nefarius/Domito
1
0
Fork 0
Code Issues Activity

Unified function argument types

Browse Source
This commit is contained in:
Benjamin Höglinger-Stelzer 2023-07-03 01:57:37 +02:00
parent 7fc654769e
commit 2fbc08e22d
2 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/Domito.h
View File

@ -266,7 +266,7 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
EXTERN_C
NTSTATUS
DomitoFindModuleBaseAddress(
_In_ STRING ModuleName,
_In_ PANSI_STRING ModuleName,
_Inout_opt_ PVOID* ModuleBase
);
@ -280,7 +280,7 @@ EXTERN_C
NTSTATUS
DomitoFindExportedFunctionAddress(
_In_ PVOID ModuleBase,
_In_ STRING FunctionName,
_In_ PANSI_STRING FunctionName,
_Inout_opt_ PVOID* FunctionAddress
);

24
src/Domito.cpp
View File

@ -36,37 +36,37 @@ DomitoInit()
G_Common.RtlImageDirectoryEntryToData =
(t_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_IdetdRoutineName);
const STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll");
STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll");
PVOID driverBaseAddress = NULL, functionAddress = NULL;
if (NT_SUCCESS(DomitoFindModuleBaseAddress(ciModuleName, &driverBaseAddress)))
if (NT_SUCCESS(DomitoFindModuleBaseAddress(&ciModuleName, &driverBaseAddress)))
{
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiFreePolicyInfo, &functionAddress)))
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiFreePolicyInfo, &functionAddress)))
{
G_CI.CiFreePolicyInfo = (t_CiFreePolicyInfo)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiCheckSignedFile, &functionAddress)))
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiCheckSignedFile, &functionAddress)))
{
G_CI.CiCheckSignedFile = (t_CiCheckSignedFile)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiVerifyHashInCatalog, &functionAddress)))
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiVerifyHashInCatalog, &functionAddress)))
{
G_CI.CiVerifyHashInCatalog = (t_CiVerifyHashInCatalog)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiGetCertPublisherName, &functionAddress)))
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiGetCertPublisherName, &functionAddress)))
{
G_CI.CiGetCertPublisherName = (t_CiGetCertPublisherName)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiSetTrustedOriginClaimId, &functionAddress)))
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiSetTrustedOriginClaimId, &functionAddress)))
{
G_CI.CiSetTrustedOriginClaimId = (t_CiSetTrustedOriginClaimId)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiValidateFileObject, &functionAddress)))
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiValidateFileObject, &functionAddress)))
{
G_CI.CiValidateFileObject = (t_CiValidateFileObject)functionAddress;
}
@ -88,7 +88,7 @@ _Must_inspect_result_
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
DomitoFindModuleBaseAddress(
_In_ STRING ModuleName,
_In_ PANSI_STRING ModuleName,
_Inout_opt_ PVOID * ModuleBase
)
{
@ -142,7 +142,7 @@ DomitoFindModuleBaseAddress(
{
RtlInitAnsiString(&currentImageName, moduleInfo->Module[i].ImageName);
if (0 == RtlCompareString(&ModuleName, &currentImageName, TRUE))
if (0 == RtlCompareString(ModuleName, &currentImageName, TRUE))
{
status = STATUS_SUCCESS;
@ -166,7 +166,7 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
DomitoFindExportedFunctionAddress(
_In_ PVOID ModuleBase,
_In_ STRING FunctionName,
_In_ PANSI_STRING FunctionName,
_Inout_opt_ PVOID * FunctionAddress
)
{
@ -208,7 +208,7 @@ DomitoFindExportedFunctionAddress(
RtlInitAnsiString(&currentFunctionName, functionName);
if (0 == RtlCompareString(&FunctionName, &currentFunctionName, TRUE))
if (0 == RtlCompareString(FunctionName, &currentFunctionName, TRUE))
{
if (FunctionAddress)
{