C# (CSharp) PeNet.ImpHash Namespace

Nested Namespaces

PeNet.ImpHash.Tests

Сlasses

Name Description
ImportHash Mandiant’s imphash convention requires the following: Resolving ordinals to function names when they appear. Converting both DLL names and function names to all lowercase. Removing the file extensions from imported module names. Building and storing the lowercased strings in an ordered list. Generating the MD5 hash of the ordered list. oleaut32, ws2_32 and wsock32 can resolve ordinals to functions names. The implementation is equal to the python module "pefile" 1.2.10-139 https://code.google.com/p/pefile/
OrdinalSymbolMapping This class is used by the ImportHash implementation to lookup some names for functions where only an ordinal is given. This is the case in the original ImportHash implementation so we do the same here.