Reworked CI code to resolve during runtime

2023-07-02 19:35:01 +02:00
parent b3b10a26eb
commit 24bec1ffea
5 changed files with 330 additions and 206 deletions
--- a/include/Domito.h
+++ b/include/Domito.h
@@ -139,6 +139,92 @@ DOMITO_CALG_TO_BCRYPT_ALGORITHM(
 }


+/*   ___         _       ___     _                _ _        
+ *  / __|___  __| |___  |_ _|_ _| |_ ___ __ _ _ _(_) |_ _  _ 
+ * | (__/ _ \/ _` / -_)  | || ' \  _/ -_) _` | '_| |  _| || |
+ *  \___\___/\__,_\___| |___|_||_\__\___\__, |_| |_|\__|\_, |
+ *                                      |___/           |__/ 
+ */
+
+_IRQL_requires_max_(PASSIVE_LEVEL)
+EXTERN_C
+PVOID
+DomitoCiFreePolicyInfo(
+    _Inout_ MINCRYPT_POLICY_INFO* PolicyInfo
+);
+
+_Success_(return == STATUS_SUCCESS)
+_Must_inspect_result_
+_IRQL_requires_max_(PASSIVE_LEVEL)
+NTSTATUS
+DomitoCiCheckSignedFile(
+    _In_ PVOID Hash,
+    _In_ UINT32 HashSize,
+    _In_ ALG_ID HashAlgId,
+    _In_ PVOID SecurityDirectory,
+    _In_ UINT32 SizeOfSecurityDirectory,
+    _Out_ MINCRYPT_POLICY_INFO* PolicyInfo,
+    _Out_ LARGE_INTEGER* SigningTime,
+    _Out_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo
+);
+
+_Success_(return == STATUS_SUCCESS)
+_Must_inspect_result_
+_IRQL_requires_max_(PASSIVE_LEVEL)
+NTSTATUS
+DomitoCiVerifyHashInCatalog(
+    _In_ PVOID Hash,
+    _In_ UINT32 HashSize,
+    _In_ ALG_ID HashAlgId,
+    _In_ BOOLEAN IsReloadCatalogs,
+    _In_ UINT32 Always0,
+    _In_ UINT32 Always2007F,
+    _Out_ MINCRYPT_POLICY_INFO* PolicyInfo,
+    _Out_opt_ UNICODE_STRING* CatalogName,
+    _Out_ LARGE_INTEGER* SigningTime,
+    _Out_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo
+);
+
+typedef
+_IRQL_requires_same_
+_Function_class_(MINCRYPT_ALLOCATE_ROUTINE)
+__drv_allocatesMem(Mem)
+PVOID
+NTAPI
+MINCRYPT_ALLOCATE_ROUTINE(
+    _In_ SIZE_T ByteSize
+);
+typedef MINCRYPT_ALLOCATE_ROUTINE* PMINCRYPT_ALLOCATE_ROUTINE;
+
+NTSTATUS
+DomitoCiGetCertPublisherName(
+    _In_ MINCERT_BLOB* Certificate,
+    _In_ PMINCRYPT_ALLOCATE_ROUTINE AllocateRoutine,
+    _Out_ PUNICODE_STRING PublisherName
+);
+
+VOID
+DomitoCiSetTrustedOriginClaimId(
+    _In_ UINT32 ClaimId
+);
+
+_Success_(return == STATUS_SUCCESS)
+_Must_inspect_result_
+_IRQL_requires_max_(PASSIVE_LEVEL)
+NTSTATUS
+DomitoCiValidateFileObject(
+    _In_ FILE_OBJECT* FileObject,
+    _In_opt_ UINT32 Unkonwn1,
+    _In_opt_ UINT32 Unkonwn2,
+    _Out_ MINCRYPT_POLICY_INFO* PolicyInfo,
+    _Out_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo,
+    _Out_ LARGE_INTEGER* SigningTime,
+    _Out_ UINT8* Hash,
+    _Inout_ UINT32* HashSize,
+    _Out_ ALG_ID* HashAlgId
+);
+
+
 /********************************************************************************
 * Library functions                                                            *
 ********************************************************************************/