Aktualizacja: 2025-10-05 13:34:19
This commit is contained in:
wesmar
@@ -1129,15 +1129,16 @@ bool Controller::ListProcessesBySigner(const std::wstring& signerName) noexcept
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!foundAny) {
|
if (!foundAny) {
|
||||||
std::wcout << L"\nNo processes found with signer type: " << signerName << L"\n";
|
std::wcout << Utils::ProcessColors::RESET // RESET koloru przed komunikatem!
|
||||||
return false;
|
<< L"\nNo processes found with signer type: " << signerName << L"\n";
|
||||||
}
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
std::wcout << Utils::ProcessColors::GREEN
|
std::wcout << Utils::ProcessColors::GREEN
|
||||||
<< L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n"
|
<< L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n"
|
||||||
<< Utils::ProcessColors::RESET;
|
<< Utils::ProcessColors::RESET;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -1176,48 +1177,37 @@ bool Controller::GetProcessProtection(DWORD pid) noexcept
|
|||||||
auto sigLevelOffset = m_of->GetOffset(Offset::ProcessSignatureLevel);
|
auto sigLevelOffset = m_of->GetOffset(Offset::ProcessSignatureLevel);
|
||||||
auto secSigLevelOffset = m_of->GetOffset(Offset::ProcessSectionSignatureLevel);
|
auto secSigLevelOffset = m_of->GetOffset(Offset::ProcessSectionSignatureLevel);
|
||||||
|
|
||||||
UCHAR signatureLevel = sigLevelOffset ? m_rtc->Read8(kernelAddr.value() + sigLevelOffset.value()).value_or(0) : 0;
|
UCHAR signatureLevel = sigLevelOffset ?
|
||||||
UCHAR sectionSignatureLevel = secSigLevelOffset ? m_rtc->Read8(kernelAddr.value() + secSigLevelOffset.value()).value_or(0) : 0;
|
m_rtc->Read8(kernelAddr.value() + sigLevelOffset.value()).value_or(0) : 0;
|
||||||
|
UCHAR sectionSignatureLevel = secSigLevelOffset ?
|
||||||
|
m_rtc->Read8(kernelAddr.value() + secSigLevelOffset.value()).value_or(0) : 0;
|
||||||
|
|
||||||
std::wstring processName = Utils::GetProcessName(pid);
|
std::wstring processName = Utils::GetProcessName(pid);
|
||||||
|
|
||||||
HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
|
// Enable ANSI colors
|
||||||
CONSOLE_SCREEN_BUFFER_INFO consoleInfo;
|
if (!Utils::EnableConsoleVirtualTerminal()) {
|
||||||
GetConsoleScreenBufferInfo(hConsole, &consoleInfo);
|
ERROR(L"Failed to enable console colors");
|
||||||
WORD originalColor = consoleInfo.wAttributes;
|
}
|
||||||
|
|
||||||
if (protLevel == 0) {
|
if (protLevel == 0) {
|
||||||
wprintf(L"[*] PID %d (%s) is not protected\n", pid, processName.c_str());
|
std::wcout << L"[*] PID " << pid << L" (" << processName << L") is not protected\n";
|
||||||
} else {
|
} else {
|
||||||
WORD protectionColor;
|
// Use GetProcessDisplayColor() for consistent colors with "kvc list"
|
||||||
if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa)) {
|
const wchar_t* color = Utils::GetProcessDisplayColor(
|
||||||
protectionColor = FOREGROUND_RED | FOREGROUND_INTENSITY;
|
signerType, signatureLevel, sectionSignatureLevel);
|
||||||
}
|
|
||||||
else if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) ||
|
|
||||||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem) ||
|
|
||||||
signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows)) {
|
|
||||||
protectionColor = FOREGROUND_GREEN | FOREGROUND_INTENSITY;
|
|
||||||
}
|
|
||||||
else if (signerType == static_cast<UCHAR>(PS_PROTECTED_SIGNER::Antimalware)) {
|
|
||||||
protectionColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
protectionColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY;
|
|
||||||
}
|
|
||||||
|
|
||||||
SetConsoleTextAttribute(hConsole, protectionColor);
|
std::wcout << color
|
||||||
wprintf(L"[*] PID %d (%s) protection: %s-%s (raw: 0x%02x)\n",
|
<< L"[*] PID " << pid << L" (" << processName << L") protection: "
|
||||||
pid, processName.c_str(),
|
<< Utils::GetProtectionLevelAsString(protLevel) << L"-"
|
||||||
Utils::GetProtectionLevelAsString(protLevel),
|
<< Utils::GetSignerTypeAsString(signerType)
|
||||||
Utils::GetSignerTypeAsString(signerType),
|
<< L" (raw: 0x" << std::hex << std::uppercase << (int)currentProtection.value()
|
||||||
currentProtection.value());
|
<< std::dec << L")\n"
|
||||||
SetConsoleTextAttribute(hConsole, originalColor);
|
<< Utils::ProcessColors::RESET;
|
||||||
}
|
}
|
||||||
|
|
||||||
EndDriverSession(true);
|
EndDriverSession(true);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
// PROCESS INFORMATION BY NAME
|
// PROCESS INFORMATION BY NAME
|
||||||
// ============================================================================
|
// ============================================================================
|
||||||
|
|||||||
Reference in New Issue
Block a user