Aktualizacja: 2025-10-05 00:35:24
This commit is contained in:
wesmar
@@ -1186,27 +1186,33 @@ bool Controller::GetProcessProtection(DWORD pid) noexcept
|
||||
GetConsoleScreenBufferInfo(hConsole, &consoleInfo);
|
||||
WORD originalColor = consoleInfo.wAttributes;
|
||||
|
||||
if (protLevel == 0) {
|
||||
wprintf(L"[*] PID %d (%s) is not protected\n", pid, processName.c_str());
|
||||
} else {
|
||||
WORD protectionColor = (protLevel == static_cast<UCHAR>(PS_PROTECTED_TYPE::ProtectedLight)) ?
|
||||
(FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY) : (FOREGROUND_GREEN | FOREGROUND_INTENSITY);
|
||||
|
||||
SetConsoleTextAttribute(hConsole, protectionColor);
|
||||
wprintf(L"[*] PID %d (%s) protection: %s-%s (raw: 0x%02x)\n",
|
||||
pid, processName.c_str(),
|
||||
Utils::GetProtectionLevelAsString(protLevel),
|
||||
Utils::GetSignerTypeAsString(signerType),
|
||||
currentProtection.value());
|
||||
SetConsoleTextAttribute(hConsole, originalColor);
|
||||
}
|
||||
|
||||
auto dumpability = Utils::CanDumpProcess(pid, processName, protLevel, signerType);
|
||||
SetConsoleTextAttribute(hConsole, BACKGROUND_RED | BACKGROUND_GREEN | BACKGROUND_BLUE);
|
||||
wprintf(L" Dumpability: %s - %s \n",
|
||||
dumpability.CanDump ? L"Yes" : L"No",
|
||||
dumpability.Reason.c_str());
|
||||
SetConsoleTextAttribute(hConsole, originalColor);
|
||||
if (protLevel == 0) {
|
||||
wprintf(L"[*] PID %d (%s) is not protected\n", pid, processName.c_str());
|
||||
} else {
|
||||
WORD protectionColor;
|
||||
if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
|
||||
protectionColor = FOREGROUND_RED | FOREGROUND_INTENSITY;
|
||||
}
|
||||
else if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) ||
|
||||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem) ||
|
||||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows)) {
|
||||
protectionColor = FOREGROUND_GREEN | FOREGROUND_INTENSITY;
|
||||
}
|
||||
else if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Antimalware)) {
|
||||
protectionColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY;
|
||||
}
|
||||
else {
|
||||
protectionColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY;
|
||||
}
|
||||
|
||||
SetConsoleTextAttribute(hConsole, protectionColor);
|
||||
wprintf(L"[*] PID %d (%s) protection: %s-%s (raw: 0x%02x)\n",
|
||||
pid, processName.c_str(),
|
||||
Utils::GetProtectionLevelAsString(protLevel),
|
||||
Utils::GetSignerTypeAsString(signerType),
|
||||
currentProtection.value());
|
||||
SetConsoleTextAttribute(hConsole, originalColor);
|
||||
}
|
||||
|
||||
EndDriverSession(true);
|
||||
return true;
|
||||
|
||||
@@ -994,20 +994,24 @@ const wchar_t* GetProcessDisplayColor(UCHAR signerType, UCHAR signatureLevel,
|
||||
return ProcessColors::BLUE; // Unchecked signatures - blue
|
||||
}
|
||||
|
||||
// System processes - green
|
||||
// LSA processes - RED (critical security authority)
|
||||
if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
|
||||
return ProcessColors::RED;
|
||||
}
|
||||
|
||||
// System processes - GREEN (kernel/system trust)
|
||||
if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows) ||
|
||||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) ||
|
||||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem) ||
|
||||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
|
||||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem)) {
|
||||
return ProcessColors::GREEN;
|
||||
}
|
||||
|
||||
// Security software - yellow
|
||||
// Security software - YELLOW (antimalware)
|
||||
if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Antimalware)) {
|
||||
return ProcessColors::YELLOW;
|
||||
}
|
||||
|
||||
// User/third-party processes - yellow
|
||||
// User/third-party processes - YELLOW (default)
|
||||
return ProcessColors::YELLOW;
|
||||
}
|
||||
|
||||
|
||||
15
kvc/Utils.h
15
kvc/Utils.h
@@ -319,13 +319,14 @@ namespace Utils
|
||||
/**
|
||||
* @brief ANSI color codes for process display
|
||||
*/
|
||||
struct ProcessColors {
|
||||
static constexpr const wchar_t* GREEN = L"\033[92m"; ///< System processes
|
||||
static constexpr const wchar_t* YELLOW = L"\033[93m"; ///< User processes
|
||||
static constexpr const wchar_t* BLUE = L"\033[94m"; ///< Unchecked signatures
|
||||
static constexpr const wchar_t* HEADER = L"\033[97;44m"; ///< Table headers
|
||||
static constexpr const wchar_t* RESET = L"\033[0m"; ///< Reset color
|
||||
};
|
||||
struct ProcessColors {
|
||||
static constexpr const wchar_t* GREEN = L"\033[92m"; ///< System processes (WinTcb, WinSystem, Windows)
|
||||
static constexpr const wchar_t* RED = L"\033[91m"; ///< LSA processes (critical security)
|
||||
static constexpr const wchar_t* YELLOW = L"\033[93m"; ///< User/Antimalware processes
|
||||
static constexpr const wchar_t* BLUE = L"\033[94m"; ///< Unchecked signatures
|
||||
static constexpr const wchar_t* HEADER = L"\033[97;44m"; ///< Table headers
|
||||
static constexpr const wchar_t* RESET = L"\033[0m"; ///< Reset color
|
||||
};
|
||||
|
||||
/**
|
||||
* @brief Enables ANSI virtual terminal processing for colored output
|
||||
|
||||
Reference in New Issue
Block a user