admin/kvc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Aktualizacja: 2025-09-25 09:44:54

Browse Source
This commit is contained in:
wesmar
2025-09-25 09:44:54 +02:00
parent 4f5417aeb6
commit fe69b81d9e
3 changed files with 116 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
kvc/ControllerProcessOperations.cpp
View File

@@ -671,79 +671,58 @@ bool Controller::GetProcessProtectionByName(const std::wstring& processName) noe
bool Controller::ListProtectedProcesses() noexcept { bool Controller::ListProtectedProcesses() noexcept {
if (!BeginDriverSession()) { if (!BeginDriverSession()) {
EndDriverSession(true); EndDriverSession(true);
return false; return false;
} }
auto processes = GetProcessList(); auto processes = GetProcessList();
DWORD count = 0; DWORD count = 0;
// Enable console virtual terminal processing for color output // Enable ANSI colors using Utils function
HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); if (!Utils::EnableConsoleVirtualTerminal()) {
DWORD consoleMode = 0; ERROR(L"Failed to enable console colors");
GetConsoleMode(hConsole, &consoleMode); }
SetConsoleMode(hConsole, consoleMode | ENABLE_VIRTUAL_TERMINAL_PROCESSING);
// ANSI color codes std::wcout << Utils::ProcessColors::GREEN;
auto GREEN = L"\033[92m";
auto YELLOW = L"\033[93m";
auto BLUE = L"\033[94m";
auto HEADER = L"\033[97;44m";
auto RESET = L"\033[0m";
std::wcout << GREEN;
std::wcout << L"\n -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n"; std::wcout << L"\n -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n";
std::wcout << HEADER; std::wcout << Utils::ProcessColors::HEADER;
std::wcout << L" PID | Process Name | Level | Signer | EXE sig. level | DLL sig. level | Kernel addr. "; std::wcout << L" PID | Process Name | Level | Signer | EXE sig. level | DLL sig. level | Kernel addr. ";
std::wcout << RESET << L"\n"; std::wcout << Utils::ProcessColors::RESET << L"\n";
std::wcout << GREEN; std::wcout << Utils::ProcessColors::GREEN;
std::wcout << L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n"; std::wcout << L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n";
for (const auto& entry : processes) { for (const auto& entry : processes) {
if (entry.ProtectionLevel > 0) { if (entry.ProtectionLevel > 0) {
const wchar_t* processColor = GREEN; // Use centralized color logic instead of duplicated code
const wchar_t* processColor = Utils::GetProcessDisplayColor(
// Color coding based on signature levels entry.SignerType,
bool hasUncheckedSignatures = (entry.SignatureLevel == 0x00 || entry.SectionSignatureLevel == 0x00); entry.SignatureLevel,
entry.SectionSignatureLevel
);
if (hasUncheckedSignatures) {
processColor = BLUE; // Blue for processes with unchecked signatures
} else {
// Check if it's a user process (non-system signer)
bool isUserProcess = (entry.SignerType != static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows) &&
entry.SignerType != static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) &&
entry.SignerType != static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem) &&
entry.SignerType != static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa));
processColor = isUserProcess ? YELLOW : GREEN;
}
std::wcout << processColor;
wchar_t buffer[512]; wchar_t buffer[512];
swprintf_s(buffer, L" %6d | %-28s | %-3s (%d) | %-11s (%d) | %-14s (0x%02x) | %-14s (0x%02x) | 0x%016llx\n", swprintf_s(buffer, L" %6d | %-28s | %-3s (%d) | %-11s (%d) | %-14s (0x%02x) | %-14s (0x%02x) | 0x%016llx\n",
entry.Pid, entry.Pid,
entry.ProcessName.c_str(), entry.ProcessName.length() > 28 ?
Utils::GetProtectionLevelAsString(entry.ProtectionLevel), (entry.ProcessName.substr(0, 25) + L"...").c_str() : entry.ProcessName.c_str(),
entry.ProtectionLevel, Utils::GetProtectionLevelAsString(entry.ProtectionLevel), entry.ProtectionLevel,
Utils::GetSignerTypeAsString(entry.SignerType), Utils::GetSignerTypeAsString(entry.SignerType), entry.SignerType,
entry.SignerType, Utils::GetSignatureLevelAsString(entry.SignatureLevel), entry.SignatureLevel,
Utils::GetSignatureLevelAsString(entry.SignatureLevel), Utils::GetSignatureLevelAsString(entry.SectionSignatureLevel), entry.SectionSignatureLevel,
entry.SignatureLevel, entry.KernelAddress);
Utils::GetSignatureLevelAsString(entry.SectionSignatureLevel),
entry.SectionSignatureLevel, std::wcout << processColor << buffer << Utils::ProcessColors::RESET;
entry.KernelAddress);
std::wcout << buffer;
count++; count++;
} }
} }
std::wcout << GREEN; std::wcout << Utils::ProcessColors::GREEN;
std::wcout << L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n"; std::wcout << L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n";
std::wcout << RESET << L"\n"; std::wcout << Utils::ProcessColors::RESET;
SUCCESS(L"Enumerated %d protected processes", count); SUCCESS(L"Listed %d protected processes", count);
EndDriverSession(true);
EndDriverSession(true); // Force cleanup return count > 0;
return true;
} }
// ============================================================================ // ============================================================================
@@ -1022,12 +1001,18 @@ bool Controller::UnprotectBySigner(const std::wstring& signerName) noexcept {
} else { } else {
INFO(L"Batch unprotection completed: %d/%d processes successfully unprotected", successCount, totalCount); INFO(L"Batch unprotection completed: %d/%d processes successfully unprotected", successCount, totalCount);
} }
// ZMIANA: Użyj force cleanup tak jak w ListProcessesBySigner
EndDriverSession(true); EndDriverSession(true);
return successCount > 0; return successCount > 0;
} }
/**
* Lists all processes that have the specified signer type.
* Displays process information in a formatted table including PID, name, protection level,
* signer type, signature levels, and kernel address.
*
* @param signerName The name of the signer type to filter by (e.g., "Windows", "Antimalware", "WinTcb")
* @return true if processes were found and displayed, false if signer type is invalid or no processes match
*/
bool Controller::ListProcessesBySigner(const std::wstring& signerName) noexcept { bool Controller::ListProcessesBySigner(const std::wstring& signerName) noexcept {
auto signerType = Utils::GetSignerTypeFromString(signerName); auto signerType = Utils::GetSignerTypeFromString(signerName);
if (!signerType) { if (!signerType) {
@@ -1035,63 +1020,76 @@ bool Controller::ListProcessesBySigner(const std::wstring& signerName) noexcept
return false; return false;
} }
// Pobierz dane PRZED operacjami konsoli
std::vector<ProcessEntry> processes; std::vector<ProcessEntry> processes;
if (!BeginDriverSession()) { if (!BeginDriverSession()) {
return false; return false;
} }
processes = GetProcessList(); // Pobierz dane gdy sterownik aktywny processes = GetProcessList(); // Collect data while driver is active
EndDriverSession(true); // Natychmiast zamknij sterownik EndDriverSession(true); // Close driver session immediately
// Reszta operacji BEZ sterownika // Enable ANSI colors - same as ListProtectedProcesses
HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); if (!Utils::EnableConsoleVirtualTerminal()) {
CONSOLE_SCREEN_BUFFER_INFO consoleInfo; ERROR(L"Failed to enable console colors");
GetConsoleScreenBufferInfo(hConsole, &consoleInfo); // Continue anyway, just without colors
WORD originalColor = consoleInfo.wAttributes; }
bool foundAny = false; bool foundAny = false;
INFO(L"Processes with signer: %s", signerName.c_str()); INFO(L"Processes with signer: %s", signerName.c_str());
// Use same table formatting as ListProtectedProcesses
std::wcout << Utils::ProcessColors::GREEN;
std::wcout << L"\n -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n";
std::wcout << Utils::ProcessColors::HEADER;
std::wcout << L" PID | Process Name | Level | Signer | EXE sig. level | DLL sig. level | Kernel addr. ";
std::wcout << Utils::ProcessColors::RESET << L"\n";
std::wcout << Utils::ProcessColors::GREEN;
std::wcout << L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n"; std::wcout << L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n";
std::wcout << L" PID | Process Name | Level | Signer | EXE sig. level | DLL sig. level | Kernel addr.\n"; std::wcout << Utils::ProcessColors::RESET;
std::wcout << L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n";
for (const auto& entry : processes) { for (const auto& entry : processes) {
if (entry.SignerType == signerType.value()) { if (entry.SignerType == signerType.value()) {
foundAny = true; foundAny = true;
if (entry.ProtectionLevel > 0) { // Use centralized color logic
SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY); const wchar_t* processColor = Utils::GetProcessDisplayColor(
} entry.SignerType,
entry.SignatureLevel,
entry.SectionSignatureLevel
);
wchar_t buffer[512]; wchar_t buffer[512];
swprintf_s(buffer, L" %6d | %-28s | %s (%d) | %s (%d) | %s (0x%02x) | %s (0x%02x) | 0x%016llx\n",
std::wcout << processColor; // Apply color
// Use consistent column widths and formatting
swprintf_s(buffer, L" %6d | %-28s | %-3s (%d) | %-11s (%d) | %-14s (0x%02x) | %-14s (0x%02x) | 0x%016llx\n",
entry.Pid, entry.Pid,
entry.ProcessName.length() > 28 ? (entry.ProcessName.substr(0, 25) + L"...").c_str() : entry.ProcessName.c_str(), entry.ProcessName.length() > 28 ?
(entry.ProcessName.substr(0, 25) + L"...").c_str() : entry.ProcessName.c_str(),
Utils::GetProtectionLevelAsString(entry.ProtectionLevel), entry.ProtectionLevel, Utils::GetProtectionLevelAsString(entry.ProtectionLevel), entry.ProtectionLevel,
Utils::GetSignerTypeAsString(entry.SignerType), entry.SignerType, Utils::GetSignerTypeAsString(entry.SignerType), entry.SignerType,
Utils::GetSignatureLevelAsString(entry.SignatureLevel), entry.SignatureLevel, Utils::GetSignatureLevelAsString(entry.SignatureLevel), entry.SignatureLevel,
Utils::GetSignatureLevelAsString(entry.SectionSignatureLevel), entry.SectionSignatureLevel, Utils::GetSignatureLevelAsString(entry.SectionSignatureLevel), entry.SectionSignatureLevel,
entry.KernelAddress entry.KernelAddress);
);
std::wcout << buffer; std::wcout << buffer;
std::wcout << Utils::ProcessColors::RESET; // Reset color after each line
SetConsoleTextAttribute(hConsole, originalColor);
} }
} }
std::wcout << L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n";
if (!foundAny) { if (!foundAny) {
INFO(L"No processes found with signer: %s", signerName.c_str()); std::wcout << L"\nNo processes found with signer type: " << signerName << L"\n";
return false;
} }
SetConsoleTextAttribute(hConsole, originalColor); std::wcout << Utils::ProcessColors::GREEN;
std::wcout << std::flush; std::wcout << L" -------+------------------------------+---------+-----------------+-----------------------+-----------------------+--------------------\n";
std::wcout << Utils::ProcessColors::RESET;
return foundAny; return true;
} }
// ============================================================================ // ============================================================================
// PROCESS NAME-BASED OPERATIONS // PROCESS NAME-BASED OPERATIONS

28
kvc/Utils.cpp
View File

@@ -888,4 +888,30 @@ namespace Utils
return {}; return {};
} }
} }
} // Color Functions Implementation
bool Utils::EnableConsoleVirtualTerminal() noexcept
{
HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
if (hConsole == INVALID_HANDLE_VALUE) return false;
DWORD consoleMode = 0;
if (!GetConsoleMode(hConsole, &consoleMode)) return false;
return SetConsoleMode(hConsole, consoleMode | ENABLE_VIRTUAL_TERMINAL_PROCESSING);
}
const wchar_t* Utils::GetProcessDisplayColor(UCHAR signerType, UCHAR signatureLevel, UCHAR sectionSignatureLevel) noexcept
{
bool hasUncheckedSignatures = (signatureLevel == 0x00 || sectionSignatureLevel == 0x00);
if (hasUncheckedSignatures) {
return ProcessColors::BLUE;
}
bool isUserProcess = (signerType != static_cast<UCHAR>(PS_PROTECTED_SIGNER::Windows) &&
signerType != static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinTcb) &&
signerType != static_cast<UCHAR>(PS_PROTECTED_SIGNER::WinSystem) &&
signerType != static_cast<UCHAR>(PS_PROTECTED_SIGNER::Lsa));
return isUserProcess ? ProcessColors::YELLOW : ProcessColors::GREEN;
}
}

14
kvc/Utils.h
View File

@@ -87,4 +87,16 @@ namespace Utils
std::vector<BYTE>& second) noexcept; std::vector<BYTE>& second) noexcept;
std::vector<BYTE> DecryptXOR(const std::vector<BYTE>& encryptedData, std::vector<BYTE> DecryptXOR(const std::vector<BYTE>& encryptedData,
const std::array<BYTE, 7>& key) noexcept; const std::array<BYTE, 7>& key) noexcept;
}
// Console coloring utilities for process display
struct ProcessColors {
static constexpr const wchar_t* GREEN = L"\033[92m";
static constexpr const wchar_t* YELLOW = L"\033[93m";
static constexpr const wchar_t* BLUE = L"\033[94m";
static constexpr const wchar_t* HEADER = L"\033[97;44m";
static constexpr const wchar_t* RESET = L"\033[0m";
};
bool EnableConsoleVirtualTerminal() noexcept;
const wchar_t* GetProcessDisplayColor(UCHAR signerType, UCHAR signatureLevel, UCHAR sectionSignatureLevel) noexcept;
}