olari/sigmaker-ida
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Options fix + cleanup

Browse Source
This commit is contained in:
dude719
2017-11-07 01:55:06 -04:00
parent 07b19b74bc
commit 5ceed68a50
3 changed files with 66 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
SigMaker/Generate.cpp
View File

@@ -102,7 +102,7 @@ bool AutoGenerate( qSigVector& refvecSig, ea_t dwAddress )
if (get_func_num( dwAddress ) != -1) // this just a check to see if the function is valid code if (get_func_num( dwAddress ) != -1) // this just a check to see if the function is valid code
{ {
sAutoSig_t TargetLocation; AutoSig_t TargetLocation;
TargetLocation.dwStartAddress = TargetLocation.dwCurrentAddress = dwAddress; TargetLocation.dwStartAddress = TargetLocation.dwCurrentAddress = dwAddress;
TargetLocation.iOpCount = 0; TargetLocation.iOpCount = 0;
TargetLocation.eType = PT_DIRECT; TargetLocation.eType = PT_DIRECT;
@@ -124,7 +124,7 @@ bool AutoGenerate( qSigVector& refvecSig, ea_t dwAddress )
if (dwCurrent == dwAddress) if (dwCurrent == dwAddress)
continue; continue;
sAutoSig_t TargetLocation; AutoSig_t TargetLocation;
TargetLocation.dwStartAddress = TargetLocation.dwCurrentAddress = dwCurrent; TargetLocation.dwStartAddress = TargetLocation.dwCurrentAddress = dwCurrent;
TargetLocation.iOpCount = 0; TargetLocation.iOpCount = 0;
TargetLocation.eType = PT_REFERENCE; TargetLocation.eType = PT_REFERENCE;
@@ -166,8 +166,7 @@ bool AutoGenerate( qSigVector& refvecSig, ea_t dwAddress )
if (dwCurrent == dwAddress) if (dwCurrent == dwAddress)
continue; continue;
sAutoSig_t TargetLocation; AutoSig_t TargetLocation;
TargetLocation.dwStartAddress = pFunc->start_ea; TargetLocation.dwStartAddress = pFunc->start_ea;
TargetLocation.dwCurrentAddress = dwCurrent; TargetLocation.dwCurrentAddress = dwCurrent;
TargetLocation.iOpCount = 0; TargetLocation.iOpCount = 0;
@@ -177,10 +176,12 @@ bool AutoGenerate( qSigVector& refvecSig, ea_t dwAddress )
nTotalCount++; nTotalCount++;
if (Settings.iMaxRefCount > 0) if (Settings.iMaxRefCount > 0)
{
if (nTotalCount >= Settings.iMaxRefCount) if (nTotalCount >= Settings.iMaxRefCount)
break; break;
} }
} }
}
else else
{ {
if (Settings.iLogLevel >= 2) if (Settings.iLogLevel >= 2)
@@ -244,7 +245,7 @@ bool AutoGenerate( qSigVector& refvecSig, ea_t dwAddress )
{ {
if (Settings.iLogLevel >= 3) if (Settings.iLogLevel >= 3)
{ {
msg( "[%x] Signature %s is viable candidate for final evaluation.", (*i).dwStartAddress, (*i).strSig.c_str( ) ); msg( "[%x] Signature %s is viable candidate for final evaluation.\n", (*i).dwStartAddress, (*i).strSig.c_str( ) );
} }
refvecSig.push_back( (*i) ); refvecSig.push_back( (*i) );
} }

92
SigMaker/Main.cpp
View File

@@ -3,67 +3,78 @@
void ShowOptions( void ) void ShowOptions( void )
{ {
char szBuffer[MAXSTR]; char szBuffer[MAXSTR] = "";
qsnprintf( szBuffer, MAXSTR - 1, "%i", Settings.iMaxRefCount ); ushort selectionType, keepUnsafeData, logLevel;
_itoa_s( Settings.iMaxRefCount, szBuffer, MAXSTR, 10 );
selectionType = (ushort)Settings.iSelectionType;
keepUnsafeData = (ushort)Settings.iKeepUnsafeData;
logLevel = (ushort)Settings.iLogLevel;
int iResult = ask_form( int iResult = ask_form(
"Options\n" "Options\n"
"<##choose the best sig from total length:R>\n" // 0 "<#Choose the best sig from total length:R>\n" // 0
"<##choose the best sig from the amount of opcodes:R>\n" // 1 "<#Choose the best sig from the amount of opcodes:R>\n" // 1
"<##choose the best sig by the smallest amount of wildcards:R>>\n\n" // 2 "<#Choose the best sig by the smallest amount of wildcards:R>>\n" // 2
"<max. refs for auto generation(no limit = 0)\n:A2:100:10::>\n" "<Maximum refs for auto generation:A:20:10::>\n"
"<##add only relilable data to sigs(choose if unsure):R>\n" // 0 "<#Add only relilable data to sigs(choose if unsure):R>\n" // 0
"<##include unsafe data in sigs(may produce better results):R>>\n\n" // 1 "<#Include unsafe data in sigs(may produce better results):R>>\n" // 1
"<##disable logging:R>\n" // 0 "<#Disable logging:R>\n" // 0
"<##log results:R>\n" // 1 "<#Log results:R>\n" // 1
"<##log errors and results:R>\n" // 2 "<#Log errors and results:R>\n" // 2
"<##log errors, results and interim steps of all proceedures:R>>\n\n" // 3 "<#Log errors, results and interim steps of all proceedures:R>>\n" // 3
, &Settings.iSelectionType, szBuffer, &Settings.iKeepUnsafeData, &Settings.iLogLevel ); , &selectionType, szBuffer, &keepUnsafeData, &logLevel );
if (iResult > 0)
{
qsscanf( szBuffer, "%i", &Settings.iMaxRefCount ); qsscanf( szBuffer, "%i", &Settings.iMaxRefCount );
Settings.iSelectionType = selectionType;
Settings.iKeepUnsafeData = keepUnsafeData;
Settings.iLogLevel = logLevel;
Settings.Save( "sigmaker.ini" ); Settings.Save( "sigmaker.ini" );
}
} }
bool idaapi run( size_t /*arg*/ ) bool idaapi run( size_t /*arg*/ )
{ {
int iAction = 0; int iAction = 0;
int iResult = ask_form( int iResult = ask_form(
"What do you want to do?\n" "What do you want to do?\n"
"<##create ida pattern from selection:R>\n" // 0 "<#Auto create ida pattern:R>\n" // 0
"<##create code pattern from selection:R>\n" // 1 "<#Auto create code pattern:R>\n" // 1
"<##create crc32 pattern from selection:R>\n" // 2 "<#Auto create crc32 pattern:R>\n" // 2
"<##auto create ida pattern:R>\n" // 3 "<#Create ida pattern from selection:R>\n" // 3
"<##auto create code pattern:R>\n" // 4 "<#Create code pattern from selection:R>\n" // 4
"<##auto create crc32 pattern:R>\n" // 5 "<#Create crc32 pattern from selection:R>\n" // 5
"<##test ida pattern:R>\n" // 6 "<#Test ida pattern:R>\n" // 6
"<##test code pattern:R>\n" // 7 "<#Test code pattern:R>\n" // 7
"<##convert a sig:R>\n" // 8 "<#Convert a sig:R>\n" // 8
"<##configure the plugin:R>>\n\n", // 9 "<#Configure the plugin:R>>\n\n" // 9
&iAction ); , &iAction );
if (iResult > 0) if (iResult > 0)
{ {
switch (iAction) switch (iAction)
{ {
case 0: case 0:
CreateSig( SIG_IDA );
break;
case 1:
CreateSig( SIG_CODE );
break;
case 2:
CreateSig( SIG_CRC );
break;
case 3:
GenerateSig( SIG_IDA ); GenerateSig( SIG_IDA );
break; break;
case 4: case 1:
GenerateSig( SIG_CODE ); GenerateSig( SIG_CODE );
break; break;
case 5: case 2:
GenerateSig( SIG_CRC ); GenerateSig( SIG_CRC );
break; break;
case 3:
CreateSig( SIG_IDA );
break;
case 4:
CreateSig( SIG_CODE );
break;
case 5:
CreateSig( SIG_CRC );
break;
case 6: case 6:
ShowSearchWindow( ); ShowSearchWindow( );
break; break;
@@ -82,7 +93,7 @@ bool idaapi run( size_t /*arg*/ )
return true; return true;
} }
int __stdcall init( void ) int idaapi init( void )
{ {
if (inf.filetype != f_PE) if (inf.filetype != f_PE)
return PLUGIN_SKIP; return PLUGIN_SKIP;
@@ -93,15 +104,14 @@ int __stdcall init( void )
return PLUGIN_OK; return PLUGIN_OK;
} }
plugin_t PLUGIN = plugin_t PLUGIN = {
{
IDP_INTERFACE_VERSION, IDP_INTERFACE_VERSION,
PLUGIN_KEEP, PLUGIN_KEEP,
init, init,
NULL, NULL,
run, run,
"creates a sigs", "Creates a unique signature",
"SigMaker plugin\n", "SigMaker plugin\n",
"SigMaker", "SigMaker",
"Ctrl-Alt-S"// Alt-F11 "Ctrl-Alt-S" // Alt-F11
}; };

11
SigMaker/Misc.h
View File

@@ -10,16 +10,15 @@ enum ePatternType {
PT_REFERENCE PT_REFERENCE
}; };
typedef struct { struct AutoSig_t {
qstring strSig; qstring strSig;
ea_t dwStartAddress; ea_t dwStartAddress;
ea_t dwCurrentAddress; ea_t dwCurrentAddress;
int iHitCount; int iHitCount;
unsigned int iOpCount; unsigned int iOpCount;
ePatternType eType; ePatternType eType;
} sAutoSig_t; };
typedef qvector<AutoSig_t> qSigVector;
typedef qvector<sAutoSig_t> qSigVector;
typedef enum { typedef enum {
@@ -28,7 +27,7 @@ typedef enum {
SIG_CRC, SIG_CRC,
} SigType; } SigType;
typedef struct { struct Settings_t {
int iSelectionType; int iSelectionType;
unsigned int iMaxRefCount; unsigned int iMaxRefCount;
int iKeepUnsafeData; int iKeepUnsafeData;
@@ -37,7 +36,7 @@ typedef struct {
void Init( void ); void Init( void );
void Save( const char* pszFileName ); void Save( const char* pszFileName );
void Load( const char* pszFileName ); void Load( const char* pszFileName );
} Settings_t; };
extern Settings_t Settings; extern Settings_t Settings;