admin/kvc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Aktualizacja: 2025-10-03 09:46:50

Browse Source
This commit is contained in:
wesmar
2025-10-03 09:46:50 +02:00
parent 26a43694ce
commit 3811f65d21
4 changed files with 1631 additions and 1786 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
kvc/Controller.h
View File

@@ -119,6 +119,12 @@ public:
bool UnprotectAllProcesses() noexcept;
bool UnprotectMultipleProcesses(const std::vector<std::wstring>& targets) noexcept;
bool ProtectMultipleProcesses(const std::vector<std::wstring>& targets,
const std::wstring& protectionLevel,
const std::wstring& signerType) noexcept;
bool SetMultipleProcessesProtection(const std::vector<std::wstring>& targets,
const std::wstring& protectionLevel,
const std::wstring& signerType) noexcept;
bool KillMultipleProcesses(const std::vector<DWORD>& pids) noexcept;
bool KillMultipleTargets(const std::vector<std::wstring>& targets) noexcept;
@@ -242,6 +248,12 @@ private:
std::vector<ProcessMatch> FindProcessesByName(const std::wstring& pattern) noexcept;
bool IsPatternMatch(const std::wstring& processName, const std::wstring& pattern) noexcept;
// Internal batch operation helpers
bool ProtectProcessInternal(DWORD pid, const std::wstring& protectionLevel,
const std::wstring& signerType, bool batchOperation) noexcept;
bool SetProcessProtectionInternal(DWORD pid, const std::wstring& protectionLevel,
const std::wstring& signerType, bool batchOperation) noexcept;
// Memory dumping with comprehensive protection handling
bool CreateMiniDump(DWORD pid, const std::wstring& outputPath) noexcept;
bool SetCurrentProcessProtection(UCHAR protection) noexcept;

1877
kvc/ControllerProcessOperations.cpp
View File

File diff suppressed because it is too large Load Diff

43
kvc/Kvc.cpp
View File

@@ -505,7 +505,6 @@ int wmain(int argc, wchar_t* argv[])
}
// Process protection commands with atomic driver operations
// Process protection commands with atomic driver operations
else if (command == L"set" || command == L"protect")
{
if (argc < 5)
@@ -518,25 +517,21 @@ int wmain(int argc, wchar_t* argv[])
std::wstring level = argv[3];
std::wstring signer = argv[4];
// Handle comma-separated list of PIDs for batch operations
// Handle comma-separated list for batch operations (supports PIDs AND process names)
std::wstring targetStr(target);
if (targetStr.find(L',') != std::wstring::npos)
{
std::vector<DWORD> pids;
std::vector<std::wstring> targets;
std::wstring current;
// Parse comma-separated PIDs with whitespace handling
// Parse comma-separated targets with whitespace handling
for (wchar_t ch : targetStr)
{
if (ch == L',')
{
if (!current.empty())
{
if (IsNumeric(current))
{
auto pid = ParsePid(current);
if (pid) pids.push_back(pid.value());
}
targets.push_back(current);
current.clear();
}
}
@@ -547,33 +542,23 @@ int wmain(int argc, wchar_t* argv[])
}
// Last token
if (!current.empty() && IsNumeric(current))
{
auto pid = ParsePid(current);
if (pid) pids.push_back(pid.value());
}
if (!current.empty())
targets.push_back(current);
if (pids.empty())
if (targets.empty())
{
ERROR(L"No valid PIDs found in comma-separated list");
ERROR(L"No valid targets found in comma-separated list");
return 1;
}
// Batch operation
INFO(L"Batch %s operation: %zu processes", command.data(), pids.size());
int successCount = 0;
// Batch operation - handles both PIDs and process names
INFO(L"Batch %s operation: %zu targets (mixed PIDs/names)", command.data(), targets.size());
for (DWORD pid : pids)
{
bool result = (command == L"set") ?
g_controller->SetProcessProtection(pid, level, signer) :
g_controller->ProtectProcess(pid, level, signer);
bool result = (command == L"set") ?
g_controller->SetMultipleProcessesProtection(targets, level, signer) :
g_controller->ProtectMultipleProcesses(targets, level, signer);
if (result) successCount++;
}
INFO(L"Batch %s completed: %d/%zu processes", command.data(), successCount, pids.size());
return successCount == pids.size() ? 0 : 2;
return result ? 0 : 2;
}
// Single target (PID or name)

1441
kvc/TrustedInstallerIntegrator.cpp
View File

File diff suppressed because it is too large Load Diff