Skip to content
/ API-hashing Public

Windows API Hashing hides API names using hashes to evade detection—used by malware like REvil to obfuscate calls and bypass static analysis tools.

portfolio-three-alpha-27.vercel.app/Blogs/api-hashing
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mohe22/API-hashing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
HashResolver.cpp
HashResolver.cpp
 
 
HashResolver.h
HashResolver.h
 
 
README.md
README.md
 
 
test.cpp
test.cpp
 
 

Repository files navigation

API-hashing

🔒 Windows API Hashing – Dynamic Function Resolution

This project demonstrates how to resolve Windows API functions dynamically using custom hashing instead of storing API names in plain text. It helps avoid detection by AV and static analysis tools.

🧰 Features

  • Custom hash function to obfuscate API names
  • Manual parsing of PE headers to locate exports
  • Resolves LoadLibraryA without IAT
  • Generic function resolver via hashed names

🚀 Usage

  1. Include HashResolver.h in your project.
  2. Call CalculateHash("FunctionName") to get the hash.
  3. Use ResolveFunctionByHash("module.dll", HASH) to get the function pointer.

📎 Example

auto VirtualAllocPtr = (pVirtualAlloc)ResolveFunctionByHash("kernel32.dll", 0x123456);

📝 Replace 0x123456 with the hash of the desired API using CalculateHash.

🔗 Read the detailed breakdown here: API Hashing Blog

This technique is often used in malware for stealth and dynamic resolution—understand it to defend against it.

About

Windows API Hashing hides API names using hashes to evade detection—used by malware like REvil to obfuscate calls and bypass static analysis tools.

portfolio-three-alpha-27.vercel.app/Blogs/api-hashing

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages