C# (CSharp) PeNet.ImpHash OrdinalSymbolMapping.Lookup Examples

Programming Language: C# (CSharp)

Namespace/Package Name: PeNet.ImpHash

Method/Function: Lookup

Examples at hotexamples.com: 2

C# (CSharp) PeNet.ImpHash OrdinalSymbolMapping.Lookup - 2 examples found. These are the top rated real world C# (CSharp) examples of PeNet.ImpHash.OrdinalSymbolMapping.Lookup extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

Lookup(2)

Lookup() public static method

public static Lookup ( Modul module, uint ordinal ) : string
module	Modul
ordinal	uint
return	string

OrdinalSymbolMapping Class Documentation

Example #1

Show file

        private string FormatFunctionName(ImportFunction impFunc)
        {
            string tmp = "";

            if (impFunc.Name == null) // Import by ordinal
            {
                if (impFunc.DLL.ToLower() == "oleaut32.dll")
                {
                    tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.oleaut32, impFunc.Hint);
                }
                else if (impFunc.DLL.ToLower() == "ws2_32.dll")
                {
                    tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.ws2_32, impFunc.Hint);
                }
                else if (impFunc.DLL.ToLower() == "wsock32.dll")
                {
                    tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.wsock32, impFunc.Hint);
                }
                else // cannot resolve ordinal to a function name
                {
                    tmp += "ord";
                    tmp += impFunc.Hint.ToString();
                }
            }
            else // Import by name
            {
                tmp += impFunc.Name;
            }

            return(tmp.ToLower());
        }

Example #2

Show file

File: ImportHash.cs Project: bincker/PeNet

        private string ComputeImpHash(ICollection <ImportFunction> importedFunctions)
        {
            if (importedFunctions == null || importedFunctions.Count == 0)
            {
                return(null);
            }

            var list = new List <string>();

            foreach (var impFunc in importedFunctions)
            {
                var tmp = impFunc.DLL.Split('.')[0];
                tmp += ".";
                if (impFunc.Name == null) // Import by ordinal
                {
                    if (impFunc.DLL == "oleaut32.dll")
                    {
                        tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.oleaut32, impFunc.Hint);
                    }
                    else if (impFunc.DLL == "ws2_32.dll")
                    {
                        tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.ws2_32, impFunc.Hint);
                    }
                    else if (impFunc.DLL == "wsock32.dll")
                    {
                        tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.wsock32, impFunc.Hint);
                    }
                    else // cannot resolve ordinal to a function name
                    {
                        tmp += "ord";
                        tmp += impFunc.Hint.ToString();
                    }
                }
                else // Import by name
                {
                    tmp += impFunc.Name;
                }

                list.Add(tmp.ToLower());
            }

            // Concatenate all imports to one string separated by ','.
            var imports = string.Join(",", list);

            var md5        = MD5.Create();
            var inputBytes = Encoding.ASCII.GetBytes(imports);
            var hash       = md5.ComputeHash(inputBytes);
            var sb         = new StringBuilder();

            foreach (var t in hash)
            {
                sb.Append(t.ToString("x2"));
            }
            return(sb.ToString());
        }