FormBook ? 某NSIS打包程序ShellCode的hash算法

于 2021-11-23 10:30:30 发布
阅读量2k 收藏
点赞数
分类专栏: 杂项 文章标签: python 算法
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_41520029/article/details/121487671
版权 
import lief,sys

def CalculateHash(name):
    name = list(map(ord,name))
    i = 8998
    for b in range(len(name)):
        i += name[b] + (((i >> 1) & 0xffffffff) | ((i << 7)& 0xffffffff))
        hash = i & 0xffffffff
        
    return hash

def main(argv):
    if len(sys.argv) == 1:
        print("Input library path")
        exit(-1)
    pe = lief.parse(sys.argv[1])
    with open('1.txt', "w+", encoding='utf-8') as file:
        for func_name in pe.exported_functions:
            functionName = func_name.name
            result =  ("{}\t{}".format(hex(CalculateHash(functionName)).strip("L").upper(), functionName))
            #print(result)
            file.write(result + '\n')
            file.flush()
        file.close()    

if '__main__' == __name__:
    main(sys.argv[1:])

Kernel32.dll 结果

0X25628D55	AcquireSRWLockExclusive
0XFE5B9AE8	AcquireSRWLockShared
0X7F7BBE62	ActivateActCtx
0XFF7BBDE4	ActivateActCtxWorker
0X7FC5FD22	AddAtomA
0X7FC5FD38	AddAtomW
0X7FCB5CC7	AddConsoleAliasA
0X7FCB5CDD	AddConsoleAliasW
0X7FAB153F	AddDllDirectory
0XC8FB44F2	AddIntegrityLabelToBoundaryDescriptor
0X10B34C8E	AddLocalAlternateComputerNameA
0X10B34CA4	AddLocalAlternateComputerNameW
0X7FD9E3D6	AddRefActCtx
0X7F537F71	AddRefActCtxWorker
0XFEC140C4	AddResourceAttributeAce
0X75B91FF4	AddSIDToBoundaryDescriptor
0XFF2D7C32	AddScopedPolicyIDAce
0X7FB9FEC4	AddSecureMemoryCacheCallback
0X32628759	AddVectoredContinueHandler
0X7BFD7F3E	AddVectoredExceptionHandler
0X7FDFEF72	AdjustCalendarDate
0X3F3D1985	AllocConsole
0XF3A5051B	AllocateUserPhysicalPages
0XE764748A	AllocateUserPhysicalPagesNuma
0XFEFE1733	AppPolicyGetClrCompat
0X76F1BF7A	AppPolicyGetCreateFileAccess
0XE51FDD0	AppPolicyGetLifecycleManagement
0XEE697E15	AppPolicyGetMediaFoundationCodecLoading
0XF9890945	AppPolicyGetProcessTerminationMethod
0X1CAD3983	AppPolicyGetShowDeveloperDiagnostic
0X6F9CC990	AppPolicyGetThreadInitializationType
0XFF21D514	AppPolicyGetWindowingModel
0X3CE32D66	AppXGetOSMaxVersionTested
0XFF39D742	ApplicationRecoveryFinished
0XBD53428D	ApplicationRecoveryInProgress
0X4EDF5ED8	AreFileApisANSI
0X7FB3E1AB	AssignProcessToJobObject
0X7F5E9837	AttachConsole
0X7FDBEFD2	BackupRead
0X7FDFE264	BackupSeek
0X7FD6E792	BackupWrite
0XFE3B0764	BaseCheckAppcompatCache
0X7DD8B980	BaseCheckAppcompatCacheEx
0X6D729C29	BaseCheckAppcompatCacheExWorker
0X9BAE070D	BaseCheckAppcompatCacheWorker
0XFECAF57B	BaseCheckElevation
0XEB00F2FB	BaseCleanupAppcompatCacheSupport
0X7BA45F67	BaseCleanupAppcompatCacheSupportWorker
0XFF6CD1F0	BaseDestroyVDMEnvironment
0X7E745BC4	BaseDllReadWriteIniFile
0XFEDC8CC4	BaseDumpAppcompatCache
0X79B6E186	BaseDumpAppcompatCacheWorker
0XFEE6EC09	BaseElevationPostProcessing
0X3F6D8F1F	BaseFlushAppcompatCache
0XBDE49B56	BaseFlushAppcompatCacheWorker
0X7EAFED2C	BaseFormatObjectAttributes
0X7FBC7A6A	BaseFormatTimeOut
0XCB310602	BaseFreeAppCompatDataForProcessWorker
0XFE5FEFEB	BaseGenerateAppCompatData
0XBE33594D	BaseGetNamedObjectDirectory
0X4FCF679A	BaseInitAppcompatCacheSupport
0X2D57A5B7	BaseInitAppcompatCacheSupportWorker
0X7B3BE547	BaseIsAppcompatInfrastructureDisabled
0X3C722D30	BaseIsAppcompatInfrastructureDisabledWorker
0XFF5FEF19	BaseIsDosApplication
0X7FB1775C	BaseQueryModuleData
0X34D7DC1A	BaseReadAppCompatDataForProcessWorker
0X7F71AD6A	BaseSetLastNTError
0X7FB3B452	BaseThreadInitThunk
0X7FBFEF60	BaseUpdateAppcompatCache
0X7F9FB05D	BaseUpdateAppcompatCacheWorker
0X7FC68B27	BaseUpdateVDMEntry
0X7FB759FC	BaseVerifyUnicodeString
0X7EDD6E47	BaseWriteErrorElevationRequiredEvent
0X36EC0026	Basep8BitStringToDynamicUnicodeString
0X14D7A070	BasepAllocateActivationContextActivationBlock
0X437A2041	BasepAnsiStringToDynamicUnicodeString
0X8DBE76E0	BasepAppContainerEnvironmentExtension
0X3D9BC760	BasepAppXExtension
0XCEBBD2FB	BasepCheckAppCompat
0X7F71BBF9	BasepCheckWebBladeHashes
0XBE0F3035	BasepCheckWinSaferRestrictions
0X8D39EF6A	BasepConstructSxsCreateProcessMessage
0X5CF5D441	BasepCopyEncryption
0X77AF4625	BasepFinishPackageActivationForSxS
0XF5703833	BasepFreeActivationContextActivationBlock
0X3DFE270F	BasepFreeAppCompatData
0X7EFF2D75	BasepGetAppCompatData
0XF7786983	BasepGetComputerNameFromNtPath
0XCEFABB91	BasepGetExeArchType
0XF96F991E	BasepGetPackageActivationTokenForSxS
0X7EADB5E2	BasepInitAppCompatData
0X7E10063F	BasepIsProcessAllowed
0XBDED3DCB	BasepMapModuleHandle
0X79980DA4	BasepNotifyLoadStringResource
0XEB7C6E19	BasepPostSuccessAppXExtension
0XBEEEF755	BasepProcessInvalidImage
0XFEAD3C35	BasepQueryAppCompat
0XF917ABB9	BasepQueryModuleChpeSettings
0XB662A349	BasepReleaseAppXContext
0XFBBCC3C4	BasepReleaseSxsCreateProcessUtilityStruct
0XFE458BA6	BasepReportFault
0X1F8BDF93	BasepSetFileEncryptionCompression
0X7FEDB398	Beep
0X7FA9EC3A	BeginUpdateResourceA
0X7FA9EC50	BeginUpdateResourceW
0XCCF9871B	BindIoCompletionCallback
0X7FBF5F8B	BuildCommDCBA
0XFF5FF02B	BuildCommDCBAndTimeoutsA
0XFF5FF041	BuildCommDCBAndTimeoutsW
0X7FBF5FA1	BuildCommDCBW
0X7F973BE2	CallNamedPipeA
0X7F973BF8	CallNamedPipeW
0XFF7C574D	CallbackMayRunLong
0X3CFD4A82	CancelDeviceWakeupRequest
0X7FCCBF1A	CancelIo
0X7FBC1EDA	CancelIoEx
0XFEE9FEAA	CancelSynchronousIo
0X5DBDACA7	CancelThreadpoolIo
0XE5DBD90B	CancelTimerQueueTimer
0X39E69949	CancelWaitableTimer
0X7F9BBD1B	CeipIsOptedIn
0XFEC73A65	ChangeTimerQueueTimer
0XBDDE9720	CheckAllowDecryptedRemoteDestinationPolicy
0X3F65FFBD	CheckElevation
0X1C9D916A	CheckElevationEnabled
0X3BC5CE5B	CheckForReadOnlyResource
0XD8E2FDED	CheckForReadOnlyResourceFilter
0XFEDE23A2	CheckIsMSIXPackage
0XF80B3D85	CheckNameLegalDOS8Dot3A
0XF80B3D9B	CheckNameLegalDOS8Dot3W
0XF7E6C066	CheckRemoteDebuggerPresent
0XFEE5FF1A	CheckTokenCapability
0XF9AFD970	CheckTokenMembershipEx
0X7F93AA64	ClearCommBreak
0X7F97BC3C	ClearCommError
0X7F999704	CloseConsoleHandle
0X7FE1F1FB	CloseHandle
0X7FADD6EC	ClosePackageInfo
0X7FCE9B2A	ClosePrivateNamespace
0X7F6B6633	CloseProfileUserMapping
0X7FD9EF10	ClosePseudoConsole
0X7FE2752F	CloseState
0X7FCBD143	CloseThreadpool
0X1BEE7854	CloseThreadpoolCleanupGroup
0X1BDD0738	CloseThreadpoolCleanupGroupMembers
0X7F979B32	CloseThreadpoolIo
0XDEC3302B	CloseThreadpoolTimer
0X3F2335D1	CloseThreadpoolWait
0X3F5F7875	CloseThreadpoolWork
0XC66DB674	CmdBatNotification
0X5E88C74B	CommConfigDialogA
0X5E88C761	CommConfigDialogW
0XDEA6F526	CompareCalendarDates
0X7FD3F31E	CompareFileTime
0X7F7C05C5	CompareStringA
0X3F3AED25	CompareStringEx
0X5EEF08FC	CompareStringOrdinal
0X7F7C05DB	CompareStringW
0X7FCDF67F	ConnectNamedPipe
0XFF3647BB	ConsoleMenuControl
0X7FBAA070	ContinueDebugEvent
0XFBAB7679	ConvertCalDateTimeToSystemTime
0XDE0A7649	ConvertDefaultLocale
0XDE9B9BBD	ConvertFiberToThread
0XFF7DBC45	ConvertNLSDayOfWeekToWin32DayOfWeek
0X7EFEB04C	ConvertSystemTimeToCalDateTime
0X7F8FFA50	ConvertThreadToFiber
0X7F8FF813	ConvertThreadToFiberEx
0X7FD1E3DF	CopyContext
0X7FE46D1B	CopyFile2
0X7FE46D2A	CopyFileA
0X7FDAC41C	CopyFileExA
0X7FDAC432	CopyFileExW
0XDF0A3B5E	CopyFileTransactedA
0XDF0A3B74	CopyFileTransactedW
0X7FE46D40	CopyFileW
0X7FED6E50	CopyLZFile
0X7FCC711E	CreateActCtxA
0X7FCC7134	CreateActCtxW
0X3F0C3329	CreateActCtxWWorker
0XFC9B16E0	CreateBoundaryDescriptorA
0XFC9B16F6	CreateBoundaryDescriptorW
0XDB3BDF61	CreateConsoleScreenBuffer
0XFF595399	CreateDirectoryA
0XFEAB3615	CreateDirectoryExA
0XFEAB362B	CreateDirectoryExW
0XFDB9BBF5	CreateDirectoryTransactedA
0XFDB9BC0B	CreateDirectoryTransactedW
0XFF5953AF	CreateDirectoryW
0X7FDB6EFE	CreateEnclave
0X7FDF142D	CreateEventA
0X7FC6A722	CreateEventExA
0X7FC6A738	CreateEventExW
0X7FDF1443	CreateEventW
0X7FE82EA8	CreateFiber
0X7FCF6A59	CreateFiberEx
0X7FE635FE	CreateFile2
0X7FE6360D	CreateFileA
0X7F9B7E07	CreateFileMappingA
0XDEF73ADC	CreateFileMappingFromApp
0XDEDA94D6	CreateFileMappingNumaA
0XDEDA94EC	CreateFileMappingNumaW
0X7F9B7E1D	CreateFileMappingW
0X7F5E67D3	CreateFileTransactedA
0X7F5E67E9	CreateFileTransactedW
0X7FE63623	CreateFileW
0X7FBEF776	CreateHardLinkA
0XFF71AB4C	CreateHardLinkTransactedA
0XFF71AB62	CreateHardLinkTransactedW
0X7FBEF78C	CreateHardLinkW
0X7F9BFD0F	CreateIoCompletionPort
0X7FD8A04B	CreateJobObjectA
0X7FD8A061	CreateJobObjectW
0X7FE8D130	CreateJobSet
0X7FC91A59	CreateMailslotA
0X7FC91A6F	CreateMailslotW
0XBBE977BB	CreateMemoryResourceNotification
0X7FE1CFDA	CreateMutexA
0X7FC6A328	CreateMutexExA
0X7FC6A33E	CreateMutexExW
0X7FE1CFF0	CreateMutexW
0X7FD7D888	CreateNamedPipeA
0X7FD7D89E	CreateNamedPipeW
0X7FE9725A	CreatePipe
0X7F89B8D0	CreatePrivateNamespaceA
0X7F89B8E6	CreatePrivateNamespaceW
0X7FE27356	CreateProcessA
0X7FD6D2D7	CreateProcessAsUserA
0X7FD6D2ED	CreateProcessAsUserW
0X7FBDBF40	CreateProcessInternalA
0X7FBDBF56	CreateProcessInternalW
0X7FE2736C	CreateProcessW
0X7FCABF21	CreatePseudoConsole
0X3F798A2D	CreateRemoteThread
0XFF331784	CreateRemoteThreadEx
0X7F976DC2	CreateSemaphoreA
0X7F9319F2	CreateSemaphoreExA
最低0.47元/天 解锁文章
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值