olari/sigmaker-ida
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactored SearchForSigs to use omin_ea to maintain consistency with whatever IDA is showing in the address bars. (This removes the need for __EA64__ awareness.)

Browse Source 
Added a more helpful README.md to the project.
Resolved project warnings.
This commit is contained in:
gir489
2018-06-14 20:50:04 -05:00
parent 1117b9f872
commit a8422ba964
5 changed files with 44 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
README.md
View File

@@ -1,14 +1,25 @@
# SigMaker-x64 # SigMaker-x64
IDA SigMaker Plugin updated for the IDA Pro 7.0 SDK. IDA SigMaker Plugin updated for the IDA Pro 7.0 SDK by [dude719](https://github.com/dude719).
PLEASE NOTE: IDA Freeware 7.0 is NOT supported.
PLEASE NOTE: IDA Freeware 7.0 is **NOT** supported.
Originally made by P4TR!CK Originally made by P4TR!CK
Credits also go to bobbysing and xero|hawk Credits also go to bobbysing and [xero|hawk](https://github.com/XeroHawk)
Thanks to gir489 for the contributions Thanks to [gir489](https://github.com/gir489) for the contributions
RIP GameDeception RIP GameDeception
# Installation
Visual Studio will expect the environment variable IDADIR to resolve to your IDA 7.0 installation directory.
Visual Studio will also expect the SDK to be located at %IDADIR%\idasdk. Make sure these folders resolve in Windows properly before attempting to build the project.
# Running the build
Because IDA no longer has a native 32-bit compiled version anymore, the Release/Debug is the build script for the 32-bit version of IDA and Release64/Debug64 is the build script for the 64-bit version.
**Do not change the target platform from x64!**

4
SigMaker/Converter.cpp
View File

@@ -165,7 +165,7 @@ void IDAToCRC( const qstring& strSig, ea_t& dwCRC32, ea_t& dwMask )
{ {
if (i <= iCount && szMask[i] == 'x') if (i <= iCount && szMask[i] == 'x')
{ {
dwMask |= (1 << i); dwMask |= (1i64 << i);
} }
else else
{ {
@@ -186,7 +186,7 @@ void CodeToCRC( const qstring& strByteSig, const qstring& strMask, ea_t& dwCRC32
{ {
if (i <= iCount && szMask[i] == 'x') if (i <= iCount && szMask[i] == 'x')
{ {
dwMask |= 1 << i; dwMask |= 1i64 << i;
} }
else else
{ {

4
SigMaker/Includes.h
View File

@@ -5,6 +5,9 @@
#define __NT__ 1 #define __NT__ 1
#define __X64__ 1 #define __X64__ 1
#pragma warning( push )
#pragma warning( disable : 4267 )
#pragma warning( disable : 4244 )
#include <ida.hpp> #include <ida.hpp>
#include <idp.hpp> #include <idp.hpp>
#include <enum.hpp> #include <enum.hpp>
@@ -26,6 +29,7 @@
#include <ua.hpp> #include <ua.hpp>
#include <fpro.h> #include <fpro.h>
#include <diskio.hpp> #include <diskio.hpp>
#pragma warning( pop )
#pragma comment(lib, "ida.lib") #pragma comment(lib, "ida.lib")
#pragma comment(lib, "pro.lib") #pragma comment(lib, "pro.lib")

37
SigMaker/Search.cpp
View File

@@ -14,19 +14,6 @@ int GetOccurenceCount( const qstring& strSig, bool bSkipOut = false )
int iCount = 0; int iCount = 0;
ea_t dwAddress = find_binary( inf.min_ea, inf.max_ea, strSig.c_str( ), 16, SEARCH_DOWN ); ea_t dwAddress = find_binary( inf.min_ea, inf.max_ea, strSig.c_str( ), 16, SEARCH_DOWN );
if (IsValidEA( dwAddress ))
{
do
{
if (bSkipOut == true && iCount >= 2)
return iCount;
iCount++;
dwAddress = find_binary( dwAddress + 1, inf.max_ea, strSig.c_str( ), 16, SEARCH_DOWN );
} while (IsValidEA( dwAddress ));
}
else
{
dwAddress = find_binary(inf.omin_ea, inf.omax_ea, strSig.c_str(), 16, SEARCH_DOWN); dwAddress = find_binary(inf.omin_ea, inf.omax_ea, strSig.c_str(), 16, SEARCH_DOWN);
if (IsValidEA(dwAddress)) if (IsValidEA(dwAddress))
{ {
@@ -38,48 +25,28 @@ int GetOccurenceCount( const qstring& strSig, bool bSkipOut = false )
dwAddress = find_binary(dwAddress + 1, inf.omax_ea, strSig.c_str(), 16, SEARCH_DOWN); dwAddress = find_binary(dwAddress + 1, inf.omax_ea, strSig.c_str(), 16, SEARCH_DOWN);
} while (IsValidEA(dwAddress)); } while (IsValidEA(dwAddress));
} }
}
return iCount; return iCount;
} }
void SearchForSigs( const qstring& strSig ) void SearchForSigs( const qstring& strSig )
{ {
ea_t dwAddress = find_binary( inf.min_ea, inf.max_ea, strSig.c_str( ), 16, SEARCH_DOWN ); ea_t dwAddress = find_binary( inf.omin_ea, inf.omax_ea, strSig.c_str( ), 16, SEARCH_DOWN );
const char* pszMessage = "===========================\n"; const char* pszMessage = "===========================\n";
msg( pszMessage ); msg( pszMessage );
if (IsValidEA( dwAddress ))
{
do
{
#ifdef __EA64__
msg("sig found at 1%X\n", dwAddress);
#else
msg("sig found at %X\n", dwAddress);
#endif
dwAddress = find_binary( dwAddress + 1, inf.max_ea, strSig.c_str( ), 16, SEARCH_DOWN );
} while (IsValidEA( dwAddress ));
}
else
{
dwAddress = find_binary(inf.omin_ea, inf.omax_ea, strSig.c_str(), 16, SEARCH_DOWN); dwAddress = find_binary(inf.omin_ea, inf.omax_ea, strSig.c_str(), 16, SEARCH_DOWN);
if (IsValidEA(dwAddress)) if (IsValidEA(dwAddress))
{ {
do do
{ {
#ifdef __EA64__ msg("sig found at %llX\n", dwAddress);
msg( "sig found at 1%X\n", dwAddress );
#else
msg("sig found at %X\n", dwAddress);
#endif
dwAddress = find_binary(dwAddress + 1, inf.omax_ea, strSig.c_str(), 16, SEARCH_DOWN); dwAddress = find_binary(dwAddress + 1, inf.omax_ea, strSig.c_str(), 16, SEARCH_DOWN);
} while (IsValidEA(dwAddress)); } while (IsValidEA(dwAddress));
} }
}
msg( pszMessage ); msg( pszMessage );
} }

2
SigMaker/SigMaker.vcxproj
View File

@@ -22,7 +22,7 @@
<ProjectGuid>{60916877-60AB-4565-93BC-2D6097976D86}</ProjectGuid> <ProjectGuid>{60916877-60AB-4565-93BC-2D6097976D86}</ProjectGuid>
<Keyword>Win32Proj</Keyword> <Keyword>Win32Proj</Keyword>
<RootNamespace>SigMaker</RootNamespace> <RootNamespace>SigMaker</RootNamespace>
<WindowsTargetPlatformVersion>10.0.16299.0</WindowsTargetPlatformVersion> <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup> </PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">