[Feature Suggestions/Enhancements]: ENABLE User To change predefined hashed functions and modules

Contact Details

songoku777.sw@gmail.com

What is the idea?

Is there a way to change the hashing string of the modules and addresses? i realized that is possible to change the addresses Hash string, by just simply changing the key and rehashing again, how ever the module hash , is not possible, for example, the ntdll, the default it uses is 0x70e61753, using the same algorithm, i was not able to get that hash, you actually get this 0x1edab0ed, so i am not sure where you did come up with that hash. i would like to know, so i can modify the hashes, since nowadays,there are a ton of signature detections in memory because of those, and since we can not change them, since if you change the key, you must change the hashes of all them, and since right now i have not been able to change any of the modules hashes, because they give a different value, is not possible for the moment; so i would like to know how you did come up with that hash, how you calculate it, so i can change the hash key, to avoid signature memory detections.

Is_it_already_in?

No (You checked and it doesn't.)

Relevant code samples

the default hashing string uses this code

#!/usr/bin/env python3

# -*- coding:utf-8 -*-

import sys

def hash_string( string ):

    try:

        hash = 5381

        for x in string.upper():

            hash = (( hash << 5 ) + hash ) + ord(x)

        return hash & 0xFFFFFFFF

    except:

        pass

if __name__ in '__main__':

    try:

        print('0x%x' % hash_string(sys.argv[1]));

    except IndexError:

        print('usage: %s [string]' % sys.argv[0]);

it works fine to hash all the functions, but not for the modules, the values does not match



### Are-You-Trolling?

- [X] I declare I made an effort and provided the necessary information for an understanding of the feature by the Framework authors.

HavocFramework / Havoc