fix(shellcode): updating block-api to use Length instead of MaximumLength

2024-11-21 08:34:44 -05:00
parent c3c6a21e55
commit 46fbe0bfb8
3 changed files with 5 additions and 4 deletions
@@ -30,7 +30,7 @@ api_call:
  mov rdx, [rdx+0x20]         ; Get the first module from the InMemoryOrder module list
 next_mod:                     ;
  mov rsi, [rdx+0x50]         ; Get pointer to modules name (unicode string)
-  movzx rcx, word [rdx+0x4a]  ; Set rcx to the length we want to check
+  movzx rcx, word [rdx+0x48]  ; Set rcx to the length we want to check
  mov r9d, 0                  ; Set r9 to the IV of the hashed module name
 loop_modname:                 ;
  xor rax, rax                ; Clear rax
@@ -23,7 +23,7 @@ api_call:
  mov edx, [edx+0x14]        ; Get the first module from the InMemoryOrder module list
 next_mod:                    ;
  mov esi, [edx+0x28]        ; Get pointer to modules name (unicode string)
-  movzx ecx, word [edx+0x26] ; Set ECX to the length we want to check
+  movzx ecx, word [edx+0x24] ; Set ECX to the length we want to check
  mov edi, 0                 ; Set EDI to the IV of the hashed module name
 loop_modname:                ;
  xor eax, eax               ; Clear EAX
@@ -76,10 +76,11 @@ def unicode(string, uppercase=True):
 def hash(module, function, bits=13, print_hash=True):
    module_hash = 0
    function_hash = 0
-    for c in unicode(module + '\x00'):
+    for c in unicode(module):
        module_hash = ror(module_hash, bits)
        module_hash += ord(c)
-    for c in str(function + b'\x00'):
+    function_hash = module_hash
+    for c in str(function + '\x00'):
        function_hash = ror(function_hash, bits)
        function_hash += ord(c)
    h = module_hash + function_hash & 0xFFFFFFFF