C# Class PeNet.ImpHash.ImportHash

Mandiant’s imphash convention requires the following: Resolving ordinals to function names when they appear. Converting both DLL names and function names to all lowercase. Removing the file extensions from imported module names. Building and storing the lowercased strings in an ordered list. Generating the MD5 hash of the ordered list. oleaut32, ws2_32 and wsock32 can resolve ordinals to functions names. The implementation is equal to the python module "pefile" 1.2.10-139 https://code.google.com/p/pefile/

Afficher le fichier Open project: secana/PeNet

Méthodes publiques

Méthode	Description
ImportHash ( ICollection importedFunctions ) : System.Collections.Generic	Create an import hash object from the imported functions of a PE file.

Private Methods

Méthode	Description
ComputeImpHash ( ICollection importedFunctions ) : string
FormatFunctionName ( ImportFunction impFunc ) : string
FormatLibraryName ( string libraryName ) : string

Method Details

ImportHash() public méthode

Create an import hash object from the imported functions of a PE file.

public ImportHash ( ICollection importedFunctions ) : System.Collections.Generic
importedFunctions	ICollection
Résultat	System.Collections.Generic