Replaced passing allocator to functions with library global memory management support types

2023-07-01 16:33:13 +02:00
parent 0df66bdea2
commit 5541c05d1d
4 changed files with 154 additions and 33 deletions
--- a/include/Domito.h
+++ b/include/Domito.h
@ -4,16 +4,16 @@


 /********************************************************************************
- * Memory management, misc.                                                     *
+ * Memory management                                                            *
 ********************************************************************************/

- //
- // Custom allocator for function that allocate pool memory.
- // 
+//
+// Allocator function the library uses.
+// 
 typedef
 _IRQL_requires_same_
 _Function_class_(EVT_DOMITO_ALLOCATE_ROUTINE)
-__drv_allocatesMem(Mem)
+__drv_allocatesMem(mem)
 PVOID
 NTAPI
 EVT_DOMITO_ALLOCATE_ROUTINE(
@ -21,6 +21,48 @@ EVT_DOMITO_ALLOCATE_ROUTINE(
 );
 typedef EVT_DOMITO_ALLOCATE_ROUTINE* PFN_DOMITO_ALLOCATE_ROUTINE;

+//
+// Freeing function the library uses.
+// 
+typedef
+_IRQL_requires_same_
+_Function_class_(EVT_DOMITO_FREE_ROUTINE)
+void
+NTAPI
+EVT_DOMITO_FREE_ROUTINE(
+    _In_ __drv_freesMem(mem) PVOID Memory
+);
+typedef EVT_DOMITO_FREE_ROUTINE* PFN_DOMITO_FREE_ROUTINE;
+
+//
+// Get the original set of Domito memory functions.
+// 
+EXTERN_C
+void
+DomitoGetOriginalMemoryFunctions(
+    _Out_opt_ PFN_DOMITO_ALLOCATE_ROUTINE* Allocator,
+    _Out_opt_ PFN_DOMITO_FREE_ROUTINE* Free
+);
+
+//
+// Get the current set of Domito memory functions.
+//  
+EXTERN_C
+void
+DomitoGetMemoryFunctions(
+    _Out_opt_ PFN_DOMITO_ALLOCATE_ROUTINE* Allocator,
+    _Out_opt_ PFN_DOMITO_FREE_ROUTINE* Free
+);
+
+//
+//  Replace Domito's memory allocation functions with a custom set
+EXTERN_C
+void
+DomitoSetMemoryFunctions(
+    _In_opt_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
+    _In_opt_ PFN_DOMITO_FREE_ROUTINE Free
+);
+

 /********************************************************************************
 * Cryptography                                                                 *
@ -104,7 +146,6 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
 EXTERN_C
 NTSTATUS
 DomitoFindModuleBaseAddress(
-    _In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
    _In_ STRING ModuleName,
    _Inout_opt_ PVOID* ModuleBase
 );
@ -175,7 +216,6 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
 EXTERN_C
 NTSTATUS
 DomitoCalculatePortableExecutableDigest(
-    _In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
    _In_ PUCHAR pPeBytes,
    _In_ ULONG PeSize,
    _Out_ PUINT32 pDigestCalgOut,
@ -194,7 +234,6 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
 EXTERN_C
 NTSTATUS
 DomitoGetProcessImageName(
-    _In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
    _In_ ULONG ProcessId,
    _Inout_ PUNICODE_STRING* ProcessImageName
 );
@ -205,7 +244,6 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
 EXTERN_C
 NTSTATUS
 DomitoValidateFileLegacyMode(
-    _In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
    _In_ HANDLE FileHandle,
    _In_ PVOID Hash,
    _In_ UINT32 HashSize,