DEV Community

How to hide strings in C++ binaries with consteval

The problem

Every C++ binary has strings. strings.exe reads them. Competitors see your API keys. Reverse engineers find your logic. Anti-cheat detects your function names.

The old way - xorstr (constexpr XOR)

auto key = xorstr_("my_api_key");

Problem: constexpr depends on the optimizer. MSVC doesn't fold it - plaintext leaks to .rodata. Also: dangling pointer in xorstr_() macro (returns char* from temporary).

StealthLib - consteval (compiler-independent)

auto key = S("my_api_key");

consteval forces compile-time evaluation on every compiler. Plaintext is consumed during translation - never emitted. Verified by binary_scan_test on MSVC + GCC + Clang.

Differential testing

Same strings, same compiler, same platform:

  • StealthLib: 7/7 PASS
  • xorstr: 3/7 FAIL (dangling pointer)

What else is inside

  • Hash-based API resolution (no API names in binary)
  • 4-channel anti-debug (PEB + NtQuery + rdtsc + DR registers)
  • IAT/EAT integrity checks
  • VM detection (CPUID + DMI + disk)
  • FIPS-180-4 SHA-256
  • Per-build key rotation (16 variants)
  • RAII auto re-encrypt guards

Quality

  • 6 SAST tools clean: PVS-Studio (0 findings), SonarCloud (A ratings), CodeQL, Coverity (0.17 density), Semgrep, Codacy.
  • 4.5 billion fuzz executions, 0 crashes.
  • 40 mutation tests, 100% killed.
  • 94.6% coverage.

GitHub

https://github.com/rolanfreeman6-png/stealthlib

Comments

No comments yet. Start the discussion.