diff --git a/include/Domito.h b/include/Domito.h index bfa97a9..0490f27 100644 --- a/include/Domito.h +++ b/include/Domito.h @@ -266,7 +266,7 @@ _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C NTSTATUS DomitoFindModuleBaseAddress( - _In_ STRING ModuleName, + _In_ PANSI_STRING ModuleName, _Inout_opt_ PVOID* ModuleBase ); @@ -280,7 +280,7 @@ EXTERN_C NTSTATUS DomitoFindExportedFunctionAddress( _In_ PVOID ModuleBase, - _In_ STRING FunctionName, + _In_ PANSI_STRING FunctionName, _Inout_opt_ PVOID* FunctionAddress ); diff --git a/src/Domito.cpp b/src/Domito.cpp index 1a113c6..bf2d847 100644 --- a/src/Domito.cpp +++ b/src/Domito.cpp @@ -36,37 +36,37 @@ DomitoInit() G_Common.RtlImageDirectoryEntryToData = (t_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_IdetdRoutineName); - const STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll"); + STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll"); PVOID driverBaseAddress = NULL, functionAddress = NULL; - if (NT_SUCCESS(DomitoFindModuleBaseAddress(ciModuleName, &driverBaseAddress))) + if (NT_SUCCESS(DomitoFindModuleBaseAddress(&ciModuleName, &driverBaseAddress))) { - if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiFreePolicyInfo, &functionAddress))) + if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiFreePolicyInfo, &functionAddress))) { G_CI.CiFreePolicyInfo = (t_CiFreePolicyInfo)functionAddress; } - if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiCheckSignedFile, &functionAddress))) + if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiCheckSignedFile, &functionAddress))) { G_CI.CiCheckSignedFile = (t_CiCheckSignedFile)functionAddress; } - if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiVerifyHashInCatalog, &functionAddress))) + if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiVerifyHashInCatalog, &functionAddress))) { G_CI.CiVerifyHashInCatalog = (t_CiVerifyHashInCatalog)functionAddress; } - if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiGetCertPublisherName, &functionAddress))) + if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiGetCertPublisherName, &functionAddress))) { G_CI.CiGetCertPublisherName = (t_CiGetCertPublisherName)functionAddress; } - if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiSetTrustedOriginClaimId, &functionAddress))) + if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiSetTrustedOriginClaimId, &functionAddress))) { G_CI.CiSetTrustedOriginClaimId = (t_CiSetTrustedOriginClaimId)functionAddress; } - if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiValidateFileObject, &functionAddress))) + if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiValidateFileObject, &functionAddress))) { G_CI.CiValidateFileObject = (t_CiValidateFileObject)functionAddress; } @@ -88,7 +88,7 @@ _Must_inspect_result_ _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS DomitoFindModuleBaseAddress( - _In_ STRING ModuleName, + _In_ PANSI_STRING ModuleName, _Inout_opt_ PVOID * ModuleBase ) { @@ -142,7 +142,7 @@ DomitoFindModuleBaseAddress( { RtlInitAnsiString(¤tImageName, moduleInfo->Module[i].ImageName); - if (0 == RtlCompareString(&ModuleName, ¤tImageName, TRUE)) + if (0 == RtlCompareString(ModuleName, ¤tImageName, TRUE)) { status = STATUS_SUCCESS; @@ -166,7 +166,7 @@ _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS DomitoFindExportedFunctionAddress( _In_ PVOID ModuleBase, - _In_ STRING FunctionName, + _In_ PANSI_STRING FunctionName, _Inout_opt_ PVOID * FunctionAddress ) { @@ -208,7 +208,7 @@ DomitoFindExportedFunctionAddress( RtlInitAnsiString(¤tFunctionName, functionName); - if (0 == RtlCompareString(&FunctionName, ¤tFunctionName, TRUE)) + if (0 == RtlCompareString(FunctionName, ¤tFunctionName, TRUE)) { if (FunctionAddress) {