IDA 7.0 SigMaker

Upload *YOUR* gamehacking tools/helpers here
Post Reply
User avatar
gir489
RCE Fanatics
RCE Fanatics
Posts: 656
Joined: Mon May 08, 2017 4:08 am
Reputation: 457

IDA 7.0 SigMaker

Post by gir489 »

This is a plugin that was originally written for just IDA 32-bit, but dude719 has ported it to 7.0 and written an x64 version, so it works the same on both versions.



This plugin has several advantages over the native AoBScanModule generator that comes with Cheat Engine.



One: It will help you create the most succinct signature. The smaller the signature, the less likely it is to break.

Two: It will auto mask offsets which are liable to change. Cheat Engine doesn't do this for some stupid reason, but it really should.

Three: It will help you create specific signatures that won't collide with other sections of the module you're working on. Cheat Engine has occasionally fallen for this trap before, since it just generates a signature it thinks will work("Should be unique enough"), but doesn't test that it lands in the area the user expects. Ideally the signature should only have one "sig found at" entry in the console, but for ambiguous functions, you should at least make sure the address you want to land at is the first one it finds, since Cheat Engine (and most signature scanners) will do a Naive search, so the first occurance it finds will be the address it returns.



Requires: [URL='https://hex-rays.com/products/ida/index.shtml']IDA[/URL] 7.0.

Download: [URL]https://github.com/dude719/SigMaker-x64/releases[/URL]
Last edited by gir489 on Wed Jul 11, 2018 3:03 pm, edited 2 times in total.

User avatar
l0wb1t
Table Makers
Table Makers
Posts: 395
Joined: Mon May 29, 2017 4:16 pm
Reputation: 282

IDA 7.0 SigMaker

Post by l0wb1t »

Finally

H4x0rBattie
Cheater
Cheater
Posts: 43
Joined: Sat Oct 21, 2017 1:47 am
Reputation: 7

IDA 7.0 SigMaker

Post by H4x0rBattie »

Thanks.



The plugin did not seemed to work with IDA 6.8.



Featurewise, does this version offer anything new vs. the old sigmaker plugin for IDA or just 7.0 compatibility?

User avatar
gir489
RCE Fanatics
RCE Fanatics
Posts: 656
Joined: Mon May 08, 2017 4:08 am
Reputation: 457

IDA 7.0 SigMaker

Post by gir489 »

[QUOTE="H4x0rBattie, post: 49867, member: 9636"]Thanks.



The plugin did not seemed to work with IDA 6.8.



Featurewise, does this version offer anything new vs. the old sigmaker plugin for IDA or just 7.0 compatibility?[/QUOTE]

Mostly that the 64-bit version has the same menu now, whereas before it just generated the signatures, you couldn't test Code or IDA style against 64-bit PEs.

H4x0rBattie
Cheater
Cheater
Posts: 43
Joined: Sat Oct 21, 2017 1:47 am
Reputation: 7

Re: IDA 7.0 SigMaker

Post by H4x0rBattie »

Thanks for the plugin.

Can you update the plugin to make signatures in the same way as the original sig maker plugin for IDA does? I have seen your plugin doing signatures like "A signature ..." + 0xOFFSET

The shortest signature is not suitable to be used in hacks that have offset auto-detection function. At the moment I must use the original plugin for that or CE sig maker.

I tried to configure your plugin all way around but I did not found the original functionality. Do you understand what I mean?

Post Reply

Who is online

Users browsing this forum: No registered users