You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 2, 2023. It is now read-only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Wimphash is a tool to get MD5 hash from Import Table. The idea is use Windows API functions to map a file in memory and parse PE Structures to get DLL names and import (function) names. After that the tool put everything together in a string and get the MD5 hash from it.
The way that this big string is organized is like this:
Most part of security technologies uses a tool called [imphash](https://github.com/erocarrera/pefile) to calculate the import table hash from a PE file and due to it wimphash uses a database called ordlookup (used by imphash) to calculate the hash from 2 specific DLL (exactly like pefile). This is not a good idea, but it's necessary to match with all the other tools which uses imphash (e.g VirusTotal).
The diference between this tool and the others is the simple fact that this is a tool created in C, ensuring no dependencies and a better compatibility.
Comments, suggestions and feedbacks are always welcome!!
Wimphash is a C version of [imphash](https://github.com/erocarrera/pefile). Please note that this is only a PoC I created while studying about PECOFF.
