{"id":30770667,"url":"https://github.com/cpscript/bytehunter","last_synced_at":"2025-09-04T23:12:11.273Z","repository":{"id":310168423,"uuid":"1038949193","full_name":"CPScript/ByteHunter","owner":"CPScript","description":"Signature Generation and Pattern Matching Plugin for IDA Pro made in C","archived":false,"fork":false,"pushed_at":"2025-08-19T00:04:07.000Z","size":77,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-30T05:57:43.732Z","etag":null,"topics":["binary-analysis","c","ida-plugin","malware-analysis","vulnerability-research"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CPScript.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-16T06:31:49.000Z","updated_at":"2025-08-19T00:04:10.000Z","dependencies_parsed_at":"2025-08-16T08:49:25.642Z","dependency_job_id":null,"html_url":"https://github.com/CPScript/ByteHunter","commit_stats":null,"previous_names":["cpscript/sig"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CPScript/ByteHunter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CPScript%2FByteHunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CPScript%2FByteHunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CPScript%2FByteHunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CPScript%2FByteHunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CPScript","download_url":"https://codeload.github.com/CPScript/ByteHunter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CPScript%2FByteHunter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273685607,"owners_count":25149722,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-04T02:00:08.968Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-analysis","c","ida-plugin","malware-analysis","vulnerability-research"],"created_at":"2025-09-04T23:12:06.718Z","updated_at":"2025-09-04T23:12:11.254Z","avatar_url":"https://github.com/CPScript.png","language":"C","readme":"# ByteHunter\n\n\u003cdiv align=\"center\"\u003e\n\n![ByteHunter Logo](https://img.shields.io/badge/ByteHunter-v1.0.0-blue.svg)\n![Platform](https://img.shields.io/badge/platform-Windows%20|%20Linux%20|%20macOS-lightgrey)\n![IDA Support](https://img.shields.io/badge/IDA%20Pro-8%20|%209-green)\n\n*Reverse engineering tool for malware analysis, vulnerability research, and binary analysis*\n\n\u003c/div\u003e\n\n---\n\n## 🎯 Overview\n\nByteHunter is a IDA Pro plugin that changes binary signature generation and pattern matching. Built from the ground up in C with performance-critical optimizations, it provides advanced capabilities for reverse engineers, malware researchers, and security professionals.\n\n### Key Features\n\n- **🚀 Performance**: AVX2 SIMD-accelerated pattern matching for massive speed improvements\n- **🎨 Multiple Output Formats**: Support for IDA, x64Dbg, C arrays, and hex byte formats\n- **🧠 Intelligent Wildcarding**: Architecture-aware operand analysis and instruction optimization\n- **🔍 Advanced Pattern Search**: Automatic format detection with robust parsing\n- **📊 XREF Analysis**: Cross-reference signature generation with quality ranking\n- **⚡ Memory Optimized**: Efficient memory management with dynamic allocation\n- **🔧 Configurable**: Extensive customization options for different use cases\n\n---\n\n## 🛠 Installation\n\n### Prerequisites\n\n- **IDA Pro 8.0+ or 9.0+** (Professional or Freeware)\n- **IDA SDK** corresponding to your IDA version\n- **C/C++ Compiler**: GCC, Clang, or MSVC\n- **CMake 3.12+** or Make\n\n### Building from Source\n\n#### Using CMake (Recommended)\n\n```bash\ngit clone https://github.com/yourusername/ByteHunter.git\ncd ByteHunter\nmkdir build \u0026\u0026 cd build\n\n# Configure for your IDA version\ncmake -DIDA_SDK_PATH=/path/to/ida/sdk ..\n\n# Build\ncmake --build . --config Release\n\n# Install\ncmake --install . --prefix ~/.idapro/plugins\n```\n\n#### Using Makefile\n\n```bash\ngit clone https://github.com/yourusername/ByteHunter.git\ncd ByteHunter\n\n# Build with custom SDK path\nmake IDA_SDK=/path/to/ida/sdk\n\n# Install to IDA plugins directory\nmake install\n```\n\n#### Manual SDK Setup\n\n1. **Download IDA SDK** from Hex-Rays website\n2. **Extract to project directory**:\n   ```\n   ByteHunter/\n   ├── SDK/\n   │   ├── 8/          # IDA 8 SDK\n   │   ├── 9/          # IDA 9 SDK\n   │   └── 9beta/      # IDA 9 Beta SDK\n   └── ...\n   ```\n3. **Build using your preferred method**\n\n---\n\n## 🚀 Usage\n\n### Basic Operation\n\n1. **Open target binary** in IDA Pro\n2. **Navigate to desired location** in disassembly\n3. **Press `Ctrl+Alt+B`** to open ByteHunter dialog\n4. **Select action and format**, configure options\n5. **Click OK** - signature copied to clipboard automatically\n\n### Core Functions\n\n#### 🎯 Unique Signature Generation\n\nGenerate minimal unique signatures for any code address:\n\n```\nAction: Unique signature\nLocation: Current cursor position\nResult: E8 ? ? ? ? 48 89 C3 48 85 C0\n```\n\n**Use Cases:**\n- Function identification across samples\n- Code pattern matching\n- Malware family detection\n- Vulnerability signature creation\n\n#### 🔗 XREF Signature Analysis  \n\nFind and rank signatures from cross-references:\n\n```\nAction: XREF signatures\nTarget: Variable or function address\nResult: Top 5 shortest signatures ranked by quality\n```\n\n**Benefits:**\n- Discover alternative signature points\n- Find more stable signatures\n- Analyze calling patterns\n- Reduce false positives\n\n#### 📋 Selection Formatting\n\nConvert selected bytes to various formats:\n\n```\nAction: Copy selection\nSelection: Any byte range\nFormats: IDA, x64Dbg, C Array, Hex Bytes\n```\n\n#### 🔍 Pattern Search\n\nSearch for patterns with automatic format detection:\n\n```\nAction: Pattern search\nInput: Any signature format\nResult: All matching locations\n```\n\n**Supported Formats:**\n- `E8 ? ? ? ? 45` (IDA style)\n- `E8 ?? ?? ?? ?? 45` (x64Dbg style)  \n- `\\xE8\\x00\\x00\\x00\\x00\\x45 x????x` (C array + mask)\n- `0xE8, 0x00, 0x00, 0x00, 0x00, 0x45 0b111110` (Hex + bitmask)\n\n---\n\n## 📖 Output Formats\n\n### IDA Format\n```\nE8 ? ? ? ? 48 89 C3 48 85 C0 74 1A\n```\n- Single `?` for wildcards\n- Space-separated hex bytes\n- Direct paste into IDA\n\n### x64Dbg Format\n```  \nE8 ?? ?? ?? ?? 48 89 C3 48 85 C0 74 1A\n```\n- Double `??` for wildcards\n- Compatible with x64Dbg, Cheat Engine\n- Standard debugger format\n\n### C Array + Mask\n```\n\\xE8\\x00\\x00\\x00\\x00\\x48\\x89\\xC3\\x48\\x85\\xC0\\x74\\x1A x????xxxxxxx\n```\n- C-style byte array\n- String mask (`x` = match, `?` = wildcard)\n- Perfect for custom tools\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcpscript%2Fbytehunter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcpscript%2Fbytehunter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcpscript%2Fbytehunter/lists"}