nefarius/Domito
1
0
Fork 0
Code Issues 1 Activity

Added DomitoValidateFileLegacyMode

Browse Source
This commit is contained in:
Benjamin Höglinger-Stelzer
2023-07-01 07:03:25 +02:00
parent c3b0116581
commit ad92db405c
2 changed files with 178 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
include/Domito.h
View File

@ -30,12 +30,13 @@ typedef EVT_DOMITO_ALLOCATE_ROUTINE* PFN_DOMITO_ALLOCATE_ROUTINE;
// This structure encapsulates a signature used in verifying executable files.
//
#if !defined(WIN_CERTIFICATE)
typedef struct _WIN_CERTIFICATE {
typedef struct _WIN_CERTIFICATE
{
DWORD dwLength;
WORD wRevision;
WORD wCertificateType;
BYTE bCertificate[ANYSIZE_ARRAY];
} WIN_CERTIFICATE, * LPWIN_CERTIFICATE;
WORD wRevision;
WORD wCertificateType;
BYTE bCertificate[ANYSIZE_ARRAY];
} WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
#endif
//
@ -103,9 +104,9 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
EXTERN_C
NTSTATUS
DomitoFindModuleBaseAddress(
_In_ STRING ModuleName,
_In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
_Inout_opt_ PVOID * ModuleBase
_In_ STRING ModuleName,
_Inout_opt_ PVOID* ModuleBase
);
//
@ -119,7 +120,7 @@ NTSTATUS
DomitoFindExportedFunctionAddress(
_In_ PVOID ModuleBase,
_In_ STRING FunctionName,
_Inout_opt_ PVOID * FunctionAddress
_Inout_opt_ PVOID* FunctionAddress
);
//
@ -136,7 +137,7 @@ DomitoMemorySearchPattern(
_In_ SIZE_T puLen,
_In_ PVOID pcBase,
_In_ SIZE_T puSize,
_Outptr_result_maybenull_ PVOID * ppMatch
_Outptr_result_maybenull_ PVOID* ppMatch
);
//
@ -197,3 +198,20 @@ DomitoGetProcessImageName(
_In_ ULONG ProcessId,
_Inout_ PUNICODE_STRING* ProcessImageName
);
_Success_(return == STATUS_SUCCESS)
_Must_inspect_result_
_IRQL_requires_max_(PASSIVE_LEVEL)
EXTERN_C
NTSTATUS
DomitoValidateFileLegacyMode(
_In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
_In_ HANDLE FileHandle,
_In_ PVOID Hash,
_In_ UINT32 HashSize,
_In_ ALG_ID HashAlgId,
_In_ const IMAGE_DATA_DIRECTORY* SecurityDirectory,
_Inout_ MINCRYPT_POLICY_INFO* PolicyInfo,
_Out_ LARGE_INTEGER* SigningTime,
_Inout_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo
);