0xEBFE/FBI_hash.py

## FBI_hash.py
from idaapi import *
from idautils import *

def ROR(x, n):
    return ((x >> n) | (x << (32 - n))) & 0xFFFFFFFF

def calc_FBI_hash(dllname, function):

    dll_hash = 0
    for char in dllname:
        dll_hash = ROR(dll_hash, 0x0D)
        dll_hash += ord(char)

    func_hash = 0
    for char in function:
        func_hash = ROR(func_hash, 0x0D)
        func_hash += ord(char)
    return (dll_hash + func_hash) & 0xFFFFFFFF

def main():

    f = open('dll_functions.txt', 'r')

    imports = {}
    for line in f.readlines():
        libname = line.strip(' \r\n').split()[0].strip(' ,')
        lib = imports.get(libname, None)
        if lib is None:
            imports[libname] = []
        funcname = line.strip(' \r\n').split()[1].strip(' ,')
        imports[libname].append(funcname)
    f.close()

    for library in iter(imports):
        libprefix = library.split('.')[0]

        enum_id = AddEnum(-1, libprefix + '_hashes', 0)

        for function in iter(imports[library]):
            lib_name = library.upper() + '\x00'
            func1 = function + '\x00'
            AddConstEx(enum_id, libprefix + '_' + function + '_hash', calc_FBI_hash(lib_name.encode('UTF-16LE'), func1), -1)
if __name__ == '__main__':
    main()
	from idaapi import *
	from idautils import *

	def ROR(x, n):
	return ((x >> n) \| (x << (32 - n))) & 0xFFFFFFFF

	def calc_FBI_hash(dllname, function):

	dll_hash = 0
	for char in dllname:
	dll_hash = ROR(dll_hash, 0x0D)
	dll_hash += ord(char)

	func_hash = 0
	for char in function:
	func_hash = ROR(func_hash, 0x0D)
	func_hash += ord(char)
	return (dll_hash + func_hash) & 0xFFFFFFFF

	def main():

	f = open('dll_functions.txt', 'r')

	imports = {}
	for line in f.readlines():
	libname = line.strip(' \r\n').split()[0].strip(' ,')
	lib = imports.get(libname, None)
	if lib is None:
	imports[libname] = []
	funcname = line.strip(' \r\n').split()[1].strip(' ,')
	imports[libname].append(funcname)
	f.close()

	for library in iter(imports):
	libprefix = library.split('.')[0]

	enum_id = AddEnum(-1, libprefix + '_hashes', 0)

	for function in iter(imports[library]):
	lib_name = library.upper() + '\x00'
	func1 = function + '\x00'
	AddConstEx(enum_id, libprefix + '_' + function + '_hash', calc_FBI_hash(lib_name.encode('UTF-16LE'), func1), -1)
	if __name__ == '__main__':
	main()