IDA 7.0 SigMaker

gir489

gir489

RCE Fanatics
Talents
Joined
May 8, 2017
Messages
382
This is a plugin that was originally written for just IDA 32-bit, but dude719 has ported it to 7.0 and written an x64 version, so it works the same on both versions.

This plugin has several advantages over the native AoBScanModule generator that comes with Cheat Engine.

One: It will help you create the most succinct signature. The smaller the signature, the less likely it is to break.
Two: It will auto mask offsets which are liable to change. Cheat Engine doesn't do this for some stupid reason, but it really should.
Three: It will help you create specific signatures that won't collide with other sections of the module you're working on. Cheat Engine has occasionally fallen for this trap before, since it just generates a signature it thinks will work("Should be unique enough"), but doesn't test that it lands in the area the user expects. Ideally the signature should only have one "sig found at" entry in the console, but for ambiguous functions, you should at least make sure the address you want to land at is the first one it finds, since Cheat Engine (and most signature scanners) will do a Naive search, so the first occurance it finds will be the address it returns.

Requires: IDA 7.0.
Download: https://github.com/dude719/SigMaker-x64/releases
 
l0wb1t

l0wb1t

Expert Cheater
Talents
Table Maker
Joined
May 29, 2017
Messages
524
Finally
 
H

H4x0rBattie

Cheater
Joined
Oct 21, 2017
Messages
44
Thanks.

The plugin did not seemed to work with IDA 6.8.

Featurewise, does this version offer anything new vs. the old sigmaker plugin for IDA or just 7.0 compatibility?
 
gir489

gir489

RCE Fanatics
Talents
Joined
May 8, 2017
Messages
382
Thanks.

The plugin did not seemed to work with IDA 6.8.

Featurewise, does this version offer anything new vs. the old sigmaker plugin for IDA or just 7.0 compatibility?
Mostly that the 64-bit version has the same menu now, whereas before it just generated the signatures, you couldn't test Code or IDA style against 64-bit PEs.
 
H

H4x0rBattie

Cheater
Joined
Oct 21, 2017
Messages
44
Thanks for the plugin.

Can you update the plugin to make signatures in the same way as the original sig maker plugin for IDA does? I have seen your plugin doing signatures like "A signature ..." + 0xOFFSET

The shortest signature is not suitable to be used in hacks that have offset auto-detection function. At the moment I must use the original plugin for that or CE sig maker.

I tried to configure your plugin all way around but I did not found the original functionality. Do you understand what I mean?
 
Top