Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/8dcc/ida2sig
Convert IDA signature to code signature and vice versa
https://github.com/8dcc/ida2sig
c ida ida-pro signature-scanner unix-like
Last synced: about 1 month ago
JSON representation
Convert IDA signature to code signature and vice versa
- Host: GitHub
- URL: https://github.com/8dcc/ida2sig
- Owner: 8dcc
- License: gpl-3.0
- Created: 2023-08-18T11:17:21.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-08-18T12:09:01.000Z (over 1 year ago)
- Last Synced: 2024-04-18T17:09:23.447Z (8 months ago)
- Topics: c, ida, ida-pro, signature-scanner, unix-like
- Language: C
- Homepage:
- Size: 17.6 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.org
- License: LICENSE
Awesome Lists containing this project
README
#+title: ida2sig
#+options: toc:nil
#+startup: showeverything
#+author: 8dcc
*Convert IDA signature to code signature and vice versa.*
#+TOC: headlines 2
* Description
Simple C program for converting an [[https://hex-rays.com/ida-pro/][IDA]] pattern (=89 04 24 FF 92 ? ? ? ? 89 34 24=)
into a code pattern (=\x89\x04\x24\xFF\x92????\x89\x34\x24=) or vice versa.
The code patterns are meant to be used with a signature scanning library such as
[[https://github.com/8dcc/libsigscan][8dcc/libsigscan]]. See also my [[https://8dcc.github.io/programming/signature-scanning.html][Signature scanning in C]] blog entry.
* Building and installing
#+begin_src console
$ git clone https://github.com/8dcc/ida2sig
$ cd ida2sig
$ make
...
$ sudo make install
...
#+end_src
* Usage
#+begin_src console
$ ./ida2sig "89 04 24 FF 92 ? ? ? ? 89 34 24"
"\x89\x04\x24\xFF\x92????\x89\x34\x24"
$ ./ida2sig -m "89 04 24 FF 92 ? ? ? ? 89 34 24" # Use mask
code = "\x89\x04\x24\xFF\x92\x00\x00\x00\x00\x89\x34\x24"
mask = "xxxxx????xxx"
$ ./sig2ida "\x89\x04\x24\xFF\x92????\x89\x34\x24"
"89 04 24 FF 92 ? ? ? ? 89 34 24"
#+end_src