ScanResource.dwResourceCount = 1;
ScanResource.pResourceList = ResourceInfoArray;
// Opened hMpManager before using MpScanStart
hRetval = MpScanStart(hMpManager, MPSCAN_TYPE_RESOURCE, 0, &ScanResource, NULL, &ScanHnadle);
我从中收到错误消息:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
但是,如果我将ResourceInfo定义更改为:
ResourceInfo.Scheme = L"file";
ResourceInfo.Path = L"C:\\temp\\MyFile.exe";
ResourceInfo.Class = 0;
效果很好,以正确的方式检测文件。 在底线 - 代码适用于文件,但不适用于目录。 有谁知道我在目录搜索中做错了什么?
答案 0 :(得分:0)
分析由MpCmdRun.exe创建的事件日志,我发现它使用方案“文件夹”而不是“目录”。所做的更改使我的代码正常工作。
ResourceInfo.Scheme = L"folder";
文件夹路径不必以反斜杠结尾,但是驱动器需要它:(F:\)。