#include <string>
#include <codecvt>
#include <locale>
#include <amsi.h>
#include "PanoptesAMSI.h"

Macros
#define	VERSION "1.0.0"

Functions
BOOL APIENTRY	DllMain (HMODULE module, DWORD dllAction, LPVOID lpReserved)
	Main entry point for the DLL.

PANO_API int	PanoBind (int ContainerPort)
	Bind to the Panoptes Service by sending a hello message containing the extensibility type.

PANO_API bool	PanoEntry (PeScan data, MemScan mem_data)
	The entry point for the AMSI extensibility.

PANO_API bool	PanoUnbind ()
	Unbind from the Panoptes Service by freeing the DLL.

Macro Definition Documentation

◆ VERSION

#define VERSION "1.0.0"

Definition at line 6 of file dllmain.cpp.

Function Documentation

◆ DllMain()

BOOL APIENTRY DllMain	(	HMODULE	module,
		DWORD	dllAction,
		LPVOID	lpReserved
	)

Main entry point for the DLL.

Parameters

module	The module handle
dllAction	The action to take
lpReserved	Reserved

Returns

Definition at line 13 of file dllmain.cpp.

{
    switch (dllAction)
    {
    case DLL_PROCESS_ATTACH:
        //DisableThreadLibraryCalls(module);
        break;
    case DLL_THREAD_ATTACH:
        // Code to run when a thread is created
        break;
    case DLL_THREAD_DETACH:
        // Code to run when a thread ends
        break;
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

◆ PanoBind()

PANO_API int PanoBind ( int ContainerPort )

Bind to the Panoptes Service by sending a hello message containing the extensibility type.

Parameters

ContainerPort The port of the container that the extensibility is running in

Returns: The container port

Definition at line 35 of file dllmain.cpp.

{
    PanoptesServiceClient client = PanoptesServiceClient();
    if (!client.Hello(ExtensibilityType::EXTENSIBILITY_TYPE_AMSI, ContainerPort)) {
        return 0;
    }
 
    return ContainerPort;
}

References EXTENSIBILITY_TYPE_AMSI, and PanoptesServiceClient::Hello().

◆ PanoEntry()

PANO_API bool PanoEntry	(	PeScan *	data,
		MemScan *	mem_data
	)

The entry point for the AMSI extensibility.

Parameters

data	The information about the file to be scanned
mem_data	The information about the memory to be scanned

Returns: True if the scan was successful, false otherwise

Definition at line 49 of file dllmain.cpp.

{
    if (data->PePath.empty()) {
        return false;
    }
 
    INT amsi_result = 0;
    HRESULT status = AmsiScanner::AmsiScanFile(data->PePath, "", &amsi_result);
    if (FAILED(status)) {
        return false;
    }
    else {
        PanoptesServiceClient client = PanoptesServiceClient();
        if (!client.SendResults_AMSI(data->PePath, data->FileHash, amsi_result)) {
            return false;
        }
 
        return true;
    }
}

References AmsiScanner::AmsiScanFile(), PeScan::FileHash, PeScan::PePath, and PanoptesServiceClient::SendResults_AMSI().

◆ PanoUnbind()

PANO_API bool PanoUnbind ( )

Unbind from the Panoptes Service by freeing the DLL.

Returns: True if the unbind was successful, false otherwise

Definition at line 72 of file dllmain.cpp.

{
    HMODULE hModule = GetModuleHandleA("PanoptesAMSI.dll");
    if (hModule != NULL) {
        FreeLibraryAndExitThread(hModule, 0);
    }
    return true;
}

Macros

Functions

Macro Definition Documentation

◆ VERSION

Function Documentation

◆ DllMain()

◆ PanoBind()

◆ PanoEntry()

◆ PanoUnbind()