Aktualizacja: 2025-10-05 00:35:24

kvc/ControllerProcessOperations.cpp

@@ -1189,8 +1189,21 @@ bool Controller::GetProcessProtection(DWORD pid) noexcept
 	if (protLevel == 0) {
 		wprintf(L"[*] PID %d (%s) is not protected\n", pid, processName.c_str());
 	} else {
-        WORD protectionColor = (protLevel == static_cast<UCHAR>(PS_PROTECTED_TYPE::ProtectedLight)) ?
+		WORD protectionColor;
-            (FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY) : (FOREGROUND_GREEN | FOREGROUND_INTENSITY);
+		if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
+			protectionColor = FOREGROUND_RED | FOREGROUND_INTENSITY;
+		}
+		else if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) ||
+				 signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem) ||
+				 signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows)) {
+			protectionColor = FOREGROUND_GREEN | FOREGROUND_INTENSITY;
+		}
+		else if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Antimalware)) {
+			protectionColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY;
+		}
+		else {
+			protectionColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY;
+		}
 		
 		SetConsoleTextAttribute(hConsole, protectionColor);
 		wprintf(L"[*] PID %d (%s) protection: %s-%s (raw: 0x%02x)\n", 
@@ -1201,13 +1214,6 @@ bool Controller::GetProcessProtection(DWORD pid) noexcept
 		SetConsoleTextAttribute(hConsole, originalColor);
 	}
     
-    auto dumpability = Utils::CanDumpProcess(pid, processName, protLevel, signerType);
-    SetConsoleTextAttribute(hConsole, BACKGROUND_RED | BACKGROUND_GREEN | BACKGROUND_BLUE);
-    wprintf(L" Dumpability: %s - %s \n", 
-            dumpability.CanDump ? L"Yes" : L"No",
-            dumpability.Reason.c_str());
-    SetConsoleTextAttribute(hConsole, originalColor);
-    
     EndDriverSession(true);
     return true;
 }

kvc/Utils.cpp

@@ -994,20 +994,24 @@ const wchar_t* GetProcessDisplayColor(UCHAR signerType, UCHAR signatureLevel,
         return ProcessColors::BLUE; // Unchecked signatures - blue
     }
 
-    // System processes - green
+    // LSA processes - RED (critical security authority)
+    if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
+        return ProcessColors::RED;
+    }
+
+    // System processes - GREEN (kernel/system trust)
     if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows) ||
         signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) ||
-        signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem) ||
+        signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem)) {
-        signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
         return ProcessColors::GREEN;
     }
 
-    // Security software - yellow
+    // Security software - YELLOW (antimalware)
     if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Antimalware)) {
         return ProcessColors::YELLOW;
     }
 
-    // User/third-party processes - yellow
+    // User/third-party processes - YELLOW (default)
     return ProcessColors::YELLOW;
 }
 

kvc/Utils.h

@@ -320,8 +320,9 @@ namespace Utils
      * @brief ANSI color codes for process display
      */
 	struct ProcessColors {
-        static constexpr const wchar_t* GREEN = L"\033[92m";   ///< System processes
+		static constexpr const wchar_t* GREEN = L"\033[92m";   ///< System processes (WinTcb, WinSystem, Windows)
-        static constexpr const wchar_t* YELLOW = L"\033[93m";  ///< User processes
+		static constexpr const wchar_t* RED = L"\033[91m";     ///< LSA processes (critical security)
+		static constexpr const wchar_t* YELLOW = L"\033[93m";  ///< User/Antimalware processes
 		static constexpr const wchar_t* BLUE = L"\033[94m";    ///< Unchecked signatures
 		static constexpr const wchar_t* HEADER = L"\033[97;44m"; ///< Table headers
 		static constexpr const wchar_t* RESET = L"\033[0m";    ///< Reset color