Aktualizacja: 2025-10-02 12:44:45
This commit is contained in:
wesmar
@@ -27,9 +27,10 @@
|
|||||||
<UseOfMfc>false</UseOfMfc>
|
<UseOfMfc>false</UseOfMfc>
|
||||||
<CLRSupport>false</CLRSupport>
|
<CLRSupport>false</CLRSupport>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||||
|
<ImportGroup Label="ExtensionSettings">
|
||||||
|
<Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
|
||||||
|
</ImportGroup>
|
||||||
<ImportGroup Label="ExtensionSettings">
|
<ImportGroup Label="ExtensionSettings">
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="Shared">
|
<ImportGroup Label="Shared">
|
||||||
@@ -143,7 +144,9 @@
|
|||||||
<ClInclude Include="KeyboardHook.h" />
|
<ClInclude Include="KeyboardHook.h" />
|
||||||
<ClInclude Include="HelpSystem.h" />
|
<ClInclude Include="HelpSystem.h" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<MASM Include="RuntimeStr.asm" />
|
||||||
|
</ItemGroup>
|
||||||
<!-- Resource Files -->
|
<!-- Resource Files -->
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<Image Include="ICON\kvc.ico" />
|
<Image Include="ICON\kvc.ico" />
|
||||||
@@ -154,5 +157,6 @@
|
|||||||
|
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||||
<ImportGroup Label="ExtensionTargets">
|
<ImportGroup Label="ExtensionTargets">
|
||||||
|
<Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
</Project>
|
</Project>
|
||||||
58
kvc/RuntimeStr.asm
Normal file
58
kvc/RuntimeStr.asm
Normal file
@@ -0,0 +1,58 @@
|
|||||||
|
; RuntimeStr.asm - Runtime string configuration provider by WESMAR
|
||||||
|
; Provides configuration strings for kernel operations
|
||||||
|
; Uses XOR encoding to avoid static string detection in binary analysis
|
||||||
|
|
||||||
|
.data
|
||||||
|
ALIGN 8
|
||||||
|
; XOR-encoded wide string data (key: 0ABh)
|
||||||
|
; Decoded at runtime to prevent static analysis detection
|
||||||
|
g_EncodedData dw 00F9h, 00FFh, 00E8h, 00C4h, 00D9h, 00CEh, 009Dh, 009Fh, 00ABh
|
||||||
|
|
||||||
|
; XOR decoding key for runtime string reconstruction
|
||||||
|
g_XorKey dw 00ABh
|
||||||
|
|
||||||
|
; Static buffer for decoded wide string (thread-safe for read-only service name)
|
||||||
|
g_DecodedBuffer dw 9 dup(0)
|
||||||
|
|
||||||
|
.code
|
||||||
|
ALIGN 16
|
||||||
|
PUBLIC GetServiceNameRaw
|
||||||
|
|
||||||
|
; Runtime string decoder for kernel driver service configuration
|
||||||
|
; Decodes XOR-obfuscated wide string to prevent static string analysis
|
||||||
|
; Returns: Pointer to decoded null-terminated wide string (const wchar_t*)
|
||||||
|
; Thread-safety: Safe for concurrent reads after first decode
|
||||||
|
GetServiceNameRaw PROC
|
||||||
|
push rbx
|
||||||
|
push rdi
|
||||||
|
push rsi
|
||||||
|
sub rsp, 20h ; Allocate shadow space for x64 calling convention
|
||||||
|
|
||||||
|
; Setup decode parameters
|
||||||
|
lea rsi, g_EncodedData ; Source: encoded data
|
||||||
|
lea rdi, g_DecodedBuffer ; Destination: decoded buffer
|
||||||
|
mov rcx, 9 ; String length including null terminator (FIXED: full 64-bit register)
|
||||||
|
movzx ebx, word ptr g_XorKey ; Load XOR key into register
|
||||||
|
|
||||||
|
decode_loop:
|
||||||
|
; XOR decode: encoded_char XOR key = original_char
|
||||||
|
movzx eax, word ptr [rsi] ; Load encoded wide character
|
||||||
|
xor ax, bx ; Apply XOR decoding
|
||||||
|
mov word ptr [rdi], ax ; Store decoded character
|
||||||
|
|
||||||
|
; Advance pointers
|
||||||
|
add rsi, 2 ; Next wide char (2 bytes)
|
||||||
|
add rdi, 2
|
||||||
|
loop decode_loop ; Decrement RCX and loop
|
||||||
|
|
||||||
|
; Return pointer to decoded string
|
||||||
|
lea rax, g_DecodedBuffer
|
||||||
|
|
||||||
|
; Restore stack and non-volatile registers
|
||||||
|
add rsp, 20h
|
||||||
|
pop rsi
|
||||||
|
pop rdi
|
||||||
|
pop rbx
|
||||||
|
ret
|
||||||
|
GetServiceNameRaw ENDP
|
||||||
|
END
|
||||||
@@ -227,13 +227,15 @@ std::wstring GetCurrentExecutablePath() noexcept
|
|||||||
return std::wstring(path);
|
return std::wstring(path);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get kernel driver service name for RTCore64 operations
|
// External assembly function that returns raw pointer to service name
|
||||||
|
extern "C" const wchar_t* GetServiceNameRaw();
|
||||||
|
|
||||||
|
// C++ wrapper converting ASM raw pointer to std::wstring
|
||||||
// Returns: Wide string containing driver service identifier
|
// Returns: Wide string containing driver service identifier
|
||||||
std::wstring GetServiceName() noexcept
|
std::wstring GetServiceName() noexcept
|
||||||
{
|
{
|
||||||
return L"RTCore64";
|
return std::wstring(GetServiceNameRaw());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get kernel driver filename for file operations
|
// Get kernel driver filename for file operations
|
||||||
// Returns: Wide string containing driver file name
|
// Returns: Wide string containing driver file name
|
||||||
std::wstring GetDriverFileName() noexcept
|
std::wstring GetDriverFileName() noexcept
|
||||||
|
|||||||
@@ -197,7 +197,8 @@ extern volatile bool g_interrupted;
|
|||||||
|
|
||||||
// Core driver functions
|
// Core driver functions
|
||||||
bool InitDynamicAPIs() noexcept;
|
bool InitDynamicAPIs() noexcept;
|
||||||
std::wstring GetServiceName() noexcept;
|
extern "C" const wchar_t* GetServiceNameRaw(); // ASM function
|
||||||
|
std::wstring GetServiceName() noexcept; // C++ wrapper
|
||||||
std::wstring GetDriverFileName() noexcept;
|
std::wstring GetDriverFileName() noexcept;
|
||||||
void GenerateFakeActivity() noexcept;
|
void GenerateFakeActivity() noexcept;
|
||||||
std::wstring GetSystemTempPath() noexcept;
|
std::wstring GetSystemTempPath() noexcept;
|
||||||
|
|||||||
Reference in New Issue
Block a user