Skip to content

Instantly share code, notes, and snippets.

View hfiref0x's full-sized avatar

hfiref0x

3.9k followers · 19 following
View GitHub Profile
@hfiref0x
hfiref0x / asusgio2.c
Created February 19, 2020 14:52
AsIO2
NTSTATUS CallDriver(
_In_ HANDLE DeviceHandle,
_In_ ULONG IoControlCode,
_In_ PVOID InputBuffer,
_In_ ULONG InputBufferLength,
_In_opt_ PVOID OutputBuffer,
_In_opt_ ULONG OutputBufferLength)
{
BOOL bResult = FALSE;
IO_STATUS_BLOCK ioStatus;
@hfiref0x
hfiref0x / lg.c
Created February 18, 2020 03:33
Logitech LgCoreTemp.sys Features
#include <windows.h>
#include <cstdio>
#include "ntos.h"
#define LG_DEVICE_TYPE (DWORD)0xC350
#define LG_READVALUE (DWORD)0x800
#define LG_READREFCOUNT (DWORD)0x801
#define LG_READMSR (DWORD)0x821
#define IOCTL_LG_READVALUE \
@hfiref0x
hfiref0x / entech_new.c
Created February 15, 2020 04:09
#include <windows.h>
#include <cstdio>
#include "ntos.h"
#define WINIO_DEVICE_TYPE (DWORD)0x8010
#define WINIO_READMSR (DWORD)0x816
#define IOCTL_WINIO_READMSR \
CTL_CODE(WINIO_DEVICE_TYPE, WINIO_READMSR, METHOD_BUFFERED, FILE_ANY_ACCESS)
@hfiref0x
hfiref0x / GLCKIo2.c
Created February 11, 2020 11:11
#include "ntos.h"
#define GLCKIO_DEVICE_TYPE (DWORD)0x8010 //same as WinIO/MsIo and all clones based on this bugfest code
#define GLCKIO_REGISTER_FUNCID (DWORD)0x818
#define GLCKIO_READMSR (DWORD)0x816
#define IOCTL_GKCKIO_REGISTER \
CTL_CODE(GLCKIO_DEVICE_TYPE, GLCKIO_REGISTER_FUNCID, METHOD_BUFFERED, FILE_ANY_ACCESS)
@hfiref0x
hfiref0x / MiRememberUnloadedDriver.asm
Last active July 17, 2024 02:21
MiRememberUnloadedDriver
typedef struct _UNLOADED_DRIVERS {
UNICODE_STRING Name;
PVOID StartAddress;
PVOID EndAddress;
LARGE_INTEGER CurrentTime;
} UNLOADED_DRIVERS, *PUNLOADED_DRIVERS;
#define MI_UNLOADED_DRIVERS 50
mov reg, 7D0h ; -> NumberOfBytes = MI_UNLOADED_DRIVERS * sizeof (UNLOADED_DRIVERS);
@hfiref0x
hfiref0x / handleopen.c
Created February 8, 2020 16:21
NTSTATUS HandleOpen(PDEVICE_OBJECT DeviceObject, IRP *Irp)
{
NTSTATUS ntStatus;
BOOL bAllowed;
PIO_SECURITY_CONTEXT SecurityContext;
PACCESS_STATE AccessState;
PACCESS_TOKEN Token;
DWORD IsTokenElevated;
DWORD tokenIntegrityLevel;
PTOKEN_ELEVATION tokenElevation;
@hfiref0x
hfiref0x / wr0_demo4.c
Last active October 28, 2021 07:10
EVGA PrecisionX OC 6.2.7 wormhole driver
#include <windows.h>
#include <cstdio>
#define DEVICE_WR0_TYPE 40000
#define WR0_DEVICE_LINK TEXT("\\\\.\\WinRing0_1_2_0")
HANDLE g_handleWR0 = INVALID_HANDLE_VALUE;
#define IOCTL_WR0_READ_PCI_CONFIG CTL_CODE(DEVICE_WR0_TYPE, 0x851, METHOD_BUFFERED, FILE_READ_ACCESS)
#define IOCTL_WR0_WRITE_PCI_CONFIG CTL_CODE(DEVICE_WR0_TYPE, 0x852, METHOD_BUFFERED, FILE_WRITE_ACCESS)
@hfiref0x
hfiref0x / wr0_demo3.c
Created January 29, 2020 17:54
EVGA PrecisionX OC 6.2.7 wormhole driver
#include <windows.h>
#include <cstdio>
#define DEVICE_WR0_TYPE 40000
#define WR0_DEVICE_LINK TEXT("\\\\.\\WinRing0_1_2_0")
HANDLE g_handleWR0 = INVALID_HANDLE_VALUE;
#define IOCTL_WR0_READ_MEMORY CTL_CODE(DEVICE_WR0_TYPE, 0x841, METHOD_BUFFERED, FILE_READ_ACCESS)
#define IOCTL_WR0_WRITE_MEMORY CTL_CODE(DEVICE_WR0_TYPE, 0x842, METHOD_BUFFERED, FILE_WRITE_ACCESS)
@hfiref0x
hfiref0x / wr0_demo2.c
Created January 29, 2020 14:40
EVGA PrecisionX OC 6.2.7 wormhole driver
#include <windows.h>
#include <cstdio>
#define DEVICE_WR0_TYPE 40000
#define WR0_DEVICE_LINK TEXT("\\\\.\\WinRing0_1_2_0")
HANDLE g_handleWR0 = INVALID_HANDLE_VALUE;
#define IOCTL_WR0_READ_MSR CTL_CODE(DEVICE_WR0_TYPE, 0x821, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_WR0_WRITE_MSR CTL_CODE(DEVICE_WR0_TYPE, 0x822, METHOD_BUFFERED, FILE_ANY_ACCESS)
@hfiref0x
hfiref0x / wr0_demo1.c
Created January 29, 2020 13:45
EVGA PrecisionX OC 6.2.7 wormhole driver
#include <windows.h>
#include <cstdio>
#define DEVICE_WR0_TYPE 40000
#define WR0_DEVICE_LINK TEXT("\\\\.\\WinRing0_1_2_0")
HANDLE g_handleWR0 = INVALID_HANDLE_VALUE;
//
// Port mapped I/O access IOCTLS.