API Solver

A package to solve CRC hashes commonly found in shellcode back to their original API names.

API Solver comes very handy to analyze shellcode and it is exposed to the SDK:

from Pkg.APISolver import APISolver

solver = APISolver("win32", ("kernel32", "urlmon"))
for hash in (0xEC0E4E8E, 0x702F1A36, 0xE8AFE98, 0x73E2D87E):
    print(solver.solve(hash))

Output:

['KERNEL32.LoadLibraryA' (ror13_add_32)]
['URLMON.URLDownloadToFileA' (ror13_add_32)]
['KERNEL32.WinExec' (ror13_add_32)]
['KERNEL32.ExitProcess' (ror13_add_32)]