Erebus

Erebus is a Kernel-mode driver written in Rust intended as a proof-of-concept for process memory manipulation using the windows-drivers-rs crate.

Features

• Kernel-Mode Driver: Implements a device interface (\\.\Erebus) handling IRP_MJ_DEVICE_CONTROL requests.
  • Read: Reads arbitrary process memory.
  • Write: Writes to arbitrary process memory.
• User-Mode Client: A CLI tool to interact with the driver.

Implementation Details

• Memory Access: Uses MmCopyVirtualMemory to safely copy memory between the system process and the target process’s virtual address space.
• Process Resolution: Uses PsLookupProcessByProcessId to resolve the target Process ID (PID) into an EPROCESS structure.
• Resource Management: Implements the Drop trait on the Process wrapper to automatically decrement reference counts (ObfDereferenceObject) when scope is lost.
• Build System: Uses cargo-make and wdk-build to handle the WDK build process and driver signing.

Links

• GitHub