Populated DomitoInit
This commit is contained in:
parent
24bec1ffea
commit
ccc04f5b93
@ -3,6 +3,27 @@
|
||||
#include <Domito.MinCrypt.h>
|
||||
|
||||
|
||||
/* ___
|
||||
* / __|___ _ __ _ __ ___ _ _
|
||||
* | (__/ _ \ ' \| ' \/ _ \ ' \
|
||||
* \___\___/_|_|_|_|_|_\___/_||_|
|
||||
*
|
||||
*/
|
||||
|
||||
//
|
||||
// Library initialization tasks. Call one in your DriverEntry
|
||||
//
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
EXTERN_C
|
||||
void
|
||||
DomitoInit();
|
||||
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
EXTERN_C
|
||||
void
|
||||
DomitoShutdown();
|
||||
|
||||
|
||||
/* __ __ __ __ _
|
||||
* | \/ |___ _ __ ___ _ _ _ _ | \/ |__ _ _ _ __ _ __ _ ___ _ __ ___ _ _| |_
|
||||
* | |\/| / -_) ' \/ _ \ '_| || | | |\/| / _` | ' \/ _` / _` / -_) ' \/ -_) ' \ _|
|
||||
|
||||
@ -10,6 +10,61 @@
|
||||
|
||||
static QUERY_INFO_PROCESS ZwQueryInformationProcess;
|
||||
|
||||
static STRING G_FN_CiFreePolicyInfo = RTL_CONSTANT_STRING("CiFreePolicyInfo");
|
||||
static STRING G_FN_CiCheckSignedFile = RTL_CONSTANT_STRING("CiCheckSignedFile");
|
||||
static STRING G_FN_CiVerifyHashInCatalog = RTL_CONSTANT_STRING("CiVerifyHashInCatalog");
|
||||
static STRING G_FN_CiGetCertPublisherName = RTL_CONSTANT_STRING("CiGetCertPublisherName");
|
||||
static STRING G_FN_CiSetTrustedOriginClaimId = RTL_CONSTANT_STRING("CiSetTrustedOriginClaimId");
|
||||
static STRING G_FN_CiValidateFileObject = RTL_CONSTANT_STRING("CiValidateFileObject");
|
||||
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
void
|
||||
DomitoInit()
|
||||
{
|
||||
const STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll");
|
||||
PVOID driverBaseAddress = NULL, functionAddress = NULL;
|
||||
|
||||
if (NT_SUCCESS(DomitoFindModuleBaseAddress(ciModuleName, &driverBaseAddress)))
|
||||
{
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiFreePolicyInfo, &functionAddress)))
|
||||
{
|
||||
G_CI.CiFreePolicyInfo = (t_CiFreePolicyInfo)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiCheckSignedFile, &functionAddress)))
|
||||
{
|
||||
G_CI.CiCheckSignedFile = (t_CiCheckSignedFile)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiVerifyHashInCatalog, &functionAddress)))
|
||||
{
|
||||
G_CI.CiVerifyHashInCatalog = (t_CiVerifyHashInCatalog)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiGetCertPublisherName, &functionAddress)))
|
||||
{
|
||||
G_CI.CiGetCertPublisherName = (t_CiGetCertPublisherName)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiSetTrustedOriginClaimId, &functionAddress)))
|
||||
{
|
||||
G_CI.CiSetTrustedOriginClaimId = (t_CiSetTrustedOriginClaimId)functionAddress;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(DomitoFindExportedFunctionAddress(driverBaseAddress, G_FN_CiValidateFileObject, &functionAddress)))
|
||||
{
|
||||
G_CI.CiValidateFileObject = (t_CiValidateFileObject)functionAddress;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
void
|
||||
DomitoShutdown()
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
|
||||
_Success_(return == STATUS_SUCCESS)
|
||||
_Must_inspect_result_
|
||||
|
||||
Loading…
Reference in New Issue
Block a user