IDA 7.0 SigMaker
Posted: Fri Jun 15, 2018 3:48 am
This is a plugin that was originally written for just IDA 32-bit, but dude719 has ported it to 7.0 and written an x64 version, so it works the same on both versions.
This plugin has several advantages over the native AoBScanModule generator that comes with Cheat Engine.
One: It will help you create the most succinct signature. The smaller the signature, the less likely it is to break.
Two: It will auto mask offsets which are liable to change. Cheat Engine doesn't do this for some stupid reason, but it really should.
Three: It will help you create specific signatures that won't collide with other sections of the module you're working on. Cheat Engine has occasionally fallen for this trap before, since it just generates a signature it thinks will work("Should be unique enough"), but doesn't test that it lands in the area the user expects. Ideally the signature should only have one "sig found at" entry in the console, but for ambiguous functions, you should at least make sure the address you want to land at is the first one it finds, since Cheat Engine (and most signature scanners) will do a Naive search, so the first occurance it finds will be the address it returns.
Requires: [URL='https://hex-rays.com/products/ida/index.shtml']IDA[/URL] 7.0.
Download: [URL]https://github.com/dude719/SigMaker-x64/releases[/URL]
This plugin has several advantages over the native AoBScanModule generator that comes with Cheat Engine.
One: It will help you create the most succinct signature. The smaller the signature, the less likely it is to break.
Two: It will auto mask offsets which are liable to change. Cheat Engine doesn't do this for some stupid reason, but it really should.
Three: It will help you create specific signatures that won't collide with other sections of the module you're working on. Cheat Engine has occasionally fallen for this trap before, since it just generates a signature it thinks will work("Should be unique enough"), but doesn't test that it lands in the area the user expects. Ideally the signature should only have one "sig found at" entry in the console, but for ambiguous functions, you should at least make sure the address you want to land at is the first one it finds, since Cheat Engine (and most signature scanners) will do a Naive search, so the first occurance it finds will be the address it returns.
Requires: [URL='https://hex-rays.com/products/ida/index.shtml']IDA[/URL] 7.0.
Download: [URL]https://github.com/dude719/SigMaker-x64/releases[/URL]