Update Domito.h

2023-07-03 20:50:23 +02:00 · 2023-07-03 20:50:23 +02:00 · d736e7a30e
commit d736e7a30e
parent ce17eb3ecf
1 changed files with 55 additions and 46 deletions
--- a/include/Domito.h
+++ b/include/Domito.h
@ -162,6 +162,61 @@ DOMITO_CALG_TO_BCRYPT_ALGORITHM(
 }


+/*   ___         _       ___     _                _ _
+ *  / __|___  __| |___  |_ _|_ _| |_ ___ __ _ _ _(_) |_ _  _
+ * | (__/ _ \/ _` / -_)  | || ' \  _/ -_) _` | '_| |  _| || |
+ *  \___\___/\__,_\___| |___|_||_\__\___\__, |_| |_|\__|\_, |
+ *                                      |___/           |__/
+ */
+
+//
+// Extracts the CALG_ID from a signed PE that was used to
+// calculate the message digest when it was signed
+//
+_IRQL_requires_max_(DISPATCH_LEVEL)
+EXTERN_C
+UINT32
+DomitoGetPortableExecutableDigestKind(
+    _In_ PUCHAR pPeBytes,
+    _In_ PIMAGE_DATA_DIRECTORY pImgDataDirectory
+);
+
+//
+// Extracts Authenticode signing information and calculates the file digest of a PE file.
+// 
+_Success_(return == STATUS_SUCCESS)
+_Must_inspect_result_
+_IRQL_requires_max_(PASSIVE_LEVEL)
+EXTERN_C
+NTSTATUS
+DomitoCalculatePortableExecutableDigest(
+    _In_ PUCHAR pPeBytes,
+    _In_ ULONG PeSize,
+    _Out_ PUINT32 pDigestCalgOut,
+    _Out_ PULONG pDigestSizeOut,
+    _Out_ PVOID* pDigestOut,
+    _Outptr_result_maybenull_ LPWIN_CERTIFICATE* pCertOut,
+    _Out_ PULONG pSizeOfSecurityDirectory
+);
+
+
+_Success_(return == STATUS_SUCCESS)
+_Must_inspect_result_
+_IRQL_requires_max_(PASSIVE_LEVEL)
+EXTERN_C
+NTSTATUS
+DomitoValidateFileLegacyMode(
+    _In_ HANDLE FileHandle,
+    _In_ PVOID Hash,
+    _In_ UINT32 HashSize,
+    _In_ ALG_ID HashAlgId,
+    _In_ const IMAGE_DATA_DIRECTORY* SecurityDirectory,
+    _Inout_ MINCRYPT_POLICY_INFO* PolicyInfo,
+    _Out_ LARGE_INTEGER* SigningTime,
+    _Inout_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo
+);
+
+
 /********************************************************************************
 * Library functions                                                            *
 ********************************************************************************/
@ -210,18 +265,6 @@ DomitoMemorySearchPattern(
    _Outptr_result_maybenull_ PVOID* ppMatch
 );

-//
-// Extracts the CALG_ID from a signed PE that was used to
-// calculate the message digest when it was signed
-//
-_IRQL_requires_max_(DISPATCH_LEVEL)
-EXTERN_C
-UINT32
-DomitoGetPortableExecutableDigestKind(
-    _In_ PUCHAR pPeBytes,
-    _In_ PIMAGE_DATA_DIRECTORY pImgDataDirectory
-);
-
 //
 // Reads from the beginning of a file until the end or the buffer size is reached.
 // 
@ -236,24 +279,6 @@ DomitoReadFile(
    _In_ ULONG BufferSize
 );

-//
-// Extracts Authenticode signing information and calculates the file digest of a PE file.
-// 
-_Success_(return == STATUS_SUCCESS)
-_Must_inspect_result_
-_IRQL_requires_max_(PASSIVE_LEVEL)
-EXTERN_C
-NTSTATUS
-DomitoCalculatePortableExecutableDigest(
-    _In_ PUCHAR pPeBytes,
-    _In_ ULONG PeSize,
-    _Out_ PUINT32 pDigestCalgOut,
-    _Out_ PULONG pDigestSizeOut,
-    _Out_ PVOID* pDigestOut,
-    _Outptr_result_maybenull_ LPWIN_CERTIFICATE* pCertOut,
-    _Out_ PULONG pSizeOfSecurityDirectory
-);
-
 //
 // Gets the name of the main image of the process identified by PID.
 // 
@ -266,19 +291,3 @@ DomitoGetProcessImageName(
    _In_ ULONG ProcessId,
    _Inout_ PUNICODE_STRING* ProcessImageName
 );
-
-_Success_(return == STATUS_SUCCESS)
-_Must_inspect_result_
-_IRQL_requires_max_(PASSIVE_LEVEL)
-EXTERN_C
-NTSTATUS
-DomitoValidateFileLegacyMode(
-    _In_ HANDLE FileHandle,
-    _In_ PVOID Hash,
-    _In_ UINT32 HashSize,
-    _In_ ALG_ID HashAlgId,
-    _In_ const IMAGE_DATA_DIRECTORY* SecurityDirectory,
-    _Inout_ MINCRYPT_POLICY_INFO* PolicyInfo,
-    _Out_ LARGE_INTEGER* SigningTime,
-    _Inout_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo
-);