Started splitting code into more modular forms

src/Domito.Internal.h

@@ -0,0 +1,120 @@
+/*  ___     _                     _   _                     
+ * |_ _|_ _| |_ ___ _ _ _ _  __ _| | | |_ _  _ _ __  ___ ___
+ *  | || ' \  _/ -_) '_| ' \/ _` | | |  _| || | '_ \/ -_|_-<
+ * |___|_||_\__\___|_| |_||_\__,_|_|  \__|\_, | .__/\___/__/
+ *                                        |__/|_|           
+ */
+
+#pragma once
+
+#include <ntifs.h>
+#include <ntintsafe.h>
+#include <ntimage.h>
+#include <bcrypt.h>
+
+#include "Domito.h"
+#include "Domito.MinCrypt.h"
+
+
+/*  _  _ _   ___  _ _       _        
+ * | \| | |_|   \| | |  ___| |_ __   
+ * | .` |  _| |) | | | / -_)  _/ _|_ 
+ * |_|\_|\__|___/|_|_| \___|\__\__(_)
+ *                                   
+ */
+
+ // Structure representing a loaded module
+typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY
+{
+    PVOID Unknown1;
+    PVOID Unknown2;
+    PVOID Base;
+    ULONG Size;
+    ULONG Flags;
+    USHORT Index;
+    USHORT NameLength;
+    USHORT LoadCount;
+    USHORT PathLength;
+    CHAR ImageName[256];
+} SYSTEM_MODULE_INFORMATION_ENTRY, * PSYSTEM_MODULE_INFORMATION_ENTRY;
+
+// Structure representing the loaded module information
+typedef struct _SYSTEM_MODULE_INFORMATION
+{
+    ULONG Count;
+    SYSTEM_MODULE_INFORMATION_ENTRY Module[ANYSIZE_ARRAY];
+} SYSTEM_MODULE_INFORMATION, * PSYSTEM_MODULE_INFORMATION;
+
+// Function prototype for ZwQuerySystemInformation
+NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(
+    ULONG SystemInformationClass,
+    PVOID SystemInformation,
+    ULONG SystemInformationLength,
+    PULONG ReturnLength
+);
+
+typedef struct _LDR_DATA_TABLE_ENTRY
+{
+    LIST_ENTRY64 InLoadOrderLinks;
+    PVOID ExceptionTable;
+    ULONG ExceptionTableSize;
+    PVOID GpValue;
+    PVOID NonPagedDebugInfo;
+    PVOID ImageBase;
+    PVOID EntryPoint;
+    ULONG SizeOfImage;
+    UNICODE_STRING FullImageName;
+    UNICODE_STRING BaseImageName;
+    ULONG Flags;
+    USHORT LoadCount;
+    USHORT TlsIndex;
+    LIST_ENTRY64 HashLinks;
+    PVOID SectionPointer;
+    ULONG CheckSum;
+    ULONG TimeDateStamp;
+    PVOID LoadedImports;
+    PVOID EntryPointActivationContext;
+    PVOID PatchInformation;
+} LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;
+
+typedef PVOID(NTAPI* t_RtlImageDirectoryEntryToData)(
+    IN PVOID Base,
+    IN BOOLEAN MappedAsImage,
+    IN USHORT DirectoryEntry,
+    OUT PULONG Size
+    );
+
+typedef NTSTATUS(*QUERY_INFO_PROCESS) (
+    __in HANDLE ProcessHandle,
+    __in PROCESSINFOCLASS ProcessInformationClass,
+    __out_bcount(ProcessInformationLength) PVOID ProcessInformation,
+    __in ULONG ProcessInformationLength,
+    __out_opt PULONG ReturnLength
+    );
+
+/*  __  __                          __  __                                       _   
+ * |  \/  |___ _ __  ___ _ _ _  _  |  \/  |__ _ _ _  __ _ __ _ ___ _ __  ___ _ _| |_ 
+ * | |\/| / -_) '  \/ _ \ '_| || | | |\/| / _` | ' \/ _` / _` / -_) '  \/ -_) ' \  _|
+ * |_|  |_\___|_|_|_\___/_|  \_, | |_|  |_\__,_|_||_\__,_\__, \___|_|_|_\___|_||_\__|
+ *                           |__/                        |___/                       
+ */
+
+//
+// Default pool tag
+// 
+#define DOMITO_POOL_TAG     'imoD'
+
+//
+// Function pointers for malloc/free variants
+// 
+typedef struct
+{
+    PFN_DOMITO_ALLOCATE_ROUTINE Allocate;
+
+    PFN_DOMITO_FREE_ROUTINE Free;
+} DOMITO_MEMORY;
+
+//
+// Global instance, individual field can be adjusted by the caller
+// 
+extern DOMITO_MEMORY G_Memory;