{"id":17383360,"url":"https://github.com/For-ACGN/hash-api","last_synced_at":"2025-08-03T01:33:05.909Z","repository":{"id":227795343,"uuid":"772047138","full_name":"RSSU-Shellcode/hash_api","owner":"RSSU-Shellcode","description":"Find\u0026Call Windows API by hash+key.","archived":false,"fork":false,"pushed_at":"2024-09-08T08:01:35.000Z","size":168,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-16T07:41:38.455Z","etag":null,"topics":["assembly","hashapi","shellcode","windows","windowsapi"],"latest_commit_sha":null,"homepage":"","language":"Assembly","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RSSU-Shellcode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-14T12:41:55.000Z","updated_at":"2024-09-08T08:01:39.000Z","dependencies_parsed_at":"2024-03-28T07:26:43.888Z","dependency_job_id":"8478e7f9-c22a-465d-b905-765cf23e9ba3","html_url":"https://github.com/RSSU-Shellcode/hash_api","commit_stats":null,"previous_names":["for-acgn/hash_api","rssu-shellcode/hash_api"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RSSU-Shellcode%2Fhash_api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RSSU-Shellcode%2Fhash_api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RSSU-Shellcode%2Fhash_api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RSSU-Shellcode%2Fhash_api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RSSU-Shellcode","download_url":"https://codeload.github.com/RSSU-Shellcode/hash_api/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228516499,"owners_count":17932443,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assembly","hashapi","shellcode","windows","windowsapi"],"created_at":"2024-10-16T07:41:23.355Z","updated_at":"2025-08-03T01:33:05.887Z","avatar_url":"https://github.com/RSSU-Shellcode.png","language":"Assembly","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hash-api\nFind\u0026amp;Call Windows API by hash+key.\n\n## Example\n### x64\n```nasm\n[ORG 0]\n[BITS 64]\n\nentry:\n ; store context\n push rbx ; store rbx\n cld ; clear the direction flag\n\n ; calculate entry address\n call calc_entry_addr ; calculate the entry address\n flag_CEA: ; flag for calculate entry address\n\n ; call \"kernel32.dll, WinExec\"\n mov rcx, 0xCA2DBA870B222A04 ; set function hash\n mov rdx, 0xB725F01C80CE0985 ; set hash key\n mov r8, 2 ; set num arguments\n lea r9, [rbx+command] ; lpCmdLine\n xor r10, r10 ; clear r10\n mov r10b, [rbx+cmd_show] ; uCmdShow\n sub rsp, 32+1*8 ; reserve stack\n mov [rsp+32+0*8], r10 ; uCmdShow\n call api_call ; call api function\n add rsp, 32+1*8 ; restore stack\n\n ; restore context\n pop rbx ; restore rbx\n ret ; return to the caller\n\n; calculate shellcode entry address\ncalc_entry_addr:\n pop rax ; get return address\n lea rbx, [rax-flag_CEA] ; calculate entry address\n push rax ; push return address\n ret ; return to entry\n\nhash_api:\n %include \"src/x64/api_call.asm\"\n\ncommand:\n db \"calc.exe\", 0\n\ncmd_show:\n db 1\n```\n\n### x86\n```nasm\n[ORG 0]\n[BITS 32]\n\nentry:\n ; store context\n push ebx ; store ebx\n cld ; clear the direction flag\n\n ; calculate entry address\n call calc_entry_addr ; calculate the entry address\n flag_CEA: ; flag for calculate entry address\n\n ; call \"kernel32.dll, WinExec\"\n lea edx, [ebx+command] ; lpCmdLine\n xor ecx, ecx ; clear ecx\n mov cl, [ebx+cmd_show] ; set uCmdShow\n push ecx ; push uCmdShow\n push edx ; push lpCmdLine\n push 2 ; set num arguments\n push 0x61DA2999 ; set hash key\n push 0x0AE20914 ; set function hash\n call api_call ; call api function\n\n ; restore context\n pop ebx ; restore ebx\n ret ; return to the caller\n\n; calculate shellcode entry address\ncalc_entry_addr:\n pop eax ; get return address\n lea ebx, [eax-flag_CEA] ; calculate entry address\n push eax ; push return address\n ret ; return to entry\n\nhash_api:\n %include \"src/x86/api_call.asm\"\n\ncommand:\n db \"calc.exe\", 0\n\ncmd_show:\n db 1\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFor-ACGN%2Fhash-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFor-ACGN%2Fhash-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFor-ACGN%2Fhash-api/lists"}