[AndrewGaspar]

And I don't know how I missed this, but attempting to use the `UNICODE_STRING` returned in `string_to_ustring` is a guaranteed use after free. If you're interested in writing Windows kernel code, this is not the place to start.

[AndrewGaspar]

I'm glad to see that Microsoft is investing in Rust bindings for WDK[0], but browsing the repo, there's really no point in using this over C since they haven't bothered to invest in safe, Rust native bindings. The kmdf example[1] is like 50% "SAFETY:" comments because they're stuck using the straight C bindings for every WDK API.

[0] https://github.com/microsoft/windows-drivers-rs/

[1] https://github.com/microsoft/windows-drivers-rs/blob/main/ex...

[haileys]

`boost_write` doesn't appear to validate the length of the user supplied buffer before casting and dereferencing either, so that's a kernel-mode OOB read. Not sure how exploitable this actually is though.

[AndrewGaspar]

lol yep, you're 100% right.