admin/kvc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Aktualizacja: 2025-10-05 00:35:24

Browse Source
This commit is contained in:
wesmar
2025-10-05 00:35:24 +02:00
parent 29e28d4894
commit 3fa4db880b
3 changed files with 44 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
kvc/ControllerProcessOperations.cpp
View File

@@ -1186,27 +1186,33 @@ bool Controller::GetProcessProtection(DWORD pid) noexcept
GetConsoleScreenBufferInfo(hConsole, &consoleInfo); GetConsoleScreenBufferInfo(hConsole, &consoleInfo);
WORD originalColor = consoleInfo.wAttributes; WORD originalColor = consoleInfo.wAttributes;
if (protLevel == 0) { if (protLevel == 0) {
wprintf(L"[*] PID %d (%s) is not protected\n", pid, processName.c_str()); wprintf(L"[*] PID %d (%s) is not protected\n", pid, processName.c_str());
} else { } else {
WORD protectionColor = (protLevel == static_cast<UCHAR>(PS_PROTECTED_TYPE::ProtectedLight)) ? WORD protectionColor;
(FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY) : (FOREGROUND_GREEN | FOREGROUND_INTENSITY); if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
protectionColor = FOREGROUND_RED | FOREGROUND_INTENSITY;
SetConsoleTextAttribute(hConsole, protectionColor); }
wprintf(L"[*] PID %d (%s) protection: %s-%s (raw: 0x%02x)\n", else if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) ||
pid, processName.c_str(), signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem) ||
Utils::GetProtectionLevelAsString(protLevel), signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows)) {
Utils::GetSignerTypeAsString(signerType), protectionColor = FOREGROUND_GREEN | FOREGROUND_INTENSITY;
currentProtection.value()); }
SetConsoleTextAttribute(hConsole, originalColor); else if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Antimalware)) {
} protectionColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY;
}
auto dumpability = Utils::CanDumpProcess(pid, processName, protLevel, signerType); else {
SetConsoleTextAttribute(hConsole, BACKGROUND_RED | BACKGROUND_GREEN | BACKGROUND_BLUE); protectionColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY;
wprintf(L" Dumpability: %s - %s \n", }
dumpability.CanDump ? L"Yes" : L"No",
dumpability.Reason.c_str()); SetConsoleTextAttribute(hConsole, protectionColor);
SetConsoleTextAttribute(hConsole, originalColor); wprintf(L"[*] PID %d (%s) protection: %s-%s (raw: 0x%02x)\n",
pid, processName.c_str(),
Utils::GetProtectionLevelAsString(protLevel),
Utils::GetSignerTypeAsString(signerType),
currentProtection.value());
SetConsoleTextAttribute(hConsole, originalColor);
}
EndDriverSession(true); EndDriverSession(true);
return true; return true;

14
kvc/Utils.cpp
View File

@@ -994,20 +994,24 @@ const wchar_t* GetProcessDisplayColor(UCHAR signerType, UCHAR signatureLevel,
return ProcessColors::BLUE; // Unchecked signatures - blue return ProcessColors::BLUE; // Unchecked signatures - blue
} }
// System processes - green // LSA processes - RED (critical security authority)
if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
return ProcessColors::RED;
}
// System processes - GREEN (kernel/system trust)
if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows) || if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows) ||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) || signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) ||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem) || signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem)) {
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
return ProcessColors::GREEN; return ProcessColors::GREEN;
} }
// Security software - yellow // Security software - YELLOW (antimalware)
if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Antimalware)) { if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Antimalware)) {
return ProcessColors::YELLOW; return ProcessColors::YELLOW;
} }
// User/third-party processes - yellow // User/third-party processes - YELLOW (default)
return ProcessColors::YELLOW; return ProcessColors::YELLOW;
} }

15
kvc/Utils.h
View File

@@ -319,13 +319,14 @@ namespace Utils
/** /**
* @brief ANSI color codes for process display * @brief ANSI color codes for process display
*/ */
struct ProcessColors { struct ProcessColors {
static constexpr const wchar_t* GREEN = L"\033[92m"; ///< System processes static constexpr const wchar_t* GREEN = L"\033[92m"; ///< System processes (WinTcb, WinSystem, Windows)
static constexpr const wchar_t* YELLOW = L"\033[93m"; ///< User processes static constexpr const wchar_t* RED = L"\033[91m"; ///< LSA processes (critical security)
static constexpr const wchar_t* BLUE = L"\033[94m"; ///< Unchecked signatures static constexpr const wchar_t* YELLOW = L"\033[93m"; ///< User/Antimalware processes
static constexpr const wchar_t* HEADER = L"\033[97;44m"; ///< Table headers static constexpr const wchar_t* BLUE = L"\033[94m"; ///< Unchecked signatures
static constexpr const wchar_t* RESET = L"\033[0m"; ///< Reset color static constexpr const wchar_t* HEADER = L"\033[97;44m"; ///< Table headers
}; static constexpr const wchar_t* RESET = L"\033[0m"; ///< Reset color
};
/** /**
* @brief Enables ANSI virtual terminal processing for colored output * @brief Enables ANSI virtual terminal processing for colored output