mirror of https://github.com/hfiref0x/UACME.git
727 lines
23 KiB
C
727 lines
23 KiB
C
/*++
|
|
|
|
Copyright (c) Microsoft Corporation. All rights reserved.
|
|
|
|
Module Name:
|
|
|
|
mpclient.h
|
|
|
|
Abstract:
|
|
|
|
Master include file for WD client interface.
|
|
|
|
--*/
|
|
|
|
#pragma once
|
|
|
|
#ifndef _MPCLIENT_
|
|
#define _MPCLIENT_
|
|
|
|
typedef HANDLE *PMPHANDLE;
|
|
typedef HANDLE MPHANDLE;
|
|
typedef ULONG MPTHREAT_ID;
|
|
typedef ULONG MPRESOURCE_CLASS;
|
|
|
|
#define MP_RESOURCE_CLASS_UNKNOWN 0
|
|
#define MP_RESOURCE_CLASS_CONCRETE 0x0001
|
|
#define MP_RESOURCE_CLASS_LATENT 0x0002
|
|
#define MP_RESOURCE_CLASS_SAMPLE_FILE 0x0004
|
|
#define MP_RESOURCE_CLASS_SHARED 0x0100
|
|
|
|
#ifdef __midl
|
|
#define FAR
|
|
#define MP_MIDL_STRING [string, unique]
|
|
#else
|
|
#define MP_MIDL_STRING
|
|
#endif // __midl
|
|
|
|
typedef struct tagMPCOMPONENT_VERSION {
|
|
ULONGLONG Version;
|
|
ULARGE_INTEGER UpdateTime;
|
|
} MPCOMPONENT_VERSION, *PMPCOMPONENT_VERSION;
|
|
|
|
typedef struct tagMPVERSION_INFO {
|
|
MPCOMPONENT_VERSION Product;
|
|
MPCOMPONENT_VERSION Service;
|
|
MPCOMPONENT_VERSION FileSystemFilter;
|
|
MPCOMPONENT_VERSION Engine;
|
|
MPCOMPONENT_VERSION ASSignature;
|
|
MPCOMPONENT_VERSION AVSignature;
|
|
MPCOMPONENT_VERSION NISEngine;
|
|
MPCOMPONENT_VERSION NISSignature;
|
|
MPCOMPONENT_VERSION Reserved[4];
|
|
} MPVERSION_INFO, *PMPVERSION_INFO;
|
|
|
|
typedef enum tagMPTHREAT_TYPE {
|
|
MPTHREAT_TYPE_KNOWNBAD = 0,
|
|
MPTHREAT_TYPE_BEHAVIOR = 1,
|
|
MPTHREAT_TYPE_UNKNOWN = 2,
|
|
MPTHREAT_TYPE_KNOWNGOOD = 3,
|
|
MPTHREAT_TYPE_NIS = 4,
|
|
MPTHREAT_TYPE_MAXVALUE = 4
|
|
} MPTHREAT_TYPE, *PMPTHREAT_TYPE;
|
|
|
|
typedef enum tagMPTHREAT_SEVERITY {
|
|
MP_THREAT_SEVERITY_UNKNOWN = 0,
|
|
MP_THREAT_SEVERITY_LOW = 1,
|
|
MP_THREAT_SEVERITY_MODERATE = 2,
|
|
MP_THREAT_SEVERITY_HIGH = 4,
|
|
MP_THREAT_SEVERITY_SEVERE = 5,
|
|
MP_THREAT_SEVERITY_MAXVALUE = 5
|
|
} MPTHREAT_SEVERITY, *PMPTHREAT_SEVERITY;
|
|
|
|
typedef enum tagMPTHREAT_CATEGORY {
|
|
MP_THREAT_CATEGORY_INVALID = 0,
|
|
MP_THREAT_CATEGORY_ADWARE = 1,
|
|
MP_THREAT_CATEGORY_SPYWARE = 2,
|
|
MP_THREAT_CATEGORY_PASSWORDSTEALER = 3,
|
|
MP_THREAT_CATEGORY_TROJANDOWNLOADER = 4,
|
|
MP_THREAT_CATEGORY_WORM = 5,
|
|
MP_THREAT_CATEGORY_BACKDOOR = 6,
|
|
MP_THREAT_CATEGORY_REMOTEACCESSTROJAN = 7,
|
|
MP_THREAT_CATEGORY_TROJAN = 8,
|
|
MP_THREAT_CATEGORY_EMAILFLOODER = 9,
|
|
MP_THREAT_CATEGORY_KEYLOGGER = 10,
|
|
MP_THREAT_CATEGORY_DIALER = 11,
|
|
MP_THREAT_CATEGORY_MONITORINGSOFTWARE = 12,
|
|
MP_THREAT_CATEGORY_BROWSERMODIFIER = 13,
|
|
MP_THREAT_CATEGORY_COOKIE = 14,
|
|
MP_THREAT_CATEGORY_BROWSERPLUGIN = 15,
|
|
MP_THREAT_CATEGORY_AOLEXPLOIT = 16,
|
|
MP_THREAT_CATEGORY_NUKER = 17,
|
|
MP_THREAT_CATEGORY_SECURITYDISABLER = 18,
|
|
MP_THREAT_CATEGORY_JOKEPROGRAM = 19,
|
|
MP_THREAT_CATEGORY_HOSTILEACTIVEXCONTROL = 20,
|
|
MP_THREAT_CATEGORY_SOFTWAREBUNDLER = 21,
|
|
MP_THREAT_CATEGORY_STEALTHNOTIFIER = 22,
|
|
MP_THREAT_CATEGORY_SETTINGSMODIFIER = 23,
|
|
MP_THREAT_CATEGORY_TOOLBAR = 24,
|
|
MP_THREAT_CATEGORY_REMOTECONTROLSOFTWARE = 25,
|
|
MP_THREAT_CATEGORY_TROJANFTP = 26,
|
|
MP_THREAT_CATEGORY_POTENTIALUNWANTEDSOFTWARE = 27,
|
|
MP_THREAT_CATEGORY_ICQEXPLOIT = 28,
|
|
MP_THREAT_CATEGORY_TROJANTELNET = 29,
|
|
MP_THREAT_CATEGORY_EXPLOIT = 30,
|
|
MP_THREAT_CATEGORY_FILESHARINGPROGRAM = 31,
|
|
MP_THREAT_CATEGORY_MALWARE_CREATION_TOOL = 32,
|
|
MP_THREAT_CATEGORY_REMOTE_CONTROL_SOFTWARE = 33,
|
|
MP_THREAT_CATEGORY_TOOL = 34,
|
|
MP_THREAT_CATEGORY_TROJAN_DENIALOFSERVICE = 36,
|
|
MP_THREAT_CATEGORY_TROJAN_DROPPER = 37,
|
|
MP_THREAT_CATEGORY_TROJAN_MASSMAILER = 38,
|
|
MP_THREAT_CATEGORY_TROJAN_MONITORINGSOFTWARE = 39,
|
|
MP_THREAT_CATEGORY_TROJAN_PROXYSERVER = 40,
|
|
MP_THREAT_CATEGORY_VIRUS = 42,
|
|
MP_THREAT_CATEGORY_KNOWN = 43,
|
|
MP_THREAT_CATEGORY_UNKNOWN = 44,
|
|
MP_THREAT_CATEGORY_SPP = 45,
|
|
MP_THREAT_CATEGORY_BEHAVIOR = 46,
|
|
MP_THREAT_CATEGORY_VULNERABILTIY = 47,
|
|
MP_THREAT_CATEGORY_POLICY = 48,
|
|
MP_THREAT_CATEGORY_EUS = 49,
|
|
MP_THREAT_CATEGORY_RANSOM = 50
|
|
} MPTHREAT_CATEGORY, *PMPTHREAT_CATEGORY;
|
|
|
|
typedef enum tagMPTHREAT_STATUS {
|
|
MP_THREAT_STATUS_UNKNOWN = 0,
|
|
MP_THREAT_STATUS_DETECTED = 1,
|
|
MP_THREAT_STATUS_CLEANED = 2,
|
|
MP_THREAT_STATUS_QUARANTINED = 3,
|
|
MP_THREAT_STATUS_REMOVED = 4,
|
|
MP_THREAT_STATUS_ALLOWED = 5,
|
|
MP_THREAT_STATUS_BLOCKED = 6,
|
|
MP_THREAT_STATUS_CLEAN_FAILED = 102,
|
|
MP_THREAT_STATUS_QUARANTINE_FAILED = 103,
|
|
MP_THREAT_STATUS_REMOVE_FAILED = 104,
|
|
MP_THREAT_STATUS_ALLOW_FAILED = 105,
|
|
MP_THREAT_STATUS_ABANDONED = 106,
|
|
MP_THREAT_STATUS_BLOCK_FAILED = 107
|
|
} MPTHREAT_STATUS, *PMPTHREAT_STATUS;
|
|
|
|
typedef enum tagMPTHREAT_ACTION {
|
|
MP_THREAT_ACTION_UNKNOWN = 0,
|
|
MP_THREAT_ACTION_CLEAN = 1,
|
|
MP_THREAT_ACTION_QUARANTINE = 2,
|
|
MP_THREAT_ACTION_REMOVE = 3,
|
|
MP_THREAT_ACTION_ALLOW = 6,
|
|
MP_THREAT_ACTION_USERDEFINED = 8,
|
|
MP_THREAT_ACTION_NOACTION = 9,
|
|
MP_THREAT_ACTION_BLOCK = 10,
|
|
MP_THREAT_ACTION_MAX_VALUE = 10
|
|
} MPTHREAT_ACTION, *PMPTHREAT_ACTION;
|
|
|
|
typedef enum tagMPSTATUS_FLAG {
|
|
MP_STATUS_FLAG_NONE = 0,
|
|
MP_STATUS_FLAG_SERVICE_UNAVAILABLE = 1 << 0,
|
|
MP_STATUS_FLAG_MPENGINE_UNAVAILABLE = 1 << 1,
|
|
MP_STATUS_FLAG_THREAT_FULLSCAN_REQUIRED = 1 << 2,
|
|
MP_STATUS_FLAG_THREAT_REBOOT_REQUIRED = 1 << 3,
|
|
MP_STATUS_FLAG_THREAT_MANUAL_STEPS_REQUIRED = 1 << 4,
|
|
MP_STATUS_FLAG_DUE_AV_SIGNATURE = 1 << 5,
|
|
MP_STATUS_FLAG_DUE_AS_SIGNATURE = 1 << 6,
|
|
MP_STATUS_FLAG_DUE_QUICK_SCAN = 1 << 7,
|
|
MP_STATUS_FLAG_DUE_FULL_SCAN = 1 << 8,
|
|
MP_STATUS_FLAG_INPROGRESS_SYSTEM_SCAN = 1 << 9,
|
|
MP_STATUS_FLAG_INPROGRESS_ROUTINE_CLEANING = 1 << 10,
|
|
MP_STATUS_FLAG_DUE_SAMPLES = 1 << 11,
|
|
MP_STATUS_FLAG_EVALUATION_MODE = 1 << 12,
|
|
MP_STATUS_FLAG_NONGENUINE = 1 << 13,
|
|
MP_STATUS_FLAG_PRODUCT_EXPIRED = 1 << 14,
|
|
MP_STATUS_FLAG_THREAT_CALLISTO_REQUIRED = 1 << 15,
|
|
MP_STATUS_FLAG_SERVICE_ON_SYSTEM_SHUTDOWN = 1 << 16,
|
|
MP_STATUS_FLAG_SERVICE_CRITICAL_FAILURE = 1 << 17,
|
|
MP_STATUS_FLAG_SERVICE_NON_CRITICAL_FAILURE = 1 << 18,
|
|
MP_STATUS_FLAG_HEALTH_INITIALIZED = 1 << 19,
|
|
MP_STATUS_FLAG_DUE_PLATFORM_UPDATE = 1 << 20,
|
|
MP_STATUS_FLAG_INPROGRESS_PLATFORM_UPDATE = 1 << 21,
|
|
MP_STATUS_FLAG_PLATFORM_ABOUT_TO_BE_OUTDATED = 1 << 22,
|
|
MP_STATUS_FLAG_END_OF_LIFE = 1 << 23,
|
|
MP_STATUS_FLAG_MAX = 1 << 23,
|
|
MP_STATUS_FLAG_ALL = (1 << 24) - 1
|
|
} MPSTATUS_FLAG, *PMPSTATUS_FLAG;
|
|
|
|
typedef struct tagMPRESOURCE_INFO {
|
|
MP_MIDL_STRING LPWSTR Scheme;
|
|
MP_MIDL_STRING LPWSTR Path;
|
|
MPRESOURCE_CLASS Class;
|
|
} MPRESOURCE_INFO, *PMPRESOURCE_INFO;
|
|
|
|
typedef enum tagMPTHREAT_DETECTION {
|
|
MP_THREAT_DETECTION_CONCRETE = 0,
|
|
MP_THREAT_DETECTION_HEURISTIC = 1,
|
|
MP_THREAT_DETECTION_GENERIC = 2,
|
|
MP_THREAT_DETECTION_SUSPICIOUS = 4,
|
|
MP_THREAT_DETECTION_FASTPATH = 8
|
|
} MPTHREAT_DETECTION, *PMPTHREAT_DETECTION;
|
|
|
|
typedef enum tagMPEXECUTION_STATUS {
|
|
MP_EXECUTION_STATUS_UNKNOWN = 0,
|
|
MP_EXECUTION_STATUS_BLOCKED = 1,
|
|
MP_EXECUTION_STATUS_ALLOWED = 2,
|
|
MP_EXECUTION_STATUS_EXECUTING = 3,
|
|
MP_EXECUTION_STATUS_NOT_EXECUTING = 4
|
|
} MPEXECUTION_STATUS, *PMPEXECUTION_STATUS;
|
|
|
|
typedef enum tagMP_FASTPATH_TYPE {
|
|
MP_FASTPATH_UNKNOWN = 0,
|
|
MP_FASTPATH_VDM = 1,
|
|
MP_FASTPATH_DISABLED = 2
|
|
} MP_FASTPATH_TYPE, *PMP_FASTPATH_TYPE;
|
|
|
|
typedef enum tagMP_HASH_TYPE {
|
|
MP_HASH_TYPE_NONE = 0,
|
|
MP_HASH_TYPE_CRC32 = 2,
|
|
MP_HASH_TYPE_MD5 = 4,
|
|
MP_HASH_TYPE_SHA1 = 8,
|
|
MP_HASH_TYPE_SHA256 = 16
|
|
} MP_HASH_TYPE, *PMP_HASH_TYPE;
|
|
|
|
typedef struct tagMPTHREAT_INFOEX_UNUSED {
|
|
DWORD dwNone;
|
|
} MPTHREAT_INFOEX_UNUSED, *PMPTHREAT_INFOEX_UNUSED;
|
|
|
|
typedef struct tagMPTHREAT_INFOEX_BEHAVIOR {
|
|
ULARGE_INTEGER SignatureID;
|
|
ULONGLONG EngineVersion;
|
|
ULONGLONG ASDeltaSignatureVersion;
|
|
ULONGLONG AVDeltaSignatureVersion;
|
|
MP_HASH_TYPE HashType;
|
|
DWORD FidelityValue;
|
|
MP_MIDL_STRING LPWSTR HashValue;
|
|
MP_MIDL_STRING LPWSTR TargetFileName;
|
|
MP_MIDL_STRING LPWSTR TargetFileHash;
|
|
} MPTHREAT_INFOEX_BEHAVIOR, *PMPTHREAT_INFOEX_BEHAVIOR;
|
|
|
|
typedef struct tagMPTHREAT_INFOEX_NIS {
|
|
MP_MIDL_STRING LPWSTR SourceIP;
|
|
MP_MIDL_STRING LPWSTR DestinationIP;
|
|
DWORD dwSourceport;
|
|
DWORD dwDestinationport;
|
|
MP_MIDL_STRING LPWSTR Protocol;
|
|
MP_MIDL_STRING LPWSTR Link;
|
|
} MPTHREAT_INFOEX_NIS, *PMPTHREAT_INFOEX_NIS;
|
|
|
|
typedef enum tagMPDETECTION_STATE {
|
|
MPDETECTION_STATE_UNKNOWN = 0,
|
|
MPDETECTION_STATE_ACTIVE = 1,
|
|
MPDETECTION_STATE_FINISHED = 2,
|
|
MPDETECTION_STATE_ADDITIONAL_ACTIONS = 3,
|
|
MPDETECTION_STATE_FAILED = 4,
|
|
MPDETECTION_STATE_CRITICALLY_FAILED = 5,
|
|
MPDETECTION_STATE_CLEARED = 6
|
|
} MPDETECTION_STATE, *PMPDETECTION_STATE;
|
|
|
|
typedef enum tagMPSOURCE {
|
|
MPSOURCE_UNKNOWN = 0,
|
|
MPSOURCE_USER = 1,
|
|
MPSOURCE_SYSTEM = 2,
|
|
MPSOURCE_REALTIME = 3,
|
|
MPSOURCE_IOAV = 4,
|
|
MPSOURCE_NIS = 5,
|
|
MPSOURCE_BHO = 6,
|
|
MPSOURCE_IEPROTECT = 6,
|
|
MPSOURCE_ELAM = 7,
|
|
MPSOURCE_LOCAL_ATTESTATION = 8,
|
|
MPSOURCE_REMOTE_ATTESTATION = 9,
|
|
MPSOURCE_AMSI = 10,
|
|
MP_SOURCE_MAXVALUE = 10
|
|
} MPSOURCE, *PMPSOURCE;
|
|
|
|
typedef enum tagMPDETECTION_ORIGIN {
|
|
MPDETECTION_ORIGIN_UNKNOWN = 0,
|
|
MPDETECTION_ORIGIN_LOCAL_MACHINE = 1 << 0,
|
|
MPDETECTION_ORIGIN_NETWORKSHARE = 1 << 1,
|
|
MPDETECTION_ORIGIN_INTERNET = 1 << 2,
|
|
MPDETECTION_ORIGIN_OUTBOUND = 1 << 3,
|
|
MPDETECTION_ORIGIN_INBOUND = 1 << 4
|
|
} MPDETECTION_ORIGIN, *PMPDETECTION_ORIGIN;
|
|
|
|
typedef enum tagMPRESOLVED_REASON {
|
|
MPRESOLVED_REASON_UNKNOWN = 0,
|
|
MPRESOLVED_REASON_FULL_SCAN = 1,
|
|
MPRESOLVED_REASON_TIMED_OUT = 2
|
|
} MPRESOLVED_REASON, *PMPRESOLVED_REASON;
|
|
|
|
typedef enum tagMPTHREAD_SOURCE {
|
|
MPTHREAT_SOURCE_SCAN = 0,
|
|
MPTHREAT_SOURCE_ACTIVE = 1,
|
|
MPTHREAT_SOURCE_HISTORY = 2,
|
|
MPTHREAT_SOURCE_QUARANTINE = 3,
|
|
MPTHREAT_SOURCE_SIGNATURE = 4,
|
|
MPTHREAT_SOURCE_STATE = 5,
|
|
MPTHREAT_SOURCE_MAXVALUE = 5
|
|
} MPTHREAT_SOURCE, *PMPTHREAT_SOURCE;
|
|
|
|
typedef struct tagMPTHREAT_INFO {
|
|
MPTHREAT_ID ThreatID;
|
|
GUID DetectionID;
|
|
MP_MIDL_STRING LPWSTR Name;
|
|
MPTHREAT_TYPE ThreatType;
|
|
MPTHREAT_SEVERITY ThreatCriticality;
|
|
MPTHREAT_CATEGORY ThreatCategory;
|
|
DWORD ThreatShortDescriptionID;
|
|
DWORD ThreatAdviseDescriptionID;
|
|
MPTHREAT_STATUS ThreatStatus;
|
|
DWORD SuggestedActionCount;
|
|
MPTHREAT_ACTION SuggestedActionArray[ANYSIZE_ARRAY];
|
|
DWORD ResourceCount;
|
|
PMPRESOURCE_INFO *ResourceList[ANYSIZE_ARRAY];
|
|
ULARGE_INTEGER ThreatStatusTime;
|
|
HRESULT ThreatStatusCode;
|
|
MPTHREAT_DETECTION ThreatDetection;
|
|
GUID QuarantineGuid;
|
|
MPEXECUTION_STATUS ExecutionStatus;
|
|
union {
|
|
PMPTHREAT_INFOEX_UNUSED pKnownBad;
|
|
PMPTHREAT_INFOEX_BEHAVIOR pBehavior;
|
|
PMPTHREAT_INFOEX_UNUSED pUnknown;
|
|
PMPTHREAT_INFOEX_UNUSED pKnownGood;
|
|
PMPTHREAT_INFOEX_NIS pNis;
|
|
} Data;
|
|
MPDETECTION_STATE State;
|
|
MP_MIDL_STRING LPWSTR DetectionUser;
|
|
MPSOURCE DetectionSource;
|
|
MP_MIDL_STRING LPWSTR ProcessName;
|
|
MPDETECTION_ORIGIN DetectionOrigin;
|
|
DWORD reserved1;
|
|
ULARGE_INTEGER DetectionTime;
|
|
MPEXECUTION_STATUS PreExecutionStatus;
|
|
ULARGE_INTEGER RemediationTime;
|
|
MPEXECUTION_STATUS PostExecutionStatus;
|
|
BOOL CriticalFailure;
|
|
DWORD NonCriticalReason;
|
|
MP_MIDL_STRING LPWSTR RemediationUser;
|
|
DWORD RemediationResourceCount;
|
|
PMPRESOURCE_INFO RemediationResourceList[ANYSIZE_ARRAY];
|
|
BOOL FailureResolved;
|
|
MPRESOLVED_REASON ResolvedReason;
|
|
DWORD AdditionalActions;
|
|
DWORD ResolvedActions;
|
|
DWORD dwThreatStatusFlag;
|
|
} MPTHREAT_INFO, *PMPTHREAT_INFO;
|
|
|
|
typedef struct tagMPTHREAT_LOCALIZED_INFO {
|
|
MPTHREAT_ID ThreatID;
|
|
MP_MIDL_STRING LPWSTR CategoryName;
|
|
MP_MIDL_STRING LPWSTR CategoryDescription;
|
|
MP_MIDL_STRING LPWSTR SeverityName;
|
|
MP_MIDL_STRING LPWSTR SeverityDescription;
|
|
MP_MIDL_STRING LPWSTR ShortDescription;
|
|
MP_MIDL_STRING LPWSTR DefaultActionName;
|
|
MP_MIDL_STRING LPWSTR Advice;
|
|
MP_MIDL_STRING LPWSTR ThreatUrl;
|
|
} MPTHREAT_LOCALIZED_INFO, *PMPTHREAT_LOCALIZED_INFO;
|
|
|
|
typedef struct tagMPTHREAT_STATS {
|
|
UINT ThreatCount;
|
|
UINT SuspiciousThreatCount;
|
|
UINT Reserved[4];
|
|
} MPTHREAT_STATS, *PMPTHREAT_STATS;
|
|
|
|
typedef struct tagMPTHREAT_DATA {
|
|
MPTHREAT_ID ThreatID;
|
|
DWORD dwSessionID;
|
|
MPTHREAT_ACTION ThreatAction;
|
|
DWORD dwStatus;
|
|
} MPTHREAT_DATA, *PMPTHREAT_DATA;
|
|
|
|
typedef enum tagMP_PERSISTENCE_LIMIT_TYPE {
|
|
MP_PERSISTENCE_UNKNOWN = 0,
|
|
MP_PERSISTENCE_NO_LIMIT = 1,
|
|
MP_PERSISTENCE_DURATION = 2,
|
|
MP_PERSISTENCE_VDM_VERSION = 3,
|
|
MP_PERSISTENCE_TIMESTAMP = 4,
|
|
MP_PERSISTENCE_FORCED = 5
|
|
} MP_PERSISTENCE_LIMIT_TYPE, *PMP_PERSISTENCE_LIMIT_TYPE;
|
|
|
|
typedef enum tagMPSCAN_TYPE {
|
|
MPSCAN_TYPE_UNKNOWN = 0,
|
|
MPSCAN_TYPE_QUICK = 1,
|
|
MPSCAN_TYPE_FULL = 2,
|
|
MPSCAN_TYPE_RESOURCE = 3,
|
|
MPSCAN_TYPE_MAXVALUE = 3
|
|
} MPSCAN_TYPE, *PMPSCAN_TYPE;
|
|
|
|
typedef struct tagMPSCAN_RESOURCES {
|
|
DWORD dwResourceCount;
|
|
PMPRESOURCE_INFO pResourceList;
|
|
} MPSCAN_RESOURCES, *PMPSCAN_RESOURCES;
|
|
|
|
typedef enum tagMPNOTIFY {
|
|
MPNOTIFY_NONE,
|
|
MPNOTIFY_CALL_START,
|
|
MPNOTIFY_CALL_COMPLETE,
|
|
MPNOTIFY_INTERNAL_FAILURE,
|
|
MPNOTIFY_STATUS_SERVICE_START,
|
|
MPNOTIFY_STATUS_SERVICE_RUNNING,
|
|
MPNOTIFY_STATUS_SERVICE_STOP,
|
|
MPNOTIFY_STATUS_COMPONENT,
|
|
MPNOTIFY_STATUS_CHANGE,
|
|
MPNOTIFY_STATUS_COMPONENT_CONFIGURATION,
|
|
MPNOTIFY_STATUS_EXPIRATION_CHANGE,
|
|
MPNOTIFY_STATUS_OFFLINE_SCAN_CHANGE,
|
|
MPNOTIFY_SCAN_START,
|
|
MPNOTIFY_SCAN_PAUSED,
|
|
MPNOTIFY_SCAN_RESUMED,
|
|
MPNOTIFY_SCAN_CANCEL,
|
|
MPNOTIFY_SCAN_COMPLETE,
|
|
MPNOTIFY_SCAN_PROGRESS,
|
|
MPNOTIFY_SCAN_ERROR,
|
|
MPNOTIFY_SCAN_INFECTED,
|
|
MPNOTIFY_SCAN_MEMORYSTART,
|
|
MPNOTIFY_SCAN_MEMORYCOMPLETE,
|
|
MPNOTIFY_SCAN_SFC_BUILD_START,
|
|
MPNOTIFY_SCAN_SFC_BUILD_COMPLETE,
|
|
MPNOTIFY_SCAN_FASTPATH_START,
|
|
MPNOTIFY_SCAN_FASTPATH_COMPLETE,
|
|
MPNOTIFY_SCAN_FASTPATH_PROGRESS,
|
|
MPNOTIFY_CLEAN_START,
|
|
MPNOTIFY_CLEAN_COMPLETE,
|
|
MPNOTIFY_CLEAN_RESTOREPOINT_START,
|
|
MPNOTIFY_CLEAN_RESTOREPOINT_SUCCEEDED,
|
|
MPNOTIFY_CLEAN_RESTOREPOINT_FAILED,
|
|
MPNOTIFY_CLEAN_THREAT_START,
|
|
MPNOTIFY_CLEAN_THREAT_SUCCEEDED,
|
|
MPNOTIFY_CLEAN_THREAT_FAILED,
|
|
MPNOTIFY_CLEAN_RESOURCE_SUCCEEDED,
|
|
MPNOTIFY_CLEAN_RESOURCE_FAILED,
|
|
MPNOTIFY_CLEAN_THREAT_COMPLETE,
|
|
MPNOTIFY_PRECHECK_START,
|
|
MPNOTIFY_PRECHECK_COMPLETE,
|
|
MPNOTIFY_PRECHECK_RESOURCE_BLOCKED,
|
|
MPNOTIFY_THREAT_DETECTED,
|
|
MPNOTIFY_THREAT_MODIFIED,
|
|
MPNOTIFY_THREAT_CLEAN_SUCCEEDED,
|
|
MPNOTIFY_THREAT_CLEAN_FAILED,
|
|
MPNOTIFY_THREAT_ABANDONED,
|
|
MPNOTIFY_THREAT_CLEAN_EVENT_START,
|
|
MPNOTIFY_THREAT_CLEAN_EVENT_COMPLETE,
|
|
MPNOTIFY_SIGUPDATE_START,
|
|
MPNOTIFY_SIGUPDATE_SEARCH_START,
|
|
MPNOTIFY_SIGUPDATE_SEARCH_COMPLETE,
|
|
MPNOTIFY_SIGUPDATE_SOFTWARE_UPDATE_AVAILABLE,
|
|
MPNOTIFY_SIGUPDATE_DOWNLOAD_START,
|
|
MPNOTIFY_SIGUPDATE_DOWNLOAD_PROGRESS,
|
|
MPNOTIFY_SIGUPDATE_DOWNLOAD_COMPLETE,
|
|
MPNOTIFY_SIGUPDATE_INSTALL_START,
|
|
MPNOTIFY_SIGUPDATE_INSTALL_PROGRESS,
|
|
MPNOTIFY_SIGUPDATE_INSTALL_COMPLETE,
|
|
MPNOTIFY_SIGUPDATE_REBOOT_REQUIRED,
|
|
MPNOTIFY_SIGUPDATE_REQUEST_PROCESSED,
|
|
MPNOTIFY_SIGUPDATE_COMPLETE,
|
|
MPNOTIFY_SAMPLE_START,
|
|
MPNOTIFY_SAMPLE_COMPLETE,
|
|
MPNOTIFY_SAMPLE_ITEM_START,
|
|
MPNOTIFY_SAMPLE_ITEM_SUCCEEDED,
|
|
MPNOTIFY_SAMPLE_ITEM_FAILED,
|
|
MPNOTIFY_RESERVED_DATA,
|
|
MPNOTIFY_FASTPATH_SIG_ADDED,
|
|
MPNOTIFY_FASTPATH_SIG_REMOVED,
|
|
MPNOTIFY_NIS_PRIVATE,
|
|
MPNOTIFY_HEALTH_CHANGE,
|
|
MPNOTIFY_HEALTH_RECOVERY,
|
|
MPNOTIFY_HEALTH_START,
|
|
MPNOTIFY_ENDOFLIFE_CHANGE,
|
|
MPNOTIFY_MALWARETOAST_DATA
|
|
} MPNOTIFY, *PMPNOTIFY;
|
|
|
|
typedef enum tagMPCALLBACK_TYPE {
|
|
MPCALLBACK_UNKNOWN = 0,
|
|
MPCALLBACK_STATUS = 1,
|
|
MPCALLBACK_THREAT = 2,
|
|
MPCALLBACK_SCAN = 3,
|
|
MPCALLBACK_CLEAN = 4,
|
|
MPCALLBACK_PRECHECK = 5,
|
|
MPCALLBACK_SIGUPDATE = 6,
|
|
MPCALLBACK_SAMPLE = 7,
|
|
MPCALLBACK_RESERVED = 8,
|
|
MPCALLBACK_CONFIGURATION_NOTIFICATION = 9,
|
|
MPCALLBACK_FASTPATH = 10,
|
|
MPCALLBACK_PRODUCT_EXPIRATION = 11,
|
|
MPCALLBACK_NIS_PRIVATE = 12,
|
|
MPCALLBACK_HEALTH = 13,
|
|
MPCALLBACK_ENDOFLIFE = 14,
|
|
MPCALLBACK_MALWARETOAST = 15,
|
|
MPCALLBACK_MAXVALUE = 15
|
|
} MPCALLBACK_TYPE, *PMPCALLBACK_TYPE;
|
|
|
|
typedef enum tagMPCOMPONENT_ID {
|
|
MPCOMPONENT_AS_SIGNATURE = 0,
|
|
MPCOMPONENT_AV_SIGNATURE = 1,
|
|
MPCOMPONENT_REALTIME_MONITOR = 2,
|
|
MPCOMPONENT_ONACCESS_PROTECTION = 3,
|
|
MPCOMPONENT_IOAV_PROTECTION = 4,
|
|
MPCOMPONENT_BEHAVIOR_MONITOR = 5,
|
|
MPCOMPONENT_AUTO_SCAN = 6,
|
|
MPCOMPONENT_AUTO_SIGUPDATE = 7,
|
|
MPCOMPONENT_IPC = 8,
|
|
MPCOMPONENT_NIS = 9,
|
|
MPCOMPONENT_ELAM = 10,
|
|
MPCOMPONENT_MAXVALUE = 10
|
|
} MPCOMPONENT_ID, *PMPCOMPONENT_ID;
|
|
|
|
typedef struct tagMPSTATUS_DATAEX_UNUSED {
|
|
DWORD dwNone;
|
|
} MPSTATUS_DATAEX_UNUSED, *PMPSTATUS_DATAEX_UNUSED;
|
|
|
|
typedef struct tagMPSTATUS_DATA {
|
|
MPCOMPONENT_ID ComponentID;
|
|
BOOL fEnable;
|
|
union {
|
|
PMPSTATUS_DATAEX_UNUSED p1;
|
|
PMPSTATUS_DATAEX_UNUSED p2;
|
|
PMPSTATUS_DATAEX_UNUSED p3;
|
|
PMPSTATUS_DATAEX_UNUSED p4;
|
|
PMPSTATUS_DATAEX_UNUSED p5;
|
|
PMPSTATUS_DATAEX_UNUSED p6;
|
|
PMPSTATUS_DATAEX_UNUSED p7;
|
|
PMPSTATUS_DATAEX_UNUSED p8;
|
|
PMPSTATUS_DATAEX_UNUSED p9;
|
|
PMPSTATUS_DATAEX_UNUSED pa;
|
|
PMPSTATUS_DATAEX_UNUSED pb;
|
|
} ComponentStatus;
|
|
} MPSTATUS_DATA, *PMPSTATUS_DATA;
|
|
|
|
typedef struct tagMPRESOURCE_STATS {
|
|
DWORD PPMProgress;
|
|
UINT64 ProcessCount;
|
|
UINT64 FileCount;
|
|
UINT64 FileBytesCount;
|
|
UINT64 RegKeyCount;
|
|
UINT64 Reserved[4];
|
|
} MPRESOURCE_STATS, *PMPRESOURCE_STATS;
|
|
|
|
typedef struct tagMPSCAN_DATA {
|
|
MPSCAN_TYPE ScanType;
|
|
PMPRESOURCE_INFO ResourceInfo;
|
|
MPRESOURCE_STATS ResourceStats;
|
|
MPTHREAT_STATS ThreatStats;
|
|
} MPSCAN_DATA, *PMPSCAN_DATA;
|
|
|
|
typedef struct tagMPCLEAN_DATA {
|
|
MPTHREAT_ID ThreatID;
|
|
MPTHREAT_ACTION ThreatAction;
|
|
DWORD dwStatus;
|
|
PMPRESOURCE_INFO ResourceInfo;
|
|
} MPCLEAN_DATA, *PMPCLEAN_DATA;
|
|
|
|
typedef struct tagMPCLEAN_PRECHECK_DATA {
|
|
PMPRESOURCE_INFO BlockedResourceInfo;
|
|
PMPRESOURCE_INFO BlockingResourceInfo;
|
|
} MPCLEAN_PRECHECK_DATA, *PMPCLEAN_PRECHECK_DATA;
|
|
|
|
typedef struct tagMPSIGUPDATE_DATA {
|
|
DWORD dwPercentComplete;
|
|
DWORD dwTotalUpdates;
|
|
DWORD dwCurrentUpdateIndex;
|
|
ULONG eType;
|
|
ULONG Stage;
|
|
MP_MIDL_STRING LPWSTR Path;
|
|
} MPSIGUPDATE_DATA, *PMPSIGUPDATE_DATA;
|
|
|
|
typedef struct tagMPSAMPLE_DATA {
|
|
DWORD dwSampleIndex;
|
|
} MPSAMPLE_DATA, *PMPSAMPLE_DATA;
|
|
|
|
typedef struct tagMPRESERVED_DATA {
|
|
DWORD cbReservedData;
|
|
BYTE *pbReservedData;
|
|
} MPRESERVED_DATA, *PMPRESERVED_DATA;
|
|
|
|
typedef struct tagMPCONFIGURATION_DATA {
|
|
MP_MIDL_STRING LPWSTR ConfigurationName;
|
|
DWORD DataType;
|
|
DWORD PreviousDataSize;
|
|
BYTE *pPreviousData;
|
|
DWORD CurrentDataSize;
|
|
BYTE *pCurrentData;
|
|
} MPCONFIGURATION_DATA, *PMPCONFIGURATION_DATA;
|
|
|
|
typedef enum tagMP_SIGNATURE_TYPE {
|
|
MP_SIGNATURE_ANTIMALWARE = 0,
|
|
MP_SIGNATURE_ANTIVIRUS = 1,
|
|
MP_SIGNATURE_ANTISPYWARE = 2,
|
|
MP_SIGNATURE_NIS = 3,
|
|
MP_SIGNATURE_TYPES_MAXVALUE = 3
|
|
} MP_SIGNATURE_TYPE, *PMP_SIGNATURE_TYPE;
|
|
|
|
typedef enum tagMP_REMOVAL_REASON {
|
|
MP_REMOVAL_UNKNOWN = 0,
|
|
MP_REMOVAL_MANUAL = 1,
|
|
MP_REMOVAL_AUTOMATIC = 2
|
|
} MP_REMOVAL_REASON, *PMP_REMOVAL_REASON;
|
|
|
|
typedef struct tagMPFASTPATH_DATA {
|
|
MP_SIGNATURE_TYPE SignatureType;
|
|
MP_FASTPATH_TYPE FastPathSignatureType;
|
|
MP_MIDL_STRING LPWSTR FastPathSignatureVersion;
|
|
ULARGE_INTEGER CompilationTimestamp;
|
|
MP_PERSISTENCE_LIMIT_TYPE PersistenceType;
|
|
MP_MIDL_STRING LPWSTR PersistenceValue;
|
|
MP_MIDL_STRING LPWSTR PersistencePath;
|
|
MP_REMOVAL_REASON Reason;
|
|
} MPFASTPATH_DATA, *PMPFASTPATH_DATA;
|
|
|
|
typedef enum tagMP_EXPIRE_REASON {
|
|
MP_EXPIRED_UNKNOWN = 0,
|
|
MP_EXPIRED_EVAL = 1,
|
|
MP_EXPIRED_WAT = 2
|
|
} MP_EXPIRE_REASON, *PMP_EXPIRE_REASON;
|
|
|
|
typedef enum tagMP_EXPIRE_STATE_REPORT {
|
|
MP_EXPIRE_STATE_REPORT_UNKNOWN = 0,
|
|
MP_EXPIRE_STATE_REPORT_VALID = 1,
|
|
MP_EXPIRE_STATE_REPORT_WARNING = 2,
|
|
MP_EXPIRE_STATE_REPORT_EXPIRED = 3
|
|
} MP_EXPIRE_STATE_REPORT, *PMP_EXPIRE_STATE_REPORT;
|
|
|
|
typedef struct tagMPEXPIRATION_DATA {
|
|
MP_EXPIRE_REASON Reason;
|
|
MP_EXPIRE_STATE_REPORT State;
|
|
} MPEXPIRATION_DATA, *PMPEXPIRATION_DATA;
|
|
|
|
typedef struct tagMPNIS_PRIVATE_DATA {
|
|
DWORD dwNotificationType;
|
|
DWORD cbDataSize;
|
|
BYTE *pbData;
|
|
} MPNIS_PRIVATE_DATA, *PMPNIS_PRIVATE_DATA;
|
|
|
|
typedef struct tagMPHEALTH_DATA {
|
|
DWORD dwNotificationType;
|
|
DWORD dwNotificationFlag;
|
|
} MPHEALTH_DATA, *PMPHEALTH_DATA;
|
|
|
|
typedef struct tagMPENDOFLIFE_DATA {
|
|
FILETIME ftSignatureExpiry;
|
|
FILETIME ftPlatformExpiry;
|
|
BOOL fAdminControlled;
|
|
BOOL fEndOfLifeImpendingOrPast;
|
|
} MPENDOFLIFE_DATA, *PMPENDOFLIFE_DATA;
|
|
|
|
typedef struct tagMPMALWARETOAST_DATA {
|
|
DWORD dwThreatId;
|
|
MP_MIDL_STRING LPWSTR pszThreatName;
|
|
} MPMALWARETOAST_DATA, *PMPMALWARETOAST_DATA;
|
|
|
|
typedef struct tagMPCALLBACK_DATA {
|
|
MPNOTIFY Notify;
|
|
HRESULT hResult;
|
|
ULARGE_INTEGER TimeStamp;
|
|
MPCALLBACK_TYPE Type;
|
|
union {
|
|
PMPSTATUS_DATA pStatusData;
|
|
PMPSCAN_DATA pScanData;
|
|
PMPCLEAN_DATA pCleanData;
|
|
PMPCLEAN_PRECHECK_DATA pPrecheckData;
|
|
PMPTHREAT_DATA pThreatData;
|
|
PMPSIGUPDATE_DATA pSigUpdateData;
|
|
PMPSAMPLE_DATA pSampleData;
|
|
PMPRESERVED_DATA pReservedData;
|
|
PMPCONFIGURATION_DATA pConfigurationData;
|
|
PMPFASTPATH_DATA pFastPathData;
|
|
PMPEXPIRATION_DATA pExpirationData;
|
|
PMPNIS_PRIVATE_DATA pNISPrivateData;
|
|
PMPHEALTH_DATA pHealthData;
|
|
PMPENDOFLIFE_DATA pEndOfLifeData;
|
|
PMPMALWARETOAST_DATA pMalwareToastData;
|
|
} Data;
|
|
} MPCALLBACK_DATA, *PMPCALLBACK_DATA;
|
|
|
|
typedef enum tagMPCONTROL {
|
|
MPCONTROL_ABORT = 0,
|
|
MPCONTROL_PAUSE = 1,
|
|
MPCONTROL_RESUME = 2
|
|
} MPCONTROL, *PMCONTROL;
|
|
|
|
typedef HRESULT(WINAPI *pfnWDStatus)(
|
|
_Out_ BOOL* pfEnabled);
|
|
|
|
typedef HRESULT(WINAPI *pfnMpManagerOpen)(
|
|
_In_ DWORD dwReserved,
|
|
_Out_ PMPHANDLE phMpHandle);
|
|
|
|
typedef HRESULT(WINAPI *pfnMpHandleClose)(
|
|
_In_ MPHANDLE hMpHandle);
|
|
|
|
typedef void (WINAPI *pfnMpFreeMemory)(
|
|
_In_ PVOID pMemory);
|
|
|
|
typedef HRESULT(WINAPI *pfnMpManagerVersionQuery)(
|
|
_In_ MPHANDLE hMpHandle,
|
|
_Out_ PMPVERSION_INFO pVersionInfo);
|
|
|
|
typedef HRESULT(WINAPI *pfnMpErrorMessageFormat)(
|
|
_In_ MPHANDLE hMpHandle,
|
|
_In_ HRESULT hrError,
|
|
_Out_ LPWSTR *pwszErrorDesc);
|
|
|
|
typedef HRESULT(WINAPI *pfnMpThreatEnumerate)(
|
|
_In_ MPHANDLE hThreatEnumHandle,
|
|
_Out_ PMPTHREAT_INFO *ppThreatInfo);
|
|
|
|
typedef HRESULT(WINAPI *pfnMpThreatOpen)(
|
|
_In_ MPHANDLE hScanHandle,
|
|
_In_ MPTHREAT_SOURCE ThreatSource,
|
|
_In_ MPTHREAT_TYPE ThreatType,
|
|
_Out_ PMPHANDLE phThreatEnumHandle);
|
|
|
|
typedef HRESULT(WINAPI *pfnMpThreatQuery)(
|
|
_In_ MPHANDLE hMpHandle,
|
|
_In_ MPTHREAT_ID ThreatID,
|
|
_Out_ PMPTHREAT_INFO *ppThreatInfo,
|
|
_Out_opt_ PMPTHREAT_LOCALIZED_INFO *ppThreatLocalizedInfo);
|
|
|
|
typedef HRESULT(WINAPI *pfnMpScanStart)(
|
|
_In_ MPHANDLE hMpHandle,
|
|
_In_ MPSCAN_TYPE ScanType,
|
|
_In_ DWORD dwScanOptions,
|
|
_In_opt_ PMPSCAN_RESOURCES pScanResources,
|
|
_In_opt_ PMPCALLBACK_DATA pCallbackInfo,
|
|
_Out_ PMPHANDLE phScanHandle);
|
|
|
|
typedef HRESULT(WINAPI *pfnMpScanControl)(
|
|
_In_ MPHANDLE hScanHandle,
|
|
_In_ MPCONTROL ScanControl);
|
|
|
|
#endif // !_MPCLIENT_
|