import requests | |
import base64 | |
import sys | |
# Generates a Microsoft Symbol Server link from a filename and a file hash using VirusTotal. | |
# Example: | |
# microsoft-symbol-server-link-gen.py srv2.sys pD5a0dKSCg7Kc0g1yDyWEX8n8ogPj/niCIy4yUR7WvQ= | |
# Details: | |
# https://m417z.com/Introducing-Winbindex-the-Windows-Binaries-Index/ | |
if len(sys.argv) != 3: | |
exit(f'Usage: {sys.argv[0]} file_name file_hash_base64') | |
file_name, file_hash_base64 = sys.argv[1:3] | |
file_hash = base64.b64decode(file_hash_base64).hex() | |
url = 'https://www.virustotal.com/ui/files/' + file_hash | |
data = requests.get(url, headers={'User-Agent': 'Mozilla/1.0'}).json() | |
timestamp = data['data']['attributes']['pe_info']['timestamp'] | |
timestamp = format(timestamp, '08X') | |
last_section = data['data']['attributes']['pe_info']['sections'][-1] | |
size = last_section['virtual_address'] + last_section['virtual_size'] | |
unaligned = size & 0xFFF | |
if unaligned: | |
size -= unaligned | |
size += 0x1000 | |
size = format(size, 'x') | |
url = f'https://msdl.microsoft.com/download/symbols/{file_name}/{timestamp}{size}/{file_name}' | |
print(url) |
This comment has been minimized.
This comment has been minimized.
It doesn't work anymore since VirusTotal added anti-automation measures to their website. You can either bypass them, or use the browser and sniff the timestamp manually with e.g. Fiddler. |
This comment has been minimized.
This comment has been minimized.
ok is it possible to remove the part that has the connect to virustotal so i can get only the sha256? @m417z |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
how do you bypass that? |
This comment has been minimized.
This comment has been minimized.
Just add a line with
They send specific headers that they check on the server. You can sniff the traffic and then send exactly the same headers as they send. |
This comment has been minimized.
This comment has been minimized.
well how? i tried and python did not work connecting |
This comment has been minimized.
This comment has been minimized.
using API is a good choice |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
how to get this to work? what version of python do you need?

@m417z