From 26844d5e49a47189c66eaae7dfb983b1b16ddcc0 Mon Sep 17 00:00:00 2001
From: f1zm0 <root@fzm.ooo>
Date: Mon, 24 Apr 2023 16:51:01 +0200
Subject: [PATCH] docs: add custom hash function example

---
 examples/custom_hashfunc/README.md | 11 +++++++++
 examples/custom_hashfunc/go.mod    |  7 ++++++
 examples/custom_hashfunc/go.sum    |  0
 examples/custom_hashfunc/main.go   | 36 ++++++++++++++++++++++++++++++
 4 files changed, 54 insertions(+)
 create mode 100644 examples/custom_hashfunc/README.md
 create mode 100644 examples/custom_hashfunc/go.mod
 create mode 100644 examples/custom_hashfunc/go.sum
 create mode 100644 examples/custom_hashfunc/main.go

diff --git a/examples/custom_hashfunc/README.md b/examples/custom_hashfunc/README.md
new file mode 100644
index 0000000..7db48e5
--- /dev/null
+++ b/examples/custom_hashfunc/README.md
@@ -0,0 +1,11 @@
+# Custom Hash
+
+Acheron allows passing a custom hashing function to the constructor, so that it can be used to store and retrieve the syscall structs from their map for better OPSEC.
+
+In this example the custom function XORes the string buffer with `0xdeadbeef` key, and runs the result into SHA1 hash function.
+
+Compile with:
+
+```bash
+GOOS=windows GOARCH=amd64 go build -ldflags="-s -w" -o custom_hash.exe main.go
+```
diff --git a/examples/custom_hashfunc/go.mod b/examples/custom_hashfunc/go.mod
new file mode 100644
index 0000000..98ab025
--- /dev/null
+++ b/examples/custom_hashfunc/go.mod
@@ -0,0 +1,7 @@
+module github.com/f1zm0/acheron/examples/custom_hashfunc
+
+go 1.20
+
+replace github.com/f1zm0/acheron => ../../
+
+require github.com/f1zm0/acheron v0.0.0-00010101000000-000000000000
diff --git a/examples/custom_hashfunc/go.sum b/examples/custom_hashfunc/go.sum
new file mode 100644
index 0000000..e69de29
diff --git a/examples/custom_hashfunc/main.go b/examples/custom_hashfunc/main.go
new file mode 100644
index 0000000..0fb8ec1
--- /dev/null
+++ b/examples/custom_hashfunc/main.go
@@ -0,0 +1,36 @@
+//go:build windows
+// +build windows
+
+package main
+
+import (
+	"crypto/sha1"
+	"encoding/binary"
+	"fmt"
+
+	"github.com/f1zm0/acheron"
+)
+
+func customXORSHA1(s []byte) uint64 {
+	key := []byte{0xde, 0xad, 0xbe, 0xef}
+	for i := 0; i < len(s); i++ {
+		s[i] ^= key[i%len(key)]
+	}
+	hash := sha1.Sum(s)
+	return binary.LittleEndian.Uint64(hash[:])
+}
+
+func main() {
+	// creates Acheron instance, resolves SSNs, collects clean trampolines in ntdll.dlll, etc.
+	acheron, err := acheron.New(
+		// Customize instance with fucntional options
+		acheron.WithHashFunction(customXORSHA1),
+	)
+	if err != nil {
+		panic(err)
+	}
+
+	// you can calc the hashes using both acheron.HashString or customXorFn
+	ntqsi := acheron.HashString("NtSetQueryInformationProcess")
+	fmt.Printf("NtSetQueryInformationProcess: 0x%x\r\n", ntqsi)
+}