updated docs in some files and readme

Tomiwa-Ot · Oct 10, 2022 · 65cce9b · 65cce9b
1 parent d571d0f
commit 65cce9b
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -1,12 +1,12 @@
 # py-amsi
 
 py-amsi is a library that scans strings or files for malware using the Windows
-Antimalware Scan Interface (AMSI). AMSI is an interface native to Windows 
+Antimalware Scan Interface (AMSI) API. AMSI is an interface native to Windows 
 that allows applications to ask the antivirus installed on the system
 to analyse a file/string. AMSI is not tied to Windows Defender. Antivirus
 providers implement the AMSI interface to receive calls from applications.
-This library takes advantage of the interface to make antivirus scans
-in python.
+This library takes advantage of the API to make antivirus scans in python.
+Read more about the Windows AMSI API [here](https://learn.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal).
 
 ## Installation
 - Via pip

diff --git a/example.py b/example.py
diff --git a/src/pyamsi/Amsi.py b/src/pyamsi/Amsi.py
@@ -4,8 +4,9 @@
 Name: py-amsi (v1.0)
 Description: Scan strings and files using the windows antimalware interface
 Author: Olorunfemi-Ojo Tomiwa
+URL: https://github.com/Tomiwa-Ot/py-amsi
 License: MIT
-© Copyright 2022
+Copyright (c) @Tomiwa-Ot 2022
 """
 
 import os

diff --git a/src/scanner.c b/src/scanner.c
@@ -1,19 +1,28 @@
+/**
+ *  Implementation of Windows AMSI API as a shared library(DLL)
+ * 
+ *  Author: Olorunfemi-Ojo Tomiwa
+ *  URL: https://github.com/Tomiwa-Ot
+ *  AMSI Docs: https://learn.microsoft.com/en-us/windows/win32/api/amsi
+ *  
+ *  Compile commands:
+ *  -----------------
+ *  gcc -c -fPIC scanner.c -o scanner.o   
+ *  gcc --whole-file -shared -Wl,-soname,scanner.dll -o amsiscanner.dll scanner.o C:\Windows\System32\amsi.dll
+ * 
+ */
+
 #include <stdio.h>
 #include "amsi.h"
 #pragma comment(lib, "amsi.lib")
 
-// Compile commands:
-// -----------------
-// gcc -c -fPIC scanner.c -o scanner.o   
-// gcc --whole-file -shared -Wl,-soname,scanner.dll -o amsiscanner.dll scanner.o C:\Windows\System32\amsi.dll   
 
 HAMSICONTEXT amsiContext;
 HAMSISESSION amsiSession;
 AMSI_RESULT result;
 HRESULT hr;
-// IAntimalwareProvider iap;
-
 
+// Initialise the AMSI API
 void initialize(int debug)
 {
     hr = AmsiInitialize(L"py-amsi", &amsiContext);
@@ -27,6 +36,7 @@ void initialize(int debug)
     }
 }
 
+// Opens a session within which scan requests can be correlated
 void openSession(int debug)
 {
     hr = AmsiOpenSession(amsiContext, &amsiSession);
@@ -39,13 +49,14 @@ void openSession(int debug)
     }
 }
 
-
+// Close and remove the instance of the AMSI API opened
 void terminate()
 {
     AmsiCloseSession(amsiContext, amsiSession);
     AmsiUninitialize(amsiContext);
 }
 
+// Scan string for malware
 int scanString(LPCWSTR text, LPCWSTR name, int debug)
 {
 
@@ -103,6 +114,7 @@ int scanString(LPCWSTR text, LPCWSTR name, int debug)
     return returnCode;
 }
 
+// Scan file for malware
 int scanBytes(BYTE* payload, ULONG payloadSize, LPCWSTR name, int debug)
 {
     int returnCode;