Cracked5pider
commented
1 day ago oh wow. this is such an interesting bug I cant believe I missed this. Thanks a lot for pointing this out :D I am going to try to fix this in the next release
Open cr7pt0pl4gu3 opened 2 days ago
Cracked5pider
commented
1 day ago oh wow. this is such an interesting bug I cant believe I missed this. Thanks a lot for pointing this out :D I am going to try to fix this in the next release
What happened?
You have a bug in the HashEx function implementation. If target string is a module (UTF16-LE), such as "NTDLL.DLL", you only hash the first letter and subsequent null bytes of length(module_name).
As you process the UTF16-LE string byte by byte, there is a null byte after each letter, which means that !*Ptr is true on each null byte, effectivelly doing ++Ptr two times, which skips each letter.
Ultimately this results in the incorrect hashing, but the issue is insignificant and mainly applicable for people who want to change the default hashing key.
Did You Try With the Dev Branch?
Yes (You tried using the dev branch but the problem persists)
Relevant log output
No response
Did You Read Over Your Issue First?