msrexec/vdm.hpp at master · backengineering/msrexec · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#pragma once
#include <windows.h>
#include <cstdint>

#include "loadup.hpp"
#include "raw_driver.hpp"
#define IOCTL_WRMSR 0x229384

#pragma pack (push, 1)
typedef struct _write_msr_t
{
	std::uint32_t reg;
	std::uintptr_t value;
} write_msr_t, * pwrite_msr_t;
#pragma pack (pop)

namespace vdm
{
	inline HANDLE drv_handle;
	inline auto load_drv() -> std::tuple<HANDLE, std::string, NTSTATUS>
	{
		const auto [result, key] =
			driver::load(
				raw_driver,
				sizeof raw_driver
			);

		if (result != STATUS_SUCCESS)
			return { {}, {}, result };

		std::string symlink("\\\\.\\" + key);
		vdm::drv_handle = CreateFileA(
			symlink.c_str(),
			GENERIC_READ | GENERIC_WRITE,
			NULL,
			NULL,
			OPEN_EXISTING,
			FILE_ATTRIBUTE_NORMAL,
			NULL
		);

		return { vdm::drv_handle, key, result };
	}

	inline auto unload_drv(HANDLE drv_handle, std::string drv_key) -> NTSTATUS
	{
		if (!CloseHandle(drv_handle))
			return STATUS_FAIL_CHECK;

		return driver::unload(drv_key);
	}

	inline auto writemsr(std::uint32_t reg, std::uintptr_t value) -> bool
	{
		std::uint32_t bytes_handled;
		write_msr_t io_data{ reg, value };

		return DeviceIoControl
		(
			vdm::drv_handle, IOCTL_WRMSR,
			&io_data, sizeof io_data,
			&io_data, sizeof io_data,
			(LPDWORD)&bytes_handled, nullptr
		);
	}
}