hasherezade/main.cpp

## main.cpp
#include <stdio.h>
#include <windows.h>
#include "peconv.h"
#include <iostream>

HMODULE (*load_by_checksum)(DWORD checksum) = NULL;

bool print_func_by_checksum(DWORD checksum)
{
    HMODULE func_from_checksum = load_by_checksum(checksum);
    if (!func_from_checksum) {
        printf("Not found. Keep in mind that before retrieving the function Magniber loads some DLLs. Load the same DLLs into the current process and try again.");
        return false;
    }
    std::cout << "Got Address: " << func_from_checksum  << std::endl;

    HMODULE lib = peconv::get_module_containing((ULONGLONG) func_from_checksum);
    if (!lib) {
        return false;
    }
    std::cout <<"Found lib: " << lib  << std::endl;
    LPSTR dll_name = peconv::read_dll_name(lib);
    std::cout << "Lib name:" << dll_name << std::endl;

    peconv::ExportsMapper mapper;
    mapper.add_to_lookup(dll_name, lib);
    const peconv::ExportedFunc* func = mapper.find_export_by_va((ULONGLONG) func_from_checksum);
    if (func) {
        std::cout << func->toString() << std::endl;
    }
    return true;
}

int main(int argc, char *argv[])
{
    if (argc < 3) {
        printf("Args: <magniber_path> <checksum>\n");
        printf("path: path to the sample: 60af42293d2dbd0cc8bf1a008e06f394\n");
        system("pause");
        return -1;
    }
    char *path = argv[1];
    DWORD checksum = 0;
    sscanf(argv[2], "%X", &checksum);

    size_t v_size = 0;
    BYTE* loaded_pe = peconv::load_pe_executable(path, v_size);
    if (!loaded_pe) {
        std::cout << "Loading module failed!" << std::endl;
        system("pause");
        return 0;
    }
    ULONGLONG calc_checksum_offset = (ULONGLONG)loaded_pe + 0x1460;
    load_by_checksum = (HMODULE (*)(DWORD )) calc_checksum_offset;

    if (print_func_by_checksum(checksum) == false) {
        printf("Not found.");
    }

    peconv::free_pe_buffer(loaded_pe, v_size);
    system("pause");
    return 0;
}
	#include <stdio.h>
	#include <windows.h>
	#include "peconv.h"
	#include <iostream>

	HMODULE (*load_by_checksum)(DWORD checksum) = NULL;

	bool print_func_by_checksum(DWORD checksum)
	{
	HMODULE func_from_checksum = load_by_checksum(checksum);
	if (!func_from_checksum) {
	printf("Not found. Keep in mind that before retrieving the function Magniber loads some DLLs. Load the same DLLs into the current process and try again.");
	return false;
	}
	std::cout << "Got Address: " << func_from_checksum << std::endl;

	HMODULE lib = peconv::get_module_containing((ULONGLONG) func_from_checksum);
	if (!lib) {
	return false;
	}
	std::cout <<"Found lib: " << lib << std::endl;
	LPSTR dll_name = peconv::read_dll_name(lib);
	std::cout << "Lib name:" << dll_name << std::endl;

	peconv::ExportsMapper mapper;
	mapper.add_to_lookup(dll_name, lib);
	const peconv::ExportedFunc* func = mapper.find_export_by_va((ULONGLONG) func_from_checksum);
	if (func) {
	std::cout << func->toString() << std::endl;
	}
	return true;
	}

	int main(int argc, char *argv[])
	{
	if (argc < 3) {
	printf("Args: <magniber_path> <checksum>\n");
	printf("path: path to the sample: 60af42293d2dbd0cc8bf1a008e06f394\n");
	system("pause");
	return -1;
	}
	char *path = argv[1];
	DWORD checksum = 0;
	sscanf(argv[2], "%X", &checksum);

	size_t v_size = 0;
	BYTE* loaded_pe = peconv::load_pe_executable(path, v_size);
	if (!loaded_pe) {
	std::cout << "Loading module failed!" << std::endl;
	system("pause");
	return 0;
	}
	ULONGLONG calc_checksum_offset = (ULONGLONG)loaded_pe + 0x1460;
	load_by_checksum = (HMODULE (*)(DWORD )) calc_checksum_offset;

	if (print_func_by_checksum(checksum) == false) {
	printf("Not found.");
	}

	peconv::free_pe_buffer(loaded_pe, v_size);
	system("pause");
	return 0;
	}