Open
Description
What happened?
You have a bug in the HashEx function implementation. If target string is a module (UTF16-LE), such as "NTDLL.DLL", you only hash the first letter and subsequent null bytes of length(module_name).
As you process the UTF16-LE string byte by byte, there is a null byte after each letter, which means that !*Ptr is true on each null byte, effectivelly doing ++Ptr two times, which skips each letter.
Ultimately this results in the incorrect hashing, but the issue is insignificant and mainly applicable for people who want to change the default hashing key.
Did You Try With the Dev Branch?
Yes (You tried using the dev branch but the problem persists)
Relevant log output
No response
Did You Read Over Your Issue First?
- I declare I made an effort and provided the necessary information for replication of the issue.