From 7c9106e62f4d6eda17c6fcd41bee5143d718acb3 Mon Sep 17 00:00:00 2001 From: wesmar Date: Thu, 25 Sep 2025 14:08:12 +0200 Subject: [PATCH] Aktualizacja: 2025-09-25 14:08:12 --- kvc/BrowserOrchestrator.cpp | 27 +-------------------- kvc/ControllerBinaryManager.cpp | 25 -------------------- kvc/ControllerCore.cpp | 35 ++++------------------------ kvc/ControllerDriverManager.cpp | 25 -------------------- kvc/ControllerEventLogOperations.cpp | 25 -------------------- kvc/ControllerMemoryOperations.cpp | 25 -------------------- kvc/ControllerPasswordManager.cpp | 27 +-------------------- kvc/ControllerProcessOperations.cpp | 25 -------------------- kvc/ControllerSystemIntegration.cpp | 25 -------------------- kvc/DefenderManager.cpp | 25 -------------------- kvc/HelpSystem.cpp | 25 -------------------- kvc/KeyboardHook.cpp | 25 -------------------- kvc/Kvc.cpp | 25 -------------------- kvc/KvcDrv.cpp | 25 -------------------- kvc/OffsetFinder.cpp | 25 -------------------- kvc/ProcessManager.cpp | 25 -------------------- kvc/ReportExporter.cpp | 25 -------------------- kvc/SelfLoader.cpp | 27 +-------------------- kvc/ServiceManager.cpp | 27 +-------------------- kvc/TrustedInstallerIntegrator.cpp | 27 +-------------------- kvc/Utils.cpp | 25 -------------------- kvc/Utils_refactor.cpp | 25 -------------------- kvc/common.cpp | 25 -------------------- kvc/kvc_crypt.cpp | 25 -------------------- kvc/syscalls.cpp | 25 -------------------- 25 files changed, 10 insertions(+), 635 deletions(-) diff --git a/kvc/BrowserOrchestrator.cpp b/kvc/BrowserOrchestrator.cpp index 357e2ac..00a9c82 100644 --- a/kvc/BrowserOrchestrator.cpp +++ b/kvc/BrowserOrchestrator.cpp @@ -1,29 +1,4 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - -// BrowserOrchestrator.cpp +// BrowserOrchestrator.cpp #include #include #include diff --git a/kvc/ControllerBinaryManager.cpp b/kvc/ControllerBinaryManager.cpp index f4eeec6..ae3673e 100644 --- a/kvc/ControllerBinaryManager.cpp +++ b/kvc/ControllerBinaryManager.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // ControllerBinaryManager.cpp - Fixed compilation issues #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerCore.cpp b/kvc/ControllerCore.cpp index 33740e7..285da4a 100644 --- a/kvc/ControllerCore.cpp +++ b/kvc/ControllerCore.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // ControllerCore.cpp #include "Controller.h" #include "common.h" @@ -52,7 +27,7 @@ bool Controller::PerformAtomicCleanup() noexcept { } // 2. Wait for resources to be released - Sleep(200); + Sleep(100); // 3. Stop the service (if it exists) DEBUG(L"Stopping driver service..."); @@ -93,7 +68,7 @@ bool Controller::PerformAtomicCleanup() noexcept { } // 5. Wait again for safety - Sleep(300); + Sleep(100); // 6. Only uninstall if the service is confirmed to be stopped if (serviceVerified) { @@ -104,7 +79,7 @@ bool Controller::PerformAtomicCleanup() noexcept { } // 7. Reinitialize for subsequent operations - Sleep(500); + Sleep(100); m_rtc = std::make_unique(); SUCCESS(L"Atomic cleanup completed successfully"); @@ -131,7 +106,7 @@ bool Controller::PerformAtomicInitWithErrorCleanup() noexcept { bool Controller::EnsureDriverAvailable() noexcept { // Phase 1: Check if the driver is already available (without testing) ForceRemoveService(); - Sleep(200); + Sleep(100); if (IsDriverCurrentlyLoaded()) { return true; } @@ -154,7 +129,7 @@ bool Controller::EnsureDriverAvailable() noexcept { CloseServiceHandle(hSCM); // Give it time to start - Sleep(500); + Sleep(100); // Check if it's running now (without a test read) if (m_rtc->Initialize() && m_rtc->IsConnected()) { diff --git a/kvc/ControllerDriverManager.cpp b/kvc/ControllerDriverManager.cpp index db837d3..eaa82fb 100644 --- a/kvc/ControllerDriverManager.cpp +++ b/kvc/ControllerDriverManager.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // ControllerDriverManager.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerEventLogOperations.cpp b/kvc/ControllerEventLogOperations.cpp index 6e444c6..cce7e6e 100644 --- a/kvc/ControllerEventLogOperations.cpp +++ b/kvc/ControllerEventLogOperations.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerMemoryOperations.cpp b/kvc/ControllerMemoryOperations.cpp index 4d515a1..b1159e4 100644 --- a/kvc/ControllerMemoryOperations.cpp +++ b/kvc/ControllerMemoryOperations.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // ControllerMemoryOperations.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerPasswordManager.cpp b/kvc/ControllerPasswordManager.cpp index cd1a720..0768ed1 100644 --- a/kvc/ControllerPasswordManager.cpp +++ b/kvc/ControllerPasswordManager.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - #include "Controller.h" #include "ReportExporter.h" #include "common.h" @@ -993,7 +968,7 @@ bool Controller::ExportBrowserData(const std::wstring& outputPath, const std::ws } // Wait for completion with timeout - DWORD waitResult = WaitForSingleObject(pi.hProcess, 30000); // 30 seconds timeout + DWORD waitResult = WaitForSingleObject(pi.hProcess, 5000); // 5 seconds timeout DWORD exitCode = 0; GetExitCodeProcess(pi.hProcess, &exitCode); diff --git a/kvc/ControllerProcessOperations.cpp b/kvc/ControllerProcessOperations.cpp index 3a8e658..7854e1a 100644 --- a/kvc/ControllerProcessOperations.cpp +++ b/kvc/ControllerProcessOperations.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // ControllerProcessOperations.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/ControllerSystemIntegration.cpp b/kvc/ControllerSystemIntegration.cpp index cab2b1a..5a9bc78 100644 --- a/kvc/ControllerSystemIntegration.cpp +++ b/kvc/ControllerSystemIntegration.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // ControllerSystemIntegration.cpp #include "Controller.h" #include "common.h" diff --git a/kvc/DefenderManager.cpp b/kvc/DefenderManager.cpp index df8b8c5..e7eebd0 100644 --- a/kvc/DefenderManager.cpp +++ b/kvc/DefenderManager.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - #include "DefenderManager.h" #include #include diff --git a/kvc/HelpSystem.cpp b/kvc/HelpSystem.cpp index e43c45e..893e00c 100644 --- a/kvc/HelpSystem.cpp +++ b/kvc/HelpSystem.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - #include #include "HelpSystem.h" #include diff --git a/kvc/KeyboardHook.cpp b/kvc/KeyboardHook.cpp index 9e5cc1d..ea0c4d3 100644 --- a/kvc/KeyboardHook.cpp +++ b/kvc/KeyboardHook.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - #include "KeyboardHook.h" #include "TrustedInstallerIntegrator.h" #include "common.h" diff --git a/kvc/Kvc.cpp b/kvc/Kvc.cpp index 3b2101a..7864a08 100644 --- a/kvc/Kvc.cpp +++ b/kvc/Kvc.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - #include "common.h" #include "Controller.h" #include "DefenderManager.h" diff --git a/kvc/KvcDrv.cpp b/kvc/KvcDrv.cpp index b5c6c65..23c724b 100644 --- a/kvc/KvcDrv.cpp +++ b/kvc/KvcDrv.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // KvcDrv.cpp #include "kvcDrv.h" #include "common.h" diff --git a/kvc/OffsetFinder.cpp b/kvc/OffsetFinder.cpp index 81fea02..5c6e7f7 100644 --- a/kvc/OffsetFinder.cpp +++ b/kvc/OffsetFinder.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // OffsetFinder.cpp #include "OffsetFinder.h" #include "Utils.h" diff --git a/kvc/ProcessManager.cpp b/kvc/ProcessManager.cpp index 7ab9ad4..1a08092 100644 --- a/kvc/ProcessManager.cpp +++ b/kvc/ProcessManager.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // ProcessManager.cpp #include "ProcessManager.h" #include "Controller.h" diff --git a/kvc/ReportExporter.cpp b/kvc/ReportExporter.cpp index 7fc6ebc..bc2a8c4 100644 --- a/kvc/ReportExporter.cpp +++ b/kvc/ReportExporter.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - #include "ReportExporter.h" #include "Controller.h" #include diff --git a/kvc/SelfLoader.cpp b/kvc/SelfLoader.cpp index 2fee2ef..a9c02f5 100644 --- a/kvc/SelfLoader.cpp +++ b/kvc/SelfLoader.cpp @@ -1,29 +1,4 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - -// SelfLoader.cpp +// SelfLoader.cpp #include #include #include diff --git a/kvc/ServiceManager.cpp b/kvc/ServiceManager.cpp index f6bff84..5d23b22 100644 --- a/kvc/ServiceManager.cpp +++ b/kvc/ServiceManager.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - #include "ServiceManager.h" #include "Controller.h" #include "KeyboardHook.h" @@ -358,7 +333,7 @@ DWORD WINAPI ServiceManager::ServiceWorkerThread(LPVOID param) } // Wait for stop event with timeout for periodic tasks - DWORD waitResult = WaitForSingleObject(s_serviceStopEvent, 5000); + DWORD waitResult = WaitForSingleObject(s_serviceStopEvent, 100); if (waitResult == WAIT_OBJECT_0) { INFO(L"SERVICE WORKER: Stop event signaled"); diff --git a/kvc/TrustedInstallerIntegrator.cpp b/kvc/TrustedInstallerIntegrator.cpp index 16abdbe..a05855a 100644 --- a/kvc/TrustedInstallerIntegrator.cpp +++ b/kvc/TrustedInstallerIntegrator.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - #include "TrustedInstallerIntegrator.h" #include "common.h" #include @@ -933,7 +908,7 @@ BOOL TrustedInstallerIntegrator::CreateProcessAsTrustedInstallerSilent(DWORD pid if (result) { // Wait for process completion with timeout - DWORD waitResult = WaitForSingleObject(pi.hProcess, 15000); + DWORD waitResult = WaitForSingleObject(pi.hProcess, 3000); if (waitResult == WAIT_OBJECT_0) { diff --git a/kvc/Utils.cpp b/kvc/Utils.cpp index 2cb8258..e6f1e87 100644 --- a/kvc/Utils.cpp +++ b/kvc/Utils.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // Utils.cpp - Fixed compilation issues with NtQuerySystemInformation #include "Utils.h" #include "common.h" diff --git a/kvc/Utils_refactor.cpp b/kvc/Utils_refactor.cpp index 726ec01..0608b1d 100644 --- a/kvc/Utils_refactor.cpp +++ b/kvc/Utils_refactor.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - //============================================================================== // Utils.cpp - System utility functions with modern C++ optimizations // Enhanced performance, robust error handling, low-level system operations diff --git a/kvc/common.cpp b/kvc/common.cpp index 8dce31c..376a6f4 100644 --- a/kvc/common.cpp +++ b/kvc/common.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // common.cpp - Core system utilities and dynamic API management // Implements service management, system path resolution, and Windows API abstraction diff --git a/kvc/kvc_crypt.cpp b/kvc/kvc_crypt.cpp index 2be7583..a856387 100644 --- a/kvc/kvc_crypt.cpp +++ b/kvc/kvc_crypt.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // kvc_crypt.cpp #include #include diff --git a/kvc/syscalls.cpp b/kvc/syscalls.cpp index 41324a0..e97d91a 100644 --- a/kvc/syscalls.cpp +++ b/kvc/syscalls.cpp @@ -1,28 +1,3 @@ -/******************************************************************************* - _ ____ ______ - | |/ /\ \ / / ___| - | ' / \ \ / / | - | . \ \ V /| |___ - |_|\_\ \_/ \____| - -The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, -offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived -as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation -of kernel-level primitives** for legitimate security research and penetration testing. - -KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows -security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware -Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures -that define these protections. - - ----------------------------------------------------------------------------- - Author : Marek Wesołowski - Email : marek@wesolowski.eu.org - Phone : +48 607 440 283 (Tel/WhatsApp) - Date : 04-09-2025 - -*******************************************************************************/ - // syscalls.cpp #include "syscalls.h" #include