使用Windows Defender API,我正在尝试对文件夹上的Malwares进行扫描。在文档之后,我编写了代码:
MPRESOURCE_INFO ResourceInfo = { 0 };
MPSCAN_RESOURCES ScanResource = { 0 };
PMPRESOURCE_INFO ResourceInfoArray = NULL;
...
ResourceInfo.Scheme = L"dir";
ResourceInfo.Path = L"C:\temp";
ResourceInfo.Class = 0;
// ResourceInfoArray was Allocated before
*ResourceInfoArray = ResourceInfo;
ScanResource.dwResourceCount = 1;
ScanResource.pResourceList = ResourceInfoArray;
// Opened hMpManager before using MpScanStart
hRetval = MpScanStart(hMpManager, MPSCAN_TYPE_RESOURCE, 0, &ScanResource, NULL, &ScanHnadle);
从中获得错误消息:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
但是,如果我将ResourceInfo定义更改为:
ResourceInfo.Scheme = L"file";
ResourceInfo.Path = L"C:\temp\MyFile.exe";
ResourceInfo.Class = 0;
它效果很好,以正确的方式检测文件。在底线上 - 代码适用于文件,但对目录不起作用。有人知道我在目录搜索时做错了吗?
分析由mpcmdrun.exe创建的事件日志,我发现它使用了方案"文件夹"而不是" dir"。这种更改使我的代码正常工作。
ResourceInfo.Scheme = L"folder";
文件夹路径不必以后斜线结束,但是驱动器需要它:( f:(。