diff --git a/include/Domito.h b/include/Domito.h index a5beacb..de04657 100644 --- a/include/Domito.h +++ b/include/Domito.h @@ -162,6 +162,61 @@ DOMITO_CALG_TO_BCRYPT_ALGORITHM( } +/* ___ _ ___ _ _ _ + * / __|___ __| |___ |_ _|_ _| |_ ___ __ _ _ _(_) |_ _ _ + * | (__/ _ \/ _` / -_) | || ' \ _/ -_) _` | '_| | _| || | + * \___\___/\__,_\___| |___|_||_\__\___\__, |_| |_|\__|\_, | + * |___/ |__/ + */ + +// +// Extracts the CALG_ID from a signed PE that was used to +// calculate the message digest when it was signed +// +_IRQL_requires_max_(DISPATCH_LEVEL) +EXTERN_C +UINT32 +DomitoGetPortableExecutableDigestKind( + _In_ PUCHAR pPeBytes, + _In_ PIMAGE_DATA_DIRECTORY pImgDataDirectory +); + +// +// Extracts Authenticode signing information and calculates the file digest of a PE file. +// +_Success_(return == STATUS_SUCCESS) +_Must_inspect_result_ +_IRQL_requires_max_(PASSIVE_LEVEL) +EXTERN_C +NTSTATUS +DomitoCalculatePortableExecutableDigest( + _In_ PUCHAR pPeBytes, + _In_ ULONG PeSize, + _Out_ PUINT32 pDigestCalgOut, + _Out_ PULONG pDigestSizeOut, + _Out_ PVOID* pDigestOut, + _Outptr_result_maybenull_ LPWIN_CERTIFICATE* pCertOut, + _Out_ PULONG pSizeOfSecurityDirectory +); + + +_Success_(return == STATUS_SUCCESS) +_Must_inspect_result_ +_IRQL_requires_max_(PASSIVE_LEVEL) +EXTERN_C +NTSTATUS +DomitoValidateFileLegacyMode( + _In_ HANDLE FileHandle, + _In_ PVOID Hash, + _In_ UINT32 HashSize, + _In_ ALG_ID HashAlgId, + _In_ const IMAGE_DATA_DIRECTORY* SecurityDirectory, + _Inout_ MINCRYPT_POLICY_INFO* PolicyInfo, + _Out_ LARGE_INTEGER* SigningTime, + _Inout_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo +); + + /******************************************************************************** * Library functions * ********************************************************************************/ @@ -210,18 +265,6 @@ DomitoMemorySearchPattern( _Outptr_result_maybenull_ PVOID* ppMatch ); -// -// Extracts the CALG_ID from a signed PE that was used to -// calculate the message digest when it was signed -// -_IRQL_requires_max_(DISPATCH_LEVEL) -EXTERN_C -UINT32 -DomitoGetPortableExecutableDigestKind( - _In_ PUCHAR pPeBytes, - _In_ PIMAGE_DATA_DIRECTORY pImgDataDirectory -); - // // Reads from the beginning of a file until the end or the buffer size is reached. // @@ -236,24 +279,6 @@ DomitoReadFile( _In_ ULONG BufferSize ); -// -// Extracts Authenticode signing information and calculates the file digest of a PE file. -// -_Success_(return == STATUS_SUCCESS) -_Must_inspect_result_ -_IRQL_requires_max_(PASSIVE_LEVEL) -EXTERN_C -NTSTATUS -DomitoCalculatePortableExecutableDigest( - _In_ PUCHAR pPeBytes, - _In_ ULONG PeSize, - _Out_ PUINT32 pDigestCalgOut, - _Out_ PULONG pDigestSizeOut, - _Out_ PVOID* pDigestOut, - _Outptr_result_maybenull_ LPWIN_CERTIFICATE* pCertOut, - _Out_ PULONG pSizeOfSecurityDirectory -); - // // Gets the name of the main image of the process identified by PID. // @@ -266,19 +291,3 @@ DomitoGetProcessImageName( _In_ ULONG ProcessId, _Inout_ PUNICODE_STRING* ProcessImageName ); - -_Success_(return == STATUS_SUCCESS) -_Must_inspect_result_ -_IRQL_requires_max_(PASSIVE_LEVEL) -EXTERN_C -NTSTATUS -DomitoValidateFileLegacyMode( - _In_ HANDLE FileHandle, - _In_ PVOID Hash, - _In_ UINT32 HashSize, - _In_ ALG_ID HashAlgId, - _In_ const IMAGE_DATA_DIRECTORY* SecurityDirectory, - _Inout_ MINCRYPT_POLICY_INFO* PolicyInfo, - _Out_ LARGE_INTEGER* SigningTime, - _Inout_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo -);