Signature generator

I got tired of having to restart the console app I have every time I wanted to format a new signature so I made this small program and thought I’d share it.

You type in the top box the hex digits with a ? after the ones that are address values, then hit enter or click generate and it does the rest for you.

Source: http://solidfiles.com/d/379dc/

54 68 69 73 20 69 73 20 76 65 72 79 20 69 6e 74 65 72 65 73 74 69 6e 67 2e 20 54 68 61 6e 6b 20 79 6f 75 20 66 6f 72 20 73 68 61 72 69 6e 67 20 74 68 69 73 2e

Well done you used a translator to change your text to hex.

This is very interesting. Thank you for sharing this.

Why do people use that crappy sigscanning format, anyway? I do this:


DE AD BE    EF   ?? ?? ?? ??    /* awesome comment */    C3    90 90 90    CA FE BA BE ?? ?? ?? ??

Easier to read and write than this mask mess everyone and their dog use.

Data-driven is the best, you can keep recompiling your binaries if you want :smug:

[lua]AddSignature(
“Example Sig”,
“lua_shared”,
“DE AD BE EF ? ? ? ? /* awesome comment */ C3 90 90 90 CA FE BA BE ? ? ? ?”
)[/lua]

[lua]local mask = sig:gsub( “[0-9A-F]+%s*”, “x” ):gsub( “%?%s*”, “?” )
sig = sig:gsub( “%?”, “00” ):gsub( “([0-9A-F]+)%s*”, function( byte )[/lua]

Whoa. I really need to learn Lua expressions some day. I’m too used to using regex.

That’s still pretty simple.
“[0-9A-F]” is a character set, matches numbers 0-9 and letters A-F.
Inserting a ^, eg. “[^0-9A-F]” matches everything BUT those characters.
*± are repetitions.
% is magic character escaper and appending it with a character uses one of the pre-defined character sets, for example %s for whitespace.
Using a upper-case with that matches everything BUT the set, for example %S for non-whitespace.

But still, gotta love Lua. 31 line INI parser/write? Yes please :3:

I mean, I can read the patterns when I know what they are supposed to do, but still, I can’t write any :P.

And that INI parser is quite impressive.

“end”…???

Not: “Look at line 31”, he means a INI parser/writer that does what it should do in only 31 lines…

The code below is to test the upper code.

So are you telling me you wrote your own sig scanner/wrapper just because you didn’t like the simple format? Although I do agree with you, I don’t really understand why you need to pass the byte mask and bytes in separate.

Why would that be so difficult to believe?

Also, agmike is apparently a pretty cool guy. His vote counts as two.

I found it dumb because ollydbg auto generates the signature strings for you but this app doesn’t help you actually discover signatures.

And obviously garry’s software prowess recognizes my awesomeness.

edit: look below for links that give a modified olly and sig plugin that makes this thread moot.

Rate on man, rate on.

[editline]6th January 2011[/editline]

How do you get Ollydbg to generate a signature string and mask?

WHAT? Cubar rated you useful instead of dumb ? :wth:

I think he’s talking about “copy masked fixups”, but it only masks dynamic memory addresses.

Guess it’s a mod, title is misleading, but there http://www.youtube.com/watch?v=IGsMGE9ekx4

Links here:

http://rapidshare.com/files/115550173/OllyICE_2008.1.1.7z
or
http://letitbit.net/download/b2ab7b731783/OllyICE-2008.1.1.rar.html
pass:reversengineering.wordpress.com

sig maker plugin for plugins folder
http://www.mediafire.com/?6wacznio8xarhe8

Did just as video with generate for code and it gives the sig and mask

Now since both of you are on my steam list, feel free to give me 5 minutes to help me understand how to FIND signatures for gmod, especially in the engine dll so I can try to make some good modules.

I’d be glad to, but what name do you use on steam? I don’t see an ‘agmike’ on my friends list.