1 files changed, 130 insertions, 0 deletions
diff --git a/SMSSBSOD/Main.c b/SMSSBSOD/Main.c
new file mode 100644
index 0000000..79de8bd
--- /dev/null
+++ b/SMSSBSOD/Main.c
@@ -0,0 +1,130 @@
+#include <stdio.h>
+#include <Windows.h>
+#include <winternl.h>
+#include <stdlib.h>
+
+#pragma comment(lib,"ntdll.lib")
+
+typedef struct _SECTION_IMAGE_INFORMATION {
+	PVOID TransferAddress;
+	ULONG ZeroBits;
+	SIZE_T MaximumStackSize;
+	SIZE_T CommittedStackSize;
+	ULONG SubSystemType;
+	union {
+		struct {
+			USHORT SubSystemMinorVersion;
+			USHORT SubSystemMajorVersion;
+		};
+		ULONG SubSystemVersion;
+	};
+	ULONG GpValue;
+	USHORT ImageCharacteristics;
+	USHORT DllCharacteristics;
+	USHORT Machine;
+	BOOLEAN ImageContainsCode;
+	BOOLEAN Spare1;
+	ULONG LoaderFlags;
+	ULONG ImageFileSize;
+	ULONG Reserved[1];
+} SECTION_IMAGE_INFORMATION, * PSECTION_IMAGE_INFORMATION;
+
+typedef struct _RTL_USER_PROCESS_INFORMATION {
+	ULONG                   Size;
+	HANDLE                  ProcessHandle;
+	HANDLE                  ThreadHandle;
+	CLIENT_ID               ClientId;
+	SECTION_IMAGE_INFORMATION ImageInformation;
+} RTL_USER_PROCESS_INFORMATION, * PRTL_USER_PROCESS_INFORMATION;
+
+static UNICODE_STRING FileName;
+static UNICODE_STRING CmdLine;
+static RTL_USER_PROCESS_INFORMATION ProcessInfo;
+static PRTL_USER_PROCESS_PARAMETERS UserProcessParam;
+
+static void cleanup(void) {
+	RtlFreeUnicodeString(&FileName);
+	RtlDestroyProcessParameters(UserProcessParam);
+	NtClose(ProcessInfo.ThreadHandle);
+	NtClose(ProcessInfo.ProcessHandle);
+}
+
+int wmain(int argc, wchar_t* argv[])
+{
+	atexit(cleanup);
+
+	wchar_t Path[512], CmdLine[512];
+
+	NTSTATUS Result;
+
+	if (argc < 2)
+	{
+		printf("Usage: ntstart.exe [Filename] [Command line]\n");
+		return -1;
+	}
+
+	if (!SearchPath(NULL, argv[1], L".exe", 512, Path, NULL))
+	{
+		printf("Error: File not found\n");
+		return 1;
+	}
+
+	if (!RtlDosPathNameToNtPathName_U(Path, &FileName, NULL, NULL))
+	{
+		printf("Error: Unable to convert path name\n");
+		return 1;
+	}
+
+	if (argc > 2)
+	{
+		swprintf(CmdLine, L"\"%ws\" %ws", Path, argv[2]);
+		RtlInitUnicodeString(&CmdLine, CmdLine);
+	}
+
+	if (!NT_SUCCESS(Result = RtlCreateProcessParameters(
+		&UserProcessParam,
+		&FileName, 
+		NULL,
+		NULL,
+		argc > 2 ? &CmdLine : NULL,
+		NULL,
+		NULL,
+		NULL,
+		NULL,
+		NULL)))
+	{
+		printf("Error: Unable to create process parameters: %x\n", Result);
+		return Result;
+	}
+
+	if (!NT_SUCCESS(Result = RtlCreateUserProcess(
+		&FileName, 
+		OBJ_CASE_INSENSITIVE, 
+		UserProcessParam,
+		NULL, 
+		NULL, 
+		NULL,
+		FALSE,
+		NULL,
+		NULL, 
+		&ProcessInfo)))
+	{
+		printf("Error: Unable to create process: %x\n", Result);
+		return Result;
+	}
+
+	if (!NT_SUCCESS(Result = NtResumeThread(ProcessInfo.ThreadHandle, NULL)))
+	{
+		printf("Error: Unable to start process: %x\n", Result);
+		return Result;
+	}
+
+	if (!NT_SUCCESS(Result = NtWaitForSingleObject(ProcessInfo.ProcessHandle, FALSE, NULL)))
+	{
+		printf("Error: Unable to wait for process: %x\n", Result);
+		return Result;
+	}
+
+	printf("Process exited.\n");
+	return 0;
+}