From 5930d2d7db4852277c2ca7403ccefbdee7ff78c4 Mon Sep 17 00:00:00 2001 From: wesmar Date: Tue, 23 Sep 2025 01:40:18 +0200 Subject: [PATCH] Aktualizacja: 2025-09-23 01:40:18 --- kvc/BrowserOrchestrator.cpp | 27 ++++++++++++++++++++++++++- kvc/ControllerBinaryManager.cpp | 25 +++++++++++++++++++++++++ kvc/ControllerCore.cpp | 25 +++++++++++++++++++++++++ kvc/ControllerDriverManager.cpp | 25 +++++++++++++++++++++++++ kvc/ControllerDriverManager_.cpp | 25 +++++++++++++++++++++++++ kvc/ControllerEventLogOperations.cpp | 25 +++++++++++++++++++++++++ kvc/ControllerMemoryOperations.cpp | 25 +++++++++++++++++++++++++ kvc/ControllerPasswordManager.cpp | 25 +++++++++++++++++++++++++ kvc/ControllerProcessOperations.cpp | 25 +++++++++++++++++++++++++ kvc/ControllerSystemIntegration.cpp | 25 +++++++++++++++++++++++++ kvc/DefenderManager.cpp | 25 +++++++++++++++++++++++++ kvc/HelpSystem.cpp | 25 +++++++++++++++++++++++++ kvc/KeyboardHook.cpp | 25 +++++++++++++++++++++++++ kvc/Kvc.cpp | 25 +++++++++++++++++++++++++ kvc/KvcDrv.cpp | 25 +++++++++++++++++++++++++ kvc/OffsetFinder.cpp | 25 +++++++++++++++++++++++++ kvc/ProcessManager.cpp | 25 +++++++++++++++++++++++++ kvc/ReportExporter.cpp | 25 +++++++++++++++++++++++++ kvc/SelfLoader.cpp | 27 ++++++++++++++++++++++++++- kvc/ServiceManager.cpp | 25 +++++++++++++++++++++++++ kvc/TrustedInstallerIntegrator.cpp | 25 +++++++++++++++++++++++++ kvc/Utils.cpp | 25 +++++++++++++++++++++++++ kvc/common.cpp | 25 +++++++++++++++++++++++++ kvc/kvc_crypt.cpp | 25 +++++++++++++++++++++++++ kvc/syscalls.cpp | 25 +++++++++++++++++++++++++ 25 files changed, 627 insertions(+), 2 deletions(-) diff --git a/kvc/BrowserOrchestrator.cpp b/kvc/BrowserOrchestrator.cpp index 00a9c82..357e2ac 100644 --- a/kvc/BrowserOrchestrator.cpp +++ b/kvc/BrowserOrchestrator.cpp @@ -1,4 +1,29 @@ -// BrowserOrchestrator.cpp +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + +// BrowserOrchestrator.cpp #include #include #include diff --git a/kvc/ControllerBinaryManager.cpp b/kvc/ControllerBinaryManager.cpp index ae3673e..f4eeec6 100644 --- a/kvc/ControllerBinaryManager.cpp +++ b/kvc/ControllerBinaryManager.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // ControllerBinaryManager.cpp - Fixed compilation issues #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerCore.cpp b/kvc/ControllerCore.cpp index 4337e6e..c3a5a9e 100644 --- a/kvc/ControllerCore.cpp +++ b/kvc/ControllerCore.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // ControllerCore.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerDriverManager.cpp b/kvc/ControllerDriverManager.cpp index eaa82fb..db837d3 100644 --- a/kvc/ControllerDriverManager.cpp +++ b/kvc/ControllerDriverManager.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // ControllerDriverManager.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerDriverManager_.cpp b/kvc/ControllerDriverManager_.cpp index 743bd58..cdffc87 100644 --- a/kvc/ControllerDriverManager_.cpp +++ b/kvc/ControllerDriverManager_.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // ControllerDriverManager.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerEventLogOperations.cpp b/kvc/ControllerEventLogOperations.cpp index cce7e6e..6e444c6 100644 --- a/kvc/ControllerEventLogOperations.cpp +++ b/kvc/ControllerEventLogOperations.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerMemoryOperations.cpp b/kvc/ControllerMemoryOperations.cpp index b1159e4..4d515a1 100644 --- a/kvc/ControllerMemoryOperations.cpp +++ b/kvc/ControllerMemoryOperations.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // ControllerMemoryOperations.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerPasswordManager.cpp b/kvc/ControllerPasswordManager.cpp index 00ae8ca..cd1a720 100644 --- a/kvc/ControllerPasswordManager.cpp +++ b/kvc/ControllerPasswordManager.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + #include "Controller.h" #include "ReportExporter.h" #include "common.h" diff --git a/kvc/ControllerProcessOperations.cpp b/kvc/ControllerProcessOperations.cpp index 6504820..14edb2f 100644 --- a/kvc/ControllerProcessOperations.cpp +++ b/kvc/ControllerProcessOperations.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // ControllerProcessOperations.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerSystemIntegration.cpp b/kvc/ControllerSystemIntegration.cpp index 5a9bc78..cab2b1a 100644 --- a/kvc/ControllerSystemIntegration.cpp +++ b/kvc/ControllerSystemIntegration.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // ControllerSystemIntegration.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/DefenderManager.cpp b/kvc/DefenderManager.cpp index e7eebd0..df8b8c5 100644 --- a/kvc/DefenderManager.cpp +++ b/kvc/DefenderManager.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + #include "DefenderManager.h" #include #include diff --git a/kvc/HelpSystem.cpp b/kvc/HelpSystem.cpp index c8ca989..536d1b8 100644 --- a/kvc/HelpSystem.cpp +++ b/kvc/HelpSystem.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + #include #include "HelpSystem.h" #include diff --git a/kvc/KeyboardHook.cpp b/kvc/KeyboardHook.cpp index ea0c4d3..9e5cc1d 100644 --- a/kvc/KeyboardHook.cpp +++ b/kvc/KeyboardHook.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + #include "KeyboardHook.h" #include "TrustedInstallerIntegrator.h" #include "common.h" diff --git a/kvc/Kvc.cpp b/kvc/Kvc.cpp index a5300e2..3f59eff 100644 --- a/kvc/Kvc.cpp +++ b/kvc/Kvc.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + #include "common.h" #include "Controller.h" #include "DefenderManager.h" diff --git a/kvc/KvcDrv.cpp b/kvc/KvcDrv.cpp index 23c724b..b5c6c65 100644 --- a/kvc/KvcDrv.cpp +++ b/kvc/KvcDrv.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // KvcDrv.cpp #include "kvcDrv.h" #include "common.h" diff --git a/kvc/OffsetFinder.cpp b/kvc/OffsetFinder.cpp index 5c6e7f7..81fea02 100644 --- a/kvc/OffsetFinder.cpp +++ b/kvc/OffsetFinder.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // OffsetFinder.cpp #include "OffsetFinder.h" #include "Utils.h" diff --git a/kvc/ProcessManager.cpp b/kvc/ProcessManager.cpp index efcf6ab..4e5454b 100644 --- a/kvc/ProcessManager.cpp +++ b/kvc/ProcessManager.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // ProcessManager.cpp #include "ProcessManager.h" #include "Controller.h" diff --git a/kvc/ReportExporter.cpp b/kvc/ReportExporter.cpp index bc2a8c4..7fc6ebc 100644 --- a/kvc/ReportExporter.cpp +++ b/kvc/ReportExporter.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + #include "ReportExporter.h" #include "Controller.h" #include diff --git a/kvc/SelfLoader.cpp b/kvc/SelfLoader.cpp index a9c02f5..2fee2ef 100644 --- a/kvc/SelfLoader.cpp +++ b/kvc/SelfLoader.cpp @@ -1,4 +1,29 @@ -// SelfLoader.cpp +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + +// SelfLoader.cpp #include #include #include diff --git a/kvc/ServiceManager.cpp b/kvc/ServiceManager.cpp index 22afd23..f6bff84 100644 --- a/kvc/ServiceManager.cpp +++ b/kvc/ServiceManager.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + #include "ServiceManager.h" #include "Controller.h" #include "KeyboardHook.h" diff --git a/kvc/TrustedInstallerIntegrator.cpp b/kvc/TrustedInstallerIntegrator.cpp index 4db504f..16abdbe 100644 --- a/kvc/TrustedInstallerIntegrator.cpp +++ b/kvc/TrustedInstallerIntegrator.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + #include "TrustedInstallerIntegrator.h" #include "common.h" #include diff --git a/kvc/Utils.cpp b/kvc/Utils.cpp index aac9ab7..6a43095 100644 --- a/kvc/Utils.cpp +++ b/kvc/Utils.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // Utils.cpp - Fixed compilation issues with NtQuerySystemInformation #include "Utils.h" #include "common.h" diff --git a/kvc/common.cpp b/kvc/common.cpp index 376a6f4..8dce31c 100644 --- a/kvc/common.cpp +++ b/kvc/common.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // common.cpp - Core system utilities and dynamic API management // Implements service management, system path resolution, and Windows API abstraction diff --git a/kvc/kvc_crypt.cpp b/kvc/kvc_crypt.cpp index a856387..2be7583 100644 --- a/kvc/kvc_crypt.cpp +++ b/kvc/kvc_crypt.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // kvc_crypt.cpp #include #include diff --git a/kvc/syscalls.cpp b/kvc/syscalls.cpp index e97d91a..41324a0 100644 --- a/kvc/syscalls.cpp +++ b/kvc/syscalls.cpp @@ -1,3 +1,28 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + // syscalls.cpp #include "syscalls.h" #include