nefarius/Domito
1
0
Fork 0
Code Issues Activity

Populated DomitoInit

Browse Source
This commit is contained in:
Benjamin Höglinger-Stelzer 2023-07-02 19:51:44 +02:00
parent 24bec1ffea
commit ccc04f5b93
2 changed files with 76 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
include/Domito.h
View File

@ -3,6 +3,27 @@
#include <Domito.MinCrypt.h> #include <Domito.MinCrypt.h>
/* ___
* / __|___ _ __ _ __ ___ _ _
* | (__/ _ \ ' \| ' \/ _ \ ' \
* \___\___/_|_|_|_|_|_\___/_||_|
*
*/
//
// Library initialization tasks. Call one in your DriverEntry
//
_IRQL_requires_max_(PASSIVE_LEVEL)
EXTERN_C
void
DomitoInit();
_IRQL_requires_max_(PASSIVE_LEVEL)
EXTERN_C
void
DomitoShutdown();
/* __ __ __ __ _ /* __ __ __ __ _
* | \/ |___ _ __ ___ _ _ _ _ | \/ |__ _ _ _ __ _ __ _ ___ _ __ ___ _ _| |_ * | \/ |___ _ __ ___ _ _ _ _ | \/ |__ _ _ _ __ _ __ _ ___ _ __ ___ _ _| |_
* | |\/| / -_) ' \/ _ \ '_| || | | |\/| / _` | ' \/ _` / _` / -_) ' \/ -_) ' \ _| * | |\/| / -_) ' \/ _ \ '_| || | | |\/| / _` | ' \/ _` / _` / -_) ' \/ -_) ' \ _|

55
src/Domito.cpp
View File

@ -10,6 +10,61 @@
static QUERY_INFO_PROCESS ZwQueryInformationProcess; static QUERY_INFO_PROCESS ZwQueryInformationProcess;
static STRING G_FN_CiFreePolicyInfo = RTL_CONSTANT_STRING("CiFreePolicyInfo");
static STRING G_FN_CiCheckSignedFile = RTL_CONSTANT_STRING("CiCheckSignedFile");
static STRING G_FN_CiVerifyHashInCatalog = RTL_CONSTANT_STRING("CiVerifyHashInCatalog");
static STRING G_FN_CiGetCertPublisherName = RTL_CONSTANT_STRING("CiGetCertPublisherName");
static STRING G_FN_CiSetTrustedOriginClaimId = RTL_CONSTANT_STRING("CiSetTrustedOriginClaimId");
static STRING G_FN_CiValidateFileObject = RTL_CONSTANT_STRING("CiValidateFileObject");
_IRQL_requires_max_(PASSIVE_LEVEL)
void
DomitoInit()
{
const STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll");
PVOID driverBaseAddress = NULL, functionAddress = NULL;
if (NT_SUCCESS(DomitoFindModuleBaseAddress(ciModuleName, &driverBaseAddress)))
{
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiFreePolicyInfo, &functionAddress)))
{
G_CI.CiFreePolicyInfo = (t_CiFreePolicyInfo)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiCheckSignedFile, &functionAddress)))
{
G_CI.CiCheckSignedFile = (t_CiCheckSignedFile)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiVerifyHashInCatalog, &functionAddress)))
{
G_CI.CiVerifyHashInCatalog = (t_CiVerifyHashInCatalog)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiGetCertPublisherName, &functionAddress)))
{
G_CI.CiGetCertPublisherName = (t_CiGetCertPublisherName)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiSetTrustedOriginClaimId, &functionAddress)))
{
G_CI.CiSetTrustedOriginClaimId = (t_CiSetTrustedOriginClaimId)functionAddress;
}
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiValidateFileObject, &functionAddress)))
{
G_CI.CiValidateFileObject = (t_CiValidateFileObject)functionAddress;
}
}
}
_IRQL_requires_max_(PASSIVE_LEVEL)
void
DomitoShutdown()
{
}
_Success_(return == STATUS_SUCCESS) _Success_(return == STATUS_SUCCESS)
_Must_inspect_result_ _Must_inspect_result_