nefarius/Domito
1
0
Fork 0
Code Issues 1 Activity

Reworked CI code to resolve during runtime

Browse Source
This commit is contained in:
Benjamin Höglinger-Stelzer
2023-07-02 19:35:01 +02:00
parent b3b10a26eb
commit 24bec1ffea
5 changed files with 330 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Domito.CodeIntegrity.cpp
+17 -9
View File
@@ -1,13 +1,15 @@
/* ___ _ ___ _ _ _
* / __|___ __| |___ |_ _|_ _| |_ ___ __ _ _ _(_) |_ _ _
/* ___ _ ___ _ _ _
* / __|___ __| |___ |_ _|_ _| |_ ___ __ _ _ _(_) |_ _ _
* | (__/ _ \/ _` / -_) | || ' \ _/ -_) _` | '_| | _| || |
* \___\___/\__,_\___| |___|_||_\__\___\__, |_| |_|\__|\_, |
* |___/ |__/
* |___/ |__/
*/
#include "Domito.Internal.h"
#include "Domito.MinCrypt.h"
DOMITO_CODE_INTEGRITY G_CI = {};
_IRQL_requires_max_(DISPATCH_LEVEL)
UINT32
@@ -372,12 +374,18 @@ DomitoValidateFileLegacyMode(
do
{
if (!G_CI.CiFreePolicyInfo || !G_CI.CiCheckSignedFile || !G_CI.CiVerifyHashInCatalog)
{
status = STATUS_NOT_IMPLEMENTED;
break;
}
SigningTime->QuadPart = 0;
CiFreePolicyInfo(PolicyInfo);
CiFreePolicyInfo(TimeStampPolicyInfo);
G_CI.CiFreePolicyInfo(PolicyInfo);
G_CI.CiFreePolicyInfo(TimeStampPolicyInfo);
if (HashSize != MINCRYPT_SHA1_LENGTH)
if (HashSize != MINCRYPT_SHA1_LENGTH && HashSize != MINCRYPT_SHA256_LENGTH)
{
status = STATUS_INVALID_IMAGE_HASH;
break;
@@ -429,7 +437,7 @@ DomitoValidateFileLegacyMode(
KeStackAttachProcess(PsInitialSystemProcess, &systemContext);
{
status = CiCheckSignedFile(
status = G_CI.CiCheckSignedFile(
Hash,
HashSize,
HashAlgId,
@@ -455,7 +463,7 @@ DomitoValidateFileLegacyMode(
KeStackAttachProcess(PsInitialSystemProcess, &systemContext);
{
status = CiVerifyHashInCatalog(
status = G_CI.CiVerifyHashInCatalog(
Hash,
HashSize,
HashAlgId,
@@ -470,7 +478,7 @@ DomitoValidateFileLegacyMode(
if (status == STATUS_INVALID_IMAGE_HASH)
{
status = CiVerifyHashInCatalog(
status = G_CI.CiVerifyHashInCatalog(
Hash,
HashSize,
HashAlgId,