Unified function argument types
This commit is contained in:
parent
7fc654769e
commit
2fbc08e22d
@ -266,7 +266,7 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
|
|||||||
EXTERN_C
|
EXTERN_C
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
DomitoFindModuleBaseAddress(
|
DomitoFindModuleBaseAddress(
|
||||||
_In_ STRING ModuleName,
|
_In_ PANSI_STRING ModuleName,
|
||||||
_Inout_opt_ PVOID* ModuleBase
|
_Inout_opt_ PVOID* ModuleBase
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -280,7 +280,7 @@ EXTERN_C
|
|||||||
NTSTATUS
|
NTSTATUS
|
||||||
DomitoFindExportedFunctionAddress(
|
DomitoFindExportedFunctionAddress(
|
||||||
_In_ PVOID ModuleBase,
|
_In_ PVOID ModuleBase,
|
||||||
_In_ STRING FunctionName,
|
_In_ PANSI_STRING FunctionName,
|
||||||
_Inout_opt_ PVOID* FunctionAddress
|
_Inout_opt_ PVOID* FunctionAddress
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|||||||
@ -36,37 +36,37 @@ DomitoInit()
|
|||||||
G_Common.RtlImageDirectoryEntryToData =
|
G_Common.RtlImageDirectoryEntryToData =
|
||||||
(t_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_IdetdRoutineName);
|
(t_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_IdetdRoutineName);
|
||||||
|
|
||||||
const STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll");
|
STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll");
|
||||||
PVOID driverBaseAddress = NULL, functionAddress = NULL;
|
PVOID driverBaseAddress = NULL, functionAddress = NULL;
|
||||||
|
|
||||||
if (NT_SUCCESS(DomitoFindModuleBaseAddress(ciModuleName, &driverBaseAddress)))
|
if (NT_SUCCESS(DomitoFindModuleBaseAddress(&ciModuleName, &driverBaseAddress)))
|
||||||
{
|
{
|
||||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiFreePolicyInfo, &functionAddress)))
|
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiFreePolicyInfo, &functionAddress)))
|
||||||
{
|
{
|
||||||
G_CI.CiFreePolicyInfo = (t_CiFreePolicyInfo)functionAddress;
|
G_CI.CiFreePolicyInfo = (t_CiFreePolicyInfo)functionAddress;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiCheckSignedFile, &functionAddress)))
|
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiCheckSignedFile, &functionAddress)))
|
||||||
{
|
{
|
||||||
G_CI.CiCheckSignedFile = (t_CiCheckSignedFile)functionAddress;
|
G_CI.CiCheckSignedFile = (t_CiCheckSignedFile)functionAddress;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiVerifyHashInCatalog, &functionAddress)))
|
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiVerifyHashInCatalog, &functionAddress)))
|
||||||
{
|
{
|
||||||
G_CI.CiVerifyHashInCatalog = (t_CiVerifyHashInCatalog)functionAddress;
|
G_CI.CiVerifyHashInCatalog = (t_CiVerifyHashInCatalog)functionAddress;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiGetCertPublisherName, &functionAddress)))
|
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiGetCertPublisherName, &functionAddress)))
|
||||||
{
|
{
|
||||||
G_CI.CiGetCertPublisherName = (t_CiGetCertPublisherName)functionAddress;
|
G_CI.CiGetCertPublisherName = (t_CiGetCertPublisherName)functionAddress;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiSetTrustedOriginClaimId, &functionAddress)))
|
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiSetTrustedOriginClaimId, &functionAddress)))
|
||||||
{
|
{
|
||||||
G_CI.CiSetTrustedOriginClaimId = (t_CiSetTrustedOriginClaimId)functionAddress;
|
G_CI.CiSetTrustedOriginClaimId = (t_CiSetTrustedOriginClaimId)functionAddress;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiValidateFileObject, &functionAddress)))
|
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiValidateFileObject, &functionAddress)))
|
||||||
{
|
{
|
||||||
G_CI.CiValidateFileObject = (t_CiValidateFileObject)functionAddress;
|
G_CI.CiValidateFileObject = (t_CiValidateFileObject)functionAddress;
|
||||||
}
|
}
|
||||||
@ -88,7 +88,7 @@ _Must_inspect_result_
|
|||||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
DomitoFindModuleBaseAddress(
|
DomitoFindModuleBaseAddress(
|
||||||
_In_ STRING ModuleName,
|
_In_ PANSI_STRING ModuleName,
|
||||||
_Inout_opt_ PVOID * ModuleBase
|
_Inout_opt_ PVOID * ModuleBase
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
@ -142,7 +142,7 @@ DomitoFindModuleBaseAddress(
|
|||||||
{
|
{
|
||||||
RtlInitAnsiString(¤tImageName, moduleInfo->Module[i].ImageName);
|
RtlInitAnsiString(¤tImageName, moduleInfo->Module[i].ImageName);
|
||||||
|
|
||||||
if (0 == RtlCompareString(&ModuleName, ¤tImageName, TRUE))
|
if (0 == RtlCompareString(ModuleName, ¤tImageName, TRUE))
|
||||||
{
|
{
|
||||||
status = STATUS_SUCCESS;
|
status = STATUS_SUCCESS;
|
||||||
|
|
||||||
@ -166,7 +166,7 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
|
|||||||
NTSTATUS
|
NTSTATUS
|
||||||
DomitoFindExportedFunctionAddress(
|
DomitoFindExportedFunctionAddress(
|
||||||
_In_ PVOID ModuleBase,
|
_In_ PVOID ModuleBase,
|
||||||
_In_ STRING FunctionName,
|
_In_ PANSI_STRING FunctionName,
|
||||||
_Inout_opt_ PVOID * FunctionAddress
|
_Inout_opt_ PVOID * FunctionAddress
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
@ -208,7 +208,7 @@ DomitoFindExportedFunctionAddress(
|
|||||||
|
|
||||||
RtlInitAnsiString(¤tFunctionName, functionName);
|
RtlInitAnsiString(¤tFunctionName, functionName);
|
||||||
|
|
||||||
if (0 == RtlCompareString(&FunctionName, ¤tFunctionName, TRUE))
|
if (0 == RtlCompareString(FunctionName, ¤tFunctionName, TRUE))
|
||||||
{
|
{
|
||||||
if (FunctionAddress)
|
if (FunctionAddress)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user