[framework] Functions in DLLs
Vlad Tsyrklevich
vlad902 at gmail.com
Sat Apr 5 18:10:47 CDT 2008
Alternatively you could also look at/use the following nasm macro:
; HASH - NASM macro for calculating win32 symbol hashes
; (c) Jarkko Turkulainen
%macro HASH 2
%assign i 1 ; i = 1
%assign h 0 ; h = 0
%strlen len %2 ; len = strlen(%2)
%rep len
%substr char %2 i ; fetch next character
%assign h \
(h<<0x13) + \
(h>>0x0d) + \
char ; rotate and add
%assign i i+1 ; increment i
%endrep
%1 h ; return instruction with hash
%endmacro
Useful to be able to inline hashes into your asm like so:
HASH push, 'LoadLibraryA'
On Sat, Apr 5, 2008 at 3:34 PM, <mmiller at hick.org> wrote:
> On Sun, Apr 06, 2008 at 08:15:48AM +1000, Ty Miller wrote:
> > In that paper that you recommended, there is no mention of the hashing
> > algorithm used. Do you know what it is, or do you have some code to create
> > the hashes?
>
> Metasploit 2 has an implementation in lib/Pex/Utils.pm, the RorHash
> function. I believe the LSD assembly components paper talks about the
> hash algorithm but it has been a while since I looked.
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework
>
More information about the Framework
mailing list