https://github.com/8dcc/ida2sig
Convert IDA signature to code signature and vice versa
https://github.com/8dcc/ida2sig
c ida ida-pro signature-scanner unix-like
Last synced: 4 months ago
JSON representation
Convert IDA signature to code signature and vice versa
- Host: GitHub
- URL: https://github.com/8dcc/ida2sig
- Owner: 8dcc
- License: gpl-3.0
- Created: 2023-08-18T11:17:21.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2025-01-01T10:00:25.000Z (6 months ago)
- Last Synced: 2025-02-23T12:14:31.894Z (4 months ago)
- Topics: c, ida, ida-pro, signature-scanner, unix-like
- Language: C
- Homepage:
- Size: 22.5 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.org
- License: LICENSE
Awesome Lists containing this project
README
#+title: ida2sig
#+options: toc:nil
#+startup: showeverything
#+author: 8dcc
*Convert IDA signature to code signature and vice versa.*
#+TOC: headlines 2
* Description
Simple C program for converting an [[https://hex-rays.com/ida-pro/][IDA]] pattern (=89 04 24 FF 92 ? ? ? ? 89 34 24=)
into a code pattern (=\x89\x04\x24\xFF\x92????\x89\x34\x24=) or vice versa.
The code patterns are meant to be used with a signature scanning library such as
[[https://github.com/8dcc/libsigscan][8dcc/libsigscan]]. See also my [[https://8dcc.github.io/programming/signature-scanning.html][Signature scanning in C]] blog entry.
* Building and installing
#+begin_src console
$ git clone https://github.com/8dcc/ida2sig
$ cd ida2sig
$ make
...
$ sudo make install
...
#+end_src
* Usage
#+begin_src console
$ ./ida2sig "89 04 24 FF 92 ? ? ? ? 89 34 24"
"\x89\x04\x24\xFF\x92????\x89\x34\x24"
$ ./ida2sig -m "89 04 24 FF 92 ? ? ? ? 89 34 24" # Use mask
code = "\x89\x04\x24\xFF\x92\x00\x00\x00\x00\x89\x34\x24"
mask = "xxxxx????xxx"
$ ./sig2ida "\x89\x04\x24\xFF\x92????\x89\x34\x24"
"89 04 24 FF 92 ? ? ? ? 89 34 24"
#+end_src