`Pkg.APISolver` — API for resolving API names from their checksums¶

Overview¶

The Pkg.APISolver module contains the API for resolving API names from their checksums.

Resolving API Names¶

The following code example demonstrates how to resolve some APIs from their checksums:

from Pkg.APISolver import APISolver

solver = APISolver("win32", ("kernel32", "urlmon"))
for hash in (0xEC0E4E8E, 0x702F1A36, 0xE8AFE98, 0x73E2D87E):
    print(solver.solve(hash))

Module API¶

Pkg.APISolver module API.

Classes:

APISolver(group, modules, List[str], …)

This class can convert symbols from their hash value back to their name.

class APISolver(group: List[str], modules: Optional[Union[str, List[str], Tuple[str]]], method: Union[str, List[str], Tuple[str]] = 'all', multiple_per_module: bool = False)¶

This class can convert symbols from their hash value back to their name.

Parameters

group (List[str]) – The group name for the APIs to solve (e.g., ‘win32’, ‘winnt’).

modules (Optional[Union[str, List[str], Tuple[str]]]) – The optional list of module names whose APIs must be solved.

method (Union[str, List[str], Tuple[str]]) – The hashing methods that should be considered when solving APIs.

multiple_per_module (bool) – If True allows colliding symbols within the same module.

See also solve().

Classes:

APIMatch()

This class represents a resolved symbol.

Methods:

group()

Returns the group name of the APIs to solve.

solve(hash)

Resolves a symbol by its hash value.

class APIMatch¶

This class represents a resolved symbol.

Methods:

hashMethodName()

Returns the hashing method name.

moduleName()

Returns the module name.

symbolName()

Returns the symbol name.

toString()

Returns the the module and symbol name.

hashMethodName() → str¶

Returns

Returns the hashing method name.

Return type

str

moduleName() → str¶

Returns

Returns the module name.

Return type

str

See also symbolName() and toString().

symbolName() → str¶

Returns

Returns the symbol name.

Return type

str

See also moduleName() and toString().

toString() → str¶

Returns

Returns the the module and symbol name.

Return type

str

See also moduleName() and symbolName().

group() → List[str]¶

Returns

Returns the group name of the APIs to solve.

Return type

str

solve(hash: int) → List[Pkg.APISolver.APISolver.APIMatch]¶

Resolves a symbol by its hash value.

Parameters

hash (int) – The symbol hash value.

Returns

Returns a list of resolved symbols.

Return type

List[APISolver.APIMatch]

See also APISolver.APIMatch.