Simplified init procedure
This commit is contained in:
parent
1afdd90b4e
commit
aa77523f3a
@ -20,6 +20,10 @@ static STRING G_FN_CiValidateFileObject = RTL_CONSTANT_STRING("CiValidateFileObj
|
||||
DECLARE_GLOBAL_CONST_UNICODE_STRING(G_QipRoutineName, L"ZwQueryInformationProcess");
|
||||
DECLARE_GLOBAL_CONST_UNICODE_STRING(G_IdetdRoutineName, L"RtlImageDirectoryEntryToData");
|
||||
|
||||
#ifndef LOG
|
||||
#define LOG(Format, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, "[Domito][" __FUNCTION__ "] " Format " \n", __VA_ARGS__)
|
||||
#endif
|
||||
|
||||
|
||||
_Success_(return == STATUS_SUCCESS)
|
||||
_Must_inspect_result_
|
||||
@ -37,39 +41,22 @@ DomitoInit()
|
||||
(t_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_IdetdRoutineName);
|
||||
|
||||
STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll");
|
||||
PVOID driverBaseAddress = NULL, functionAddress = NULL;
|
||||
PVOID driverBaseAddress = NULL;
|
||||
|
||||
if (NT_SUCCESS(DomitoFindModuleBaseAddress(&ciModuleName, &driverBaseAddress)))
|
||||
{
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiFreePolicyInfo, &functionAddress)))
|
||||
{
|
||||
G_CI.CiFreePolicyInfo = (t_CiFreePolicyInfo)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiCheckSignedFile, &functionAddress)))
|
||||
{
|
||||
G_CI.CiCheckSignedFile = (t_CiCheckSignedFile)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiVerifyHashInCatalog, &functionAddress)))
|
||||
{
|
||||
G_CI.CiVerifyHashInCatalog = (t_CiVerifyHashInCatalog)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiGetCertPublisherName, &functionAddress)))
|
||||
{
|
||||
G_CI.CiGetCertPublisherName = (t_CiGetCertPublisherName)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiSetTrustedOriginClaimId, &functionAddress)))
|
||||
{
|
||||
G_CI.CiSetTrustedOriginClaimId = (t_CiSetTrustedOriginClaimId)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiValidateFileObject, &functionAddress)))
|
||||
{
|
||||
G_CI.CiValidateFileObject = (t_CiValidateFileObject)functionAddress;
|
||||
}
|
||||
DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiFreePolicyInfo, (void**)&G_CI.CiFreePolicyInfo);
|
||||
LOG("CiFreePolicyInfo = 0x%p", G_CI.CiFreePolicyInfo);
|
||||
DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiCheckSignedFile, (void**)&G_CI.CiCheckSignedFile);
|
||||
LOG("CiCheckSignedFile = 0x%p", G_CI.CiCheckSignedFile);
|
||||
DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiVerifyHashInCatalog, (void**)&G_CI.CiVerifyHashInCatalog);
|
||||
LOG("CiVerifyHashInCatalog = 0x%p", G_CI.CiVerifyHashInCatalog);
|
||||
DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiGetCertPublisherName, (void**)&G_CI.CiGetCertPublisherName);
|
||||
LOG("CiGetCertPublisherName = 0x%p", G_CI.CiGetCertPublisherName);
|
||||
DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiSetTrustedOriginClaimId, (void**)&G_CI.CiSetTrustedOriginClaimId);
|
||||
LOG("CiSetTrustedOriginClaimId = 0x%p", G_CI.CiSetTrustedOriginClaimId);
|
||||
DomitoFindExportedFunctionAddress(driverBaseAddress, &G_FN_CiValidateFileObject, (void**)&G_CI.CiValidateFileObject);
|
||||
LOG("CiValidateFileObject = 0x%p", G_CI.CiValidateFileObject);
|
||||
}
|
||||
|
||||
return STATUS_SUCCESS; // TODO: unused currently
|
||||
|
||||
Loading…
Reference in New Issue
Block a user