Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Functions in DLLs

From: vlad902 at gmail.com (Vlad Tsyrklevich)
Date: Sat, 5 Apr 2008 16:10:47 -0700
Alternatively you could also look at/use the following nasm macro:

  ; HASH - NASM macro for calculating win32 symbol hashes
  ; (c) Jarkko Turkulainen
  %macro HASH 2
    %assign i 1                 ; i = 1
    %assign h 0                 ; h = 0
    %strlen len %2              ; len = strlen(%2)
    %rep len
      %substr char %2 i ; fetch next character
      %assign h \
        (h<<0x13) + \
        (h>>0x0d) + \
        char            ; rotate and add
      %assign i i+1     ; increment i
    %endrep
    %1 h                ; return instruction with hash
  %endmacro

Useful to be able to inline hashes into your asm like so:
HASH push, 'LoadLibraryA'


On Sat, Apr 5, 2008 at 3:34 PM,  <mmiller at hick.org> wrote:

On Sun, Apr 06, 2008 at 08:15:48AM +1000, Ty Miller wrote:
 > In that paper that you recommended, there is no mention of the hashing
 > algorithm used. Do you know what it is, or do you have some code to create
 > the hashes?

 Metasploit 2 has an implementation in lib/Pex/Utils.pm, the RorHash
 function.  I believe the LSD assembly components paper talks about the
 hash algorithm but it has been a while since I looked.
 _______________________________________________
 http://spool.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: