nefarius/Domito
1
0
Fork 0
Code Issues Activity

Update Domito.h

Browse Source
This commit is contained in:
Benjamin Höglinger-Stelzer 2023-07-03 20:50:23 +02:00
parent ce17eb3ecf
commit d736e7a30e
1 changed files with 55 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
include/Domito.h
View File

@ -162,6 +162,61 @@ DOMITO_CALG_TO_BCRYPT_ALGORITHM(
} }
/* ___ _ ___ _ _ _
* / __|___ __| |___ |_ _|_ _| |_ ___ __ _ _ _(_) |_ _ _
* | (__/ _ \/ _` / -_) | || ' \ _/ -_) _` | '_| | _| || |
* \___\___/\__,_\___| |___|_||_\__\___\__, |_| |_|\__|\_, |
* |___/ |__/
*/
//
// Extracts the CALG_ID from a signed PE that was used to
// calculate the message digest when it was signed
//
_IRQL_requires_max_(DISPATCH_LEVEL)
EXTERN_C
UINT32
DomitoGetPortableExecutableDigestKind(
_In_ PUCHAR pPeBytes,
_In_ PIMAGE_DATA_DIRECTORY pImgDataDirectory
);
//
// Extracts Authenticode signing information and calculates the file digest of a PE file.
//
_Success_(return == STATUS_SUCCESS)
_Must_inspect_result_
_IRQL_requires_max_(PASSIVE_LEVEL)
EXTERN_C
NTSTATUS
DomitoCalculatePortableExecutableDigest(
_In_ PUCHAR pPeBytes,
_In_ ULONG PeSize,
_Out_ PUINT32 pDigestCalgOut,
_Out_ PULONG pDigestSizeOut,
_Out_ PVOID* pDigestOut,
_Outptr_result_maybenull_ LPWIN_CERTIFICATE* pCertOut,
_Out_ PULONG pSizeOfSecurityDirectory
);
_Success_(return == STATUS_SUCCESS)
_Must_inspect_result_
_IRQL_requires_max_(PASSIVE_LEVEL)
EXTERN_C
NTSTATUS
DomitoValidateFileLegacyMode(
_In_ HANDLE FileHandle,
_In_ PVOID Hash,
_In_ UINT32 HashSize,
_In_ ALG_ID HashAlgId,
_In_ const IMAGE_DATA_DIRECTORY* SecurityDirectory,
_Inout_ MINCRYPT_POLICY_INFO* PolicyInfo,
_Out_ LARGE_INTEGER* SigningTime,
_Inout_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo
);
/******************************************************************************** /********************************************************************************
* Library functions * * Library functions *
********************************************************************************/ ********************************************************************************/
@ -210,18 +265,6 @@ DomitoMemorySearchPattern(
_Outptr_result_maybenull_ PVOID* ppMatch _Outptr_result_maybenull_ PVOID* ppMatch
); );
//
// Extracts the CALG_ID from a signed PE that was used to
// calculate the message digest when it was signed
//
_IRQL_requires_max_(DISPATCH_LEVEL)
EXTERN_C
UINT32
DomitoGetPortableExecutableDigestKind(
_In_ PUCHAR pPeBytes,
_In_ PIMAGE_DATA_DIRECTORY pImgDataDirectory
);
// //
// Reads from the beginning of a file until the end or the buffer size is reached. // Reads from the beginning of a file until the end or the buffer size is reached.
// //
@ -236,24 +279,6 @@ DomitoReadFile(
_In_ ULONG BufferSize _In_ ULONG BufferSize
); );
//
// Extracts Authenticode signing information and calculates the file digest of a PE file.
//
_Success_(return == STATUS_SUCCESS)
_Must_inspect_result_
_IRQL_requires_max_(PASSIVE_LEVEL)
EXTERN_C
NTSTATUS
DomitoCalculatePortableExecutableDigest(
_In_ PUCHAR pPeBytes,
_In_ ULONG PeSize,
_Out_ PUINT32 pDigestCalgOut,
_Out_ PULONG pDigestSizeOut,
_Out_ PVOID* pDigestOut,
_Outptr_result_maybenull_ LPWIN_CERTIFICATE* pCertOut,
_Out_ PULONG pSizeOfSecurityDirectory
);
// //
// Gets the name of the main image of the process identified by PID. // Gets the name of the main image of the process identified by PID.
// //
@ -266,19 +291,3 @@ DomitoGetProcessImageName(
_In_ ULONG ProcessId, _In_ ULONG ProcessId,
_Inout_ PUNICODE_STRING* ProcessImageName _Inout_ PUNICODE_STRING* ProcessImageName
); );
_Success_(return == STATUS_SUCCESS)
_Must_inspect_result_
_IRQL_requires_max_(PASSIVE_LEVEL)
EXTERN_C
NTSTATUS
DomitoValidateFileLegacyMode(
_In_ HANDLE FileHandle,
_In_ PVOID Hash,
_In_ UINT32 HashSize,
_In_ ALG_ID HashAlgId,
_In_ const IMAGE_DATA_DIRECTORY* SecurityDirectory,
_Inout_ MINCRYPT_POLICY_INFO* PolicyInfo,
_Out_ LARGE_INTEGER* SigningTime,
_Inout_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo
);