Exposed custom allocator callback

include/Domito.h

@@ -64,16 +64,19 @@ typedef PVOID(NTAPI* t_RtlImageDirectoryEntryToData)(
 
 typedef
 _IRQL_requires_same_
-_Function_class_(DOMITO_ALLOCATE_ROUTINE)
+_Function_class_(EVT_DOMITO_ALLOCATE_ROUTINE)
 __drv_allocatesMem(Mem)
 PVOID
 NTAPI
-DOMITO_ALLOCATE_ROUTINE(
+EVT_DOMITO_ALLOCATE_ROUTINE(
 	_In_ SIZE_T ByteSize
 );
-typedef DOMITO_ALLOCATE_ROUTINE* PDOMITO_ALLOCATE_ROUTINE;
+typedef EVT_DOMITO_ALLOCATE_ROUTINE* PFN_DOMITO_ALLOCATE_ROUTINE;
 
 
+// 
+// Finds the base address of a driver module
+// 
 _Success_(return == STATUS_SUCCESS)
 _Must_inspect_result_
 _IRQL_requires_max_(PASSIVE_LEVEL)
@@ -81,9 +84,13 @@ EXTERN_C
 NTSTATUS
 DomitoFindDriverBaseAddress(
 	_In_ STRING ModuleName,
+	_In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
 	_Inout_opt_ PVOID * ModuleBase
 );
 
+//
+// Finds the address of an exported function by name
+// 
 _Success_(return == STATUS_SUCCESS)
 _Must_inspect_result_
 _IRQL_requires_max_(PASSIVE_LEVEL)

src/Domito.cpp

@@ -4,16 +4,14 @@
 #include "Domito.h"
 
 
-// 
-// Finds the base address of a driver module
-// 
 _Success_(return == STATUS_SUCCESS)
 _Must_inspect_result_
 _IRQL_requires_max_(PASSIVE_LEVEL)
 NTSTATUS
 DomitoFindDriverBaseAddress(
 	_In_ STRING ModuleName,
-    _Inout_opt_ PVOID* ModuleBase
+	_In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
+	_Inout_opt_ PVOID * ModuleBase
 )
 {
 	ULONG bufferSize = 0;
@@ -36,10 +34,8 @@ DomitoFindDriverBaseAddress(
 
 #pragma warning(disable:4996)
 	// Allocate memory for the module information
-    moduleInfo = (PSYSTEM_MODULE_INFORMATION)ExAllocatePoolWithTag(
+	moduleInfo = (PSYSTEM_MODULE_INFORMATION)Allocator(
-        NonPagedPool,
+		bufferSize
-        bufferSize,
-        'looP'
 	);
 #pragma warning(default:4996)
 
@@ -94,7 +90,7 @@ NTSTATUS
 DomitoFindExportedFunctionAddress(
 	_In_ PVOID ModuleBase,
 	_In_ STRING FunctionName,
-    _Inout_opt_ PVOID* FunctionAddress
+	_Inout_opt_ PVOID * FunctionAddress
 )
 {
 	NTSTATUS status = STATUS_NOT_FOUND;