admin/kvc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Aktualizacja: 2025-10-19 13:06:01

Browse Source
This commit is contained in:
wesmar
2025-10-19 13:06:01 +02:00
parent b6c670f485
commit 9aabcb3f3b
1 changed files with 71 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
kvc/ControllerDSE.cpp
View File

@@ -125,6 +125,16 @@ bool Controller::DisableDSE() noexcept {
INFO(L"No files will be permanently modified or deleted"); INFO(L"No files will be permanently modified or deleted");
std::wcout << L"\n"; std::wcout << L"\n";
// Single question - if Y, do everything; if N, do nothing
std::wcout << L"Reboot now to complete DSE bypass? [Y/N]: ";
wchar_t choice;
std::wcin >> choice;
if (choice != L'Y' && choice != L'y') {
INFO(L"HVCI bypass cancelled by user");
return true;
}
DEBUG(L"Closing driver handle before file operations..."); DEBUG(L"Closing driver handle before file operations...");
m_rtc->Cleanup(); m_rtc->Cleanup();
@@ -147,16 +157,12 @@ bool Controller::DisableDSE() noexcept {
ERROR(L"Failed to create RunOnce entry"); ERROR(L"Failed to create RunOnce entry");
return false; return false;
} }
SUCCESS(L"HVCI bypass prepared - reboot required"); SUCCESS(L"HVCI bypass prepared - reboot required");
INFO(L"Post-reboot: 'kvc dse' -> if 0x00000000 -> load driver -> 'kvc dse on'"); INFO(L"Post-reboot: 'kvc dse' -> if 0x00000000 -> load driver -> 'kvc dse on'");
INFO(L"Detection systems may scan for prolonged 0x00000000 state - restore quickly"); INFO(L"Detection systems may scan for prolonged 0x00000000 state - restore quickly");
INFO(L"Future Windows updates may enhance monitoring - disable Driver Signature Enforcement only when needed"); INFO(L"Future Windows updates may enhance monitoring - disable Driver Signature Enforcement only when needed");
std::wcout << L"\n";
std::wcout << L"Reboot now to complete DSE bypass? [Y/N]: ";
wchar_t choice;
std::wcin >> choice;
if (choice == L'Y' || choice == L'y') {
INFO(L"Initiating system reboot..."); INFO(L"Initiating system reboot...");
// Enable shutdown privilege // Enable shutdown privilege
@@ -175,11 +181,9 @@ bool Controller::DisableDSE() noexcept {
if (InitiateShutdownW(NULL, NULL, 0, SHUTDOWN_RESTART | SHUTDOWN_FORCE_OTHERS, SHTDN_REASON_MAJOR_SOFTWARE | SHTDN_REASON_MINOR_RECONFIGURE) != ERROR_SUCCESS) { if (InitiateShutdownW(NULL, NULL, 0, SHUTDOWN_RESTART | SHUTDOWN_FORCE_OTHERS, SHTDN_REASON_MAJOR_SOFTWARE | SHTDN_REASON_MINOR_RECONFIGURE) != ERROR_SUCCESS) {
ERROR(L"Failed to initiate reboot: %d", GetLastError()); ERROR(L"Failed to initiate reboot: %d", GetLastError());
} }
}
return true; return true;
} }
bool result = m_dseBypass->DisableDSE(); bool result = m_dseBypass->DisableDSE();
EndDriverSession(true); EndDriverSession(true);
@@ -211,7 +215,6 @@ bool Controller::RestoreDSE() noexcept {
} }
bool Controller::DisableDSEAfterReboot() noexcept { bool Controller::DisableDSEAfterReboot() noexcept {
// Check if this is actually post-reboot or just pending bypass // Check if this is actually post-reboot or just pending bypass
HKEY hKey = nullptr; HKEY hKey = nullptr;
bool actuallyPostReboot = false; bool actuallyPostReboot = false;
@@ -269,29 +272,7 @@ bool Controller::DisableDSEAfterReboot() noexcept {
return true; // Exit WITHOUT touching driver return true; // Exit WITHOUT touching driver
} }
// Continue with actual post-reboot bypass...
PerformAtomicCleanup(); PerformAtomicCleanup();
if (!BeginDriverSession()) { if (!BeginDriverSession()) {