update: Veil.System.MinCrypt

Co-authored-by: kanren3 <760917197@qq.com>
MiroKaku · Jul 12, 2024 · 2e37ed9 · 2e37ed9
1 parent 6df0a85
commit 2e37ed9
Show file tree

Hide file tree

Showing 9 changed files with 244 additions and 206 deletions.
diff --git a/Library/ARM64/ci.lib b/Library/ARM64/ci.lib
diff --git a/Library/CI.Stub.cpp b/Library/CI.Stub.cpp
@@ -0,0 +1,144 @@
+#include "../Veil.h"
+
+EXTERN_C_START
+
+_IRQL_requires_max_(PASSIVE_LEVEL)
+MINCRYPTAPI
+NTSTATUS
+NTAPI
+CiCheckSignedFile(
+    _In_ PUCHAR FileHash,
+    _In_ ULONG HashLength,
+    _In_ ALG_ID HashAlgorithm,
+    _In_ PUCHAR CertBuffer,
+    _In_ ULONG CertSize,
+    _Out_ PMINCRYPT_POLICY_INFO PolicyInfo,
+    _Out_opt_ PLARGE_INTEGER SigningTime,
+    _Out_opt_ PMINCRYPT_POLICY_INFO TimeStampPolicyInfo
+)
+{
+    UNREFERENCED_PARAMETER(FileHash);
+    UNREFERENCED_PARAMETER(HashLength);
+    UNREFERENCED_PARAMETER(HashAlgorithm);
+    UNREFERENCED_PARAMETER(CertBuffer);
+    UNREFERENCED_PARAMETER(CertSize);
+    UNREFERENCED_PARAMETER(PolicyInfo);
+    UNREFERENCED_PARAMETER(SigningTime);
+    UNREFERENCED_PARAMETER(TimeStampPolicyInfo);
+
+    return STATUS_SUCCESS;
+}
+
+_IRQL_requires_max_(PASSIVE_LEVEL)
+MINCRYPTAPI
+NTSTATUS
+NTAPI
+CiVerifyHashInCatalog(
+    _In_ PUCHAR FileHash,
+    _In_ ULONG HashLength,
+    _In_ ALG_ID HashAlgorithm,
+    _In_ ULONG Recheck,
+    _In_ ULONG SecureProcess,
+    _In_ ULONG AcceptRoots,
+    _Out_opt_ PMINCRYPT_POLICY_INFO PolicyInfo,
+    _Out_opt_ PUNICODE_STRING CatalogName,
+    _Out_opt_ PLARGE_INTEGER SigningTime,
+    _Out_opt_ PMINCRYPT_POLICY_INFO TimeStampPolicyInfo
+)
+{
+    UNREFERENCED_PARAMETER(FileHash);
+    UNREFERENCED_PARAMETER(HashLength);
+    UNREFERENCED_PARAMETER(HashAlgorithm);
+    UNREFERENCED_PARAMETER(Recheck);
+    UNREFERENCED_PARAMETER(SecureProcess);
+    UNREFERENCED_PARAMETER(AcceptRoots);
+    UNREFERENCED_PARAMETER(PolicyInfo);
+    UNREFERENCED_PARAMETER(CatalogName);
+    UNREFERENCED_PARAMETER(SigningTime);
+    UNREFERENCED_PARAMETER(TimeStampPolicyInfo);
+
+    return STATUS_SUCCESS;
+}
+
+_IRQL_requires_max_(PASSIVE_LEVEL)
+MINCRYPTAPI
+NTSTATUS
+NTAPI
+CiValidateFileObject(
+    _In_ PFILE_OBJECT FileObject,
+    _In_ ULONG SecureRequired,
+    _In_ UCHAR RequestedSigningLevel,
+    _Out_ PMINCRYPT_POLICY_INFO PolicyInfo,
+    _Out_ PMINCRYPT_POLICY_INFO TimeStampPolicyInfo,
+    _Out_ PLARGE_INTEGER SigningTime,
+    _Out_ PUCHAR FileHash,
+    _Inout_ PULONG FileHashSize,
+    _Out_ ALG_ID* FileHashAlgorithm
+)
+{
+    UNREFERENCED_PARAMETER(FileObject);
+    UNREFERENCED_PARAMETER(SecureRequired);
+    UNREFERENCED_PARAMETER(RequestedSigningLevel);
+    UNREFERENCED_PARAMETER(PolicyInfo);
+    UNREFERENCED_PARAMETER(TimeStampPolicyInfo);
+    UNREFERENCED_PARAMETER(SigningTime);
+    UNREFERENCED_PARAMETER(FileHash);
+    UNREFERENCED_PARAMETER(FileHashSize);
+    UNREFERENCED_PARAMETER(FileHashAlgorithm);
+
+    return STATUS_SUCCESS;
+}
+
+_IRQL_requires_max_(PASSIVE_LEVEL)
+MINCRYPTAPI
+PVOID
+NTAPI
+CiFreePolicyInfo(
+    _Inout_ MINCRYPT_POLICY_INFO* PolicyInfo
+)
+{
+    UNREFERENCED_PARAMETER(PolicyInfo);
+
+    return nullptr;
+}
+
+typedef
+_IRQL_requires_same_
+_Function_class_(MINCRYPT_ALLOCATE_ROUTINE)
+__drv_allocatesMem(Mem)
+PVOID
+NTAPI
+MINCRYPT_ALLOCATE_ROUTINE (
+    _In_ SIZE_T ByteSize
+    );
+typedef MINCRYPT_ALLOCATE_ROUTINE *PMINCRYPT_ALLOCATE_ROUTINE;
+
+_IRQL_requires_max_(PASSIVE_LEVEL)
+MINCRYPTAPI
+NTSTATUS
+NTAPI
+CiGetCertPublisherName(
+    _In_ MINCERT_BLOB* Certificate,
+    _In_ PMINCRYPT_ALLOCATE_ROUTINE AllocateRoutine,
+    _Out_ PUNICODE_STRING PublisherName
+)
+{
+    UNREFERENCED_PARAMETER(Certificate);
+    UNREFERENCED_PARAMETER(AllocateRoutine);
+    UNREFERENCED_PARAMETER(PublisherName);
+
+    return 0;
+}
+
+_IRQL_requires_max_(PASSIVE_LEVEL)
+MINCRYPTAPI
+VOID
+NTAPI
+CiSetTrustedOriginClaimId(
+    _In_ UINT32 ClaimId
+)
+{
+    UNREFERENCED_PARAMETER(ClaimId);
+}
+
+EXTERN_C_END
diff --git a/Library/ci.def → Library/CI.def b/Library/ci.def → Library/CI.def
diff --git a/Library/README.Ci.md → Library/README.CI.md b/Library/README.Ci.md → Library/README.CI.md
@@ -4,7 +4,7 @@ Usually when linking with a certain dll, you’d use an import library provided
 In our case, no such ci.lib file is provided and we need to generate it ourselves.
 This lib file should be added as a linker input in the project properties.
 
-## 64 bit
+## x64 and AMD64
 
 Get the exported functions from the dll, using dumpbin utility: 
 
@@ -32,7 +32,8 @@ EXPORTS
 
 Generate the .lib file using the lib utility:
 
-`lib /def:ci.def /machine:x64 /out:ci.lib`
+`lib /def:CI.def /machine:x64 /out:ci.lib`
+`lib /def:CI.def /machine:AMD64 /out:ci.lib`
 
 
 ## 32 bit
@@ -68,15 +69,15 @@ An example of such file is included in this repo under the name Stub.Ci.cpp
 
 ```bat
 
-> SET KM_IncludePath="C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\km"
-> SET CRT_IncludePath="C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\km\crt"
-> SET KIT_SHARED_IncludePath="C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\shared"
+> SET KM_IncludePath="C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\km"
+> SET CRT_IncludePath="C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\km\crt"
+> SET KIT_SHARED_IncludePath="C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\shared"
 >
-> cl Stub.Ci.cpp /c /kernel /Zc:wchar_t /I%KM_IncludePath% /I%CRT_IncludePath% /I%KIT_SHARED_IncludePath% /D _X86_=1 /D i386=1 /DSTD_CALL /D_MINCRYPT_LIB
+> cl CI.Stub.cpp /c /kernel /Zc:wchar_t /I%KM_IncludePath% /I%CRT_IncludePath% /I%KIT_SHARED_IncludePath% /D _X86_=1 /D i386=1 /DSTD_CALL /D_MINCRYPT_LIB
 ```
 
 - Generate the .lib file using the lib utility, this time with the OBJ file:
 
 ```bat
-> lib /def:ci.def /machine:x86 /out:ci.lib Stub.Ci.obj
+> lib /def:CI.def /machine:x86 /out:ci.lib CI.Stub.obj
 ```
diff --git a/Library/Stub.Ci.cpp b/Library/Stub.Ci.cpp
diff --git a/Library/x64/ci.lib b/Library/x64/ci.lib
diff --git a/Library/x86/ci.lib b/Library/x86/ci.lib