peldr/hash.py at main · vk-candpython/peldr · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#=================================#
# [ OWNER ]
#     CREATOR  : Vladislav Khudash
#     AGE      : 17
#     LOCATION : Ukraine
#
# [ PINFO ]
#     DATE     : 18.05.2026
#     PROJECT  : PELDR-HASH
#     PLATFORM : ANY
#=================================#


'''
PELDR-HASH Generator


Pre-computes case-insensitive 32-bit hashes
for Windows Native API names.

Generates C-style #define macros
for compile-time string masking to assist
with dynamic symbol resolution in loader.c.


Usage:
    python hash.py <int:hash_key>
'''


from sys     import argv
from os.path import basename


# Generate a seeded, case-insensitive 32-bit hash
# for loader.c API and function names
def HashStr(s: bytes, k: int,
    *, _A=b'A'[0], _Z=b'Z'[0]) -> str:
    # Initialize hash with the user-defined seed
    h = k


    for c in s:
        # Convert ASCII uppercase to lowercase
        if _A <= c <= _Z: c |= 0x20

        # Mix the current character
        # into the 32-bit hash value
        h = (( (h << 4) - h ) + c) & 0xFFFFFFFF


    # Return the final 32-bit hash
    # as a C-style hexadecimal constant
    return f'0x{h:08X}'


def main():
    try:
        # Get the initial 32-bit hash seed from argv
        k = int(argv[1]) & 0xFFFFFFFF
    except (IndexError, ValueError):
        # Display usage information if the seed is missing
        # or cannot be parsed as an integer
        print(
            f'Usage: python {basename(__file__)} <int:hash_key>'
            '  <->  '
            'Generate #define Hash-Functions For loader.c'
        )
        return


    # Emit the hash seed used by loader.c
    print(f'#define KEY_HASH_STR {"":<20} {k}')

    # Generate hash definitions for all required APIs
    for n in (
        b'EtwEventWrite',
        b'NtAllocateVirtualMemory',
        b'NtFreeVirtualMemory',
        b'NtProtectVirtualMemory',
        b'LdrLoadDll',
        b'LdrGetProcedureAddress',
        b'RtlAddFunctionTable',
        b'NtQueryInformationProcess',
        b'NtSetInformationProcess',
        b'NtSetInformationThread',
        b'NtOpenFile',
        b'NtReadFile',
        b'NtClose',
        b'NtQueryInformationFile',
        b'NtTerminateProcess'
    ):
        print(f'#define HASH_{n.decode():<28} {HashStr(n, k)}')


if __name__ == '__main__': main()