The exploit is triggered by creating a pipe. A read-write named pipe to be exect.
We need to create transaction manager objects, tons of enlistment objects, transaction objects and resource manager objects. The KTM notifies the resource manager about any state change.
The enlistment object connects between resource manager and transaction manager
Then all the changes are committed during the transaction
We create four threads and over a single cpu core. first thread calls Another thread calls NtQueryInformationThread in a loop, second thread execute NtRecoverResourceManager in a loop and the third thread calls tons of time to NtQueryInformationResourceManager. Call the function during writefile on the previously created named pipe