LoadLibraryA was supposed to come backCode:// CalcDLLHash.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include <stdio.h> #include <string.h> #include <iostream.h> #include <mbstring.h> char * CalcHash(unsigned char * MyString) { unsigned int h; unsigned char *c=MyString; while(*c) { h=((h<<5)|(h>>27))+*c++; } printf("Done"); return 0; } int main(int argc, char* argv[]) { //unsigned char* MyStr = new unsigned char [16]; //*_mbscpy(MyStr, unsigned char *("LoadLibraryA")); unsigned char* MyStr = (unsigned char *)"LoadLibraryA"; //MyStr = MyStringA; CalcHash(MyStr); printf("Hello World!\n"); return 0; }
;LoadLibraryA
;db 0x8e
;db 0x4e
;db 0x0e
;db 0xec
but im getting h = 0xFFE7AAA8 =(
Anyone know why?
Edit: I also tryed writing this in MASM
I created this code to see if I can calculate DLL hashes the same way PE headers do and My results came wrong, The "Correct" Results for LoadLibraryA were supposed beCode:include \masm32\include\masm32rt.inc includelib \masm32\lib\masm32rt.lib .486 .model flat, stdcall option casemap :none .const LL db "LoadLibraryA", 0 .code start: xor edi, edi xor eax, eax cld ;Clear Direction Flags For LoadStringByte mov esi, OFFSET LL push esi compute_hash_again: lodsb test al, al jz compute_hash_finished ror edi, 0dh add edi, eax jmp compute_hash_again compute_hash_finished: pop esi print hex$([esi]) ;ret ;DEFINE CONSTANTS ;locate_kernel32_hashes: ; call locate_kernel32_hashes_return ;LoadLibraryA ;db 0x8e ;db 0x4e ;db 0x0e ;db 0xec
;db 0x8e
;db 0x4e
;db 0x0e
;db 0xec
I get
0x64616F4C
No go =(
Reply With Quote
