#winapi #hash #wide #obfuscation #windows

nightly winapi-hash

Windows API hashing implementation

2 unstable releases

0.1.13 Oct 15, 2021
0.1.12 Oct 15, 2021
0.0.0 Nov 27, 2022

#862 in Cryptography

27 downloads per month

MIT license

15KB
275 lines

Windows API hashing in Rust

License: MIT crates.io v0.1.0 docs.io v0.1.0

Don't use

Example Usage

// Const trait impls are currently experimental still
#![feature(const_trait_impl)]
#![allow(incomplete_features)]

#[macro_use]
extern crate winapi_hash;

// https://github.com/HindrikStegenga/const-fnv1a-hash
pub struct FNV1A64;
impl const winapi_hash::HashFunction for FNV1A64 {
    const OUTPUT_SIZE: usize = 8;
    fn digest(data: &[u8]) -> [u8; Self::OUTPUT_SIZE] {
        const FNV_OFFSET_BASIS_64: u64 = 0xcbf29ce484222325;
        const FNV_PRIME_64: u64 = 0x00000100000001B3;

        let mut hash = FNV_OFFSET_BASIS_64;
        let mut i = 0;
        while i < data.len() {
            hash ^= data[i] as u64;
            hash = hash.wrapping_mul(FNV_PRIME_64);
            i += 1;
        }
        hash.to_be_bytes()
    }
}

fn main() {
    use std::ffi::CString;
    use winapi::shared::ntdef::NULL;
    use winapi::um::winuser::{MB_ICONINFORMATION, MB_OK};
    use winapi_hash::HashFunction;

    let resolver = winapi_hash::ApiHashResolver::<FNV1A64>::new();
    let lp_text = CString::new("Hello, world!").unwrap();
    let lp_caption = CString::new("MessageBox Example").unwrap();

    // Automatically resolves then calls MessageBoxA and stores the result
    // If you don't care about what the function returns,
    // call the macro as "let _: () = api_call!(...);"
    let _message_box_a_result: u32 = winapi_hash::api_call!(
        resolver, FNV1A64, 
        "user32.dll" -> "MessageBoxA" (NULL, lp_text.as_ptr(), lp_caption.as_ptr(), MB_OK | MB_ICONINFORMATION)
    );
}

Dependencies

~1MB
~23K SLoC