Aktualizacja: 2025-10-02 12:44:45

kvc/Kvc.vcxproj

@@ -27,9 +27,10 @@
     <UseOfMfc>false</UseOfMfc>
     <CLRSupport>false</CLRSupport>
   </PropertyGroup>
-  
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  
+  <ImportGroup Label="ExtensionSettings">
+  <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
+  </ImportGroup>
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Label="Shared">
@@ -143,7 +144,9 @@
 	<ClInclude Include="KeyboardHook.h" />
 	<ClInclude Include="HelpSystem.h" />
   </ItemGroup>
-  
+  <ItemGroup>
+    <MASM Include="RuntimeStr.asm" />
+  </ItemGroup>
   <!-- Resource Files -->
   <ItemGroup>
     <Image Include="ICON\kvc.ico" />
@@ -154,5 +157,6 @@
   
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
+  <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
   </ImportGroup>
 </Project>

kvc/RuntimeStr.asm

@@ -0,0 +1,58 @@
+; RuntimeStr.asm - Runtime string configuration provider by WESMAR
+; Provides configuration strings for kernel operations
+; Uses XOR encoding to avoid static string detection in binary analysis
+
+.data
+ALIGN 8
+; XOR-encoded wide string data (key: 0ABh)
+; Decoded at runtime to prevent static analysis detection
+g_EncodedData dw 00F9h, 00FFh, 00E8h, 00C4h, 00D9h, 00CEh, 009Dh, 009Fh, 00ABh
+
+; XOR decoding key for runtime string reconstruction
+g_XorKey dw 00ABh
+
+; Static buffer for decoded wide string (thread-safe for read-only service name)
+g_DecodedBuffer dw 9 dup(0)
+
+.code
+ALIGN 16
+PUBLIC GetServiceNameRaw
+
+; Runtime string decoder for kernel driver service configuration
+; Decodes XOR-obfuscated wide string to prevent static string analysis
+; Returns: Pointer to decoded null-terminated wide string (const wchar_t*)
+; Thread-safety: Safe for concurrent reads after first decode
+GetServiceNameRaw PROC
+    push    rbx
+    push    rdi
+    push    rsi
+    sub     rsp, 20h              ; Allocate shadow space for x64 calling convention
+
+    ; Setup decode parameters
+    lea     rsi, g_EncodedData      ; Source: encoded data
+    lea     rdi, g_DecodedBuffer    ; Destination: decoded buffer
+    mov     rcx, 9                   ; String length including null terminator (FIXED: full 64-bit register)
+    movzx   ebx, word ptr g_XorKey  ; Load XOR key into register
+
+decode_loop:
+    ; XOR decode: encoded_char XOR key = original_char
+    movzx   eax, word ptr [rsi]     ; Load encoded wide character
+    xor     ax, bx                   ; Apply XOR decoding
+    mov     word ptr [rdi], ax       ; Store decoded character
+    
+    ; Advance pointers
+    add     rsi, 2                   ; Next wide char (2 bytes)
+    add     rdi, 2
+    loop    decode_loop              ; Decrement RCX and loop
+
+    ; Return pointer to decoded string
+    lea     rax, g_DecodedBuffer
+
+    ; Restore stack and non-volatile registers
+    add     rsp, 20h
+    pop     rsi
+    pop     rdi
+    pop     rbx
+    ret
+GetServiceNameRaw ENDP
+END

kvc/common.cpp

@@ -227,13 +227,15 @@ std::wstring GetCurrentExecutablePath() noexcept
     return std::wstring(path);
 }
 
-// Get kernel driver service name for RTCore64 operations  
+// External assembly function that returns raw pointer to service name
+extern "C" const wchar_t* GetServiceNameRaw();
+
+// C++ wrapper converting ASM raw pointer to std::wstring
 // Returns: Wide string containing driver service identifier
 std::wstring GetServiceName() noexcept 
 {
-    return L"RTCore64";
+    return std::wstring(GetServiceNameRaw());
 }
-
 // Get kernel driver filename for file operations
 // Returns: Wide string containing driver file name
 std::wstring GetDriverFileName() noexcept 

kvc/common.h

@@ -197,7 +197,8 @@ extern volatile bool g_interrupted;
 
 // Core driver functions
 bool InitDynamicAPIs() noexcept;
-std::wstring GetServiceName() noexcept;
+extern "C" const wchar_t* GetServiceNameRaw();  // ASM function
+std::wstring GetServiceName() noexcept;          // C++ wrapper
 std::wstring GetDriverFileName() noexcept;
 void GenerateFakeActivity() noexcept;
 std::wstring GetSystemTempPath() noexcept;