Windows反恶意软件扫描界面线程安全 [英] Windows Antimalware Scan Interface thread safety
问题描述
Windows反恶意软件扫描界面(AMSI)包含可用于在Windows中调用当前活动的病毒扫描程序的抽象:
The Windows Antimalware scan Interface (AMSI) contains abstractions which can be used to call the currently active virus scanner in Windows:
https://docs.microsoft.com/en-us/windows/desktop/amsi/antimalware-scan-interface-functions
有两种与初始化相关的方法:
There are 2 methods related to initialization:
-
AmsiInitialize -
AmsiUninitialize
AmsiInitialize返回" HAMSICONTEXT类型的句柄,必须传递给所有后续调用
到AMSI API。"。
初始化完成后,我可以使用AmsiScanBuffer扫描缓冲区中的恶意软件。
After initialization is complete, I can use AmsiScanBuffer to scan a buffer for malware.
我的问题:
My question:
我可以从我的应用程序中的许多线程同时使用相同的上下文,还是我需要为每个线程创建一个我将要调用方法的线程?
Can I use the same context concurrently from many threads in my application, or do I need to create one per thread from which I'm going to call the methods?
阅读文档,对于AsmiUnitialize,它告诉我 当应用程序以
结束时,AMSI API必须调用AmsiUninitialize。。这告诉我上下文可用于许多调用,但它并没有告诉我关于线程安全性或并发性的任何事情。
Reading the documentation, for AsmiUnitialize, it tells me that When the app is finished with the AMSI API it must call AmsiUninitialize.. This tells me that the context can be used for many calls, but it doesn't tell me anything about thread safety or concurrency.
Nitramafve
Nitramafve
推荐答案
嗨M.Knafve,
Hi M.Knafve,
如果它是线程安全的,它将在msdn上指定,所以它不是。虽然amsiContext的所有接口都是读操作,但它们不是原子的线程的操作。无论如何,你可以为每个线程创建处理程序。
If it is thread-safe, it will be specified on msdn, so it is not. Although all of the interfaces for amsiContext are read operations, they are not atomic operations for threads. Anyway, you can create handlers for each thread.
祝你好运,
Best regards,
Drake
Drake
这篇关于Windows反恶意软件扫描界面线程安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
