-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathfind-api-hash.py
More file actions
30 lines (26 loc) · 963 Bytes
/
find-api-hash.py
File metadata and controls
30 lines (26 loc) · 963 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Script file from https://simonuvarov.com/msfvenom-reverse-tcp-waitforsingleobject/
# use to fine the hash of Windows API calls. These hashes are used in Metasploit shellcode.
def ror( dword, bits ):
return ( dword >> bits | dword << ( 32 - bits ) ) & 0xFFFFFFFF
def unicode( string, uppercase=True ):
result = "";
if uppercase:
string = string.upper()
for c in string:
result += c + "\x00"
return result
def hash( module, function, bits=13, print_hash=True ):
module_hash = 0
function_hash = 0
for c in unicode( module + "\x00" ):
module_hash = ror( module_hash, bits )
module_hash += ord( c )
for c in str( function + "\x00" ):
function_hash = ror( function_hash, bits )
function_hash += ord( c )
h = module_hash + function_hash & 0xFFFFFFFF
if print_hash:
print "[+] 0x%08X = %s!%s" % ( h, module.lower(), function )
return h
if __name__ == '__main__':
hash('kernel32.dll', 'WaitForSingleObject')