Panoptes/PanoptesAMSI_8h_source.html

#pragma once

#include "ExtensibilityCore.h"


#define VERSION "1.0.0"

using namespace std;


class PanoptesServiceClient {

public:

    PanoptesServiceClient();

    bool Hello(ExtensibilityType extensibilityType, int ContainerPort);

    bool SendResults_AMSI(std::string PePath, std::string FileHash, DWORD AmsiResult);

};


class AmsiScanner {

public:


    typedef enum AMSI_RESULT_PANO

    {

        AMSI_RESULT_PANO_CLEAN = 0,

        AMSI_RESULT_PANO_NOT_DETECTED = 1,

        AMSI_RESULT_PANO_BLOCKED_BY_ADMIN_START = 0x4000,

        AMSI_RESULT_PANO_BLOCKED_BY_ADMIN_END = 0x4fff,

        AMSI_RESULT_PANO_DETECTED = 32768

    }   AMSI_RESULT_PANO;


    static HRESULT AmsiScanFile(std::string PathToFile, std::string CopyPath, int* AmsiResult);

};


ExtensibilityCore.h

ExtensibilityType
ExtensibilityType
The type of extensibility.
Definition ExtensibilityCore.h:10

AmsiScanner
Definition PanoptesAMSI.h:15

AmsiScanner::AMSI_RESULT_PANO
AMSI_RESULT_PANO
The result of the AMSI scan.
Definition PanoptesAMSI.h:19

AmsiScanner::AMSI_RESULT_PANO_CLEAN
@ AMSI_RESULT_PANO_CLEAN
Definition PanoptesAMSI.h:20

AmsiScanner::AMSI_RESULT_PANO_BLOCKED_BY_ADMIN_END
@ AMSI_RESULT_PANO_BLOCKED_BY_ADMIN_END
Definition PanoptesAMSI.h:23

AmsiScanner::AMSI_RESULT_PANO_BLOCKED_BY_ADMIN_START
@ AMSI_RESULT_PANO_BLOCKED_BY_ADMIN_START
Definition PanoptesAMSI.h:22

AmsiScanner::AMSI_RESULT_PANO_DETECTED
@ AMSI_RESULT_PANO_DETECTED
Definition PanoptesAMSI.h:24

AmsiScanner::AMSI_RESULT_PANO_NOT_DETECTED
@ AMSI_RESULT_PANO_NOT_DETECTED
Definition PanoptesAMSI.h:21

AmsiScanner::AmsiScanFile
static HRESULT AmsiScanFile(std::string PathToFile, std::string CopyPath, int *AmsiResult)
Scan a file using Windows built in AMSI feature set.
Definition amsi-scan.cpp:10

PanoptesServiceClient
Panoptes Service Client that is used to communicate with the Panoptes Service via.
Definition container_ipc.hpp:36

PanoptesServiceClient::PanoptesServiceClient
PanoptesServiceClient()

PanoptesServiceClient::SendResults_AMSI
bool SendResults_AMSI(std::string PePath, DWORD AmsiResult)

PanoptesServiceClient::Hello
bool Hello(ExtensibilityType extensibilityType, std::string port)
The Hello function sends a Hello message to the Panoptes main service from the container.
Definition service_client.cpp:25

DWORD
unsigned long DWORD
Definition inject.h:2