I based this off bobbysing's implementation of sigmaker for ida, so all the credit goes to him. It still needs some work but everything I tested seems to work so far. I also owe some thanks to xero|hawk for his input.

have fun

LoadLibrary(C:\Program Files\IDA\plugins\MakeSig_IDA.plw) => error code 127
C:\Program Files\IDA\plugins\MakeSig_IDA.plw: can't load file

also;

"The procedure entry point decode_insn could not be located in the dynamic link library IDA.WLL."

yeah this was compiled for IDA 5.5

How i can made warrock signatures with this?

well, thanks a lot, I always prefered IDA over olly, so this will come in handy... getting IDA 5.5

cheers, saves me some work with notepad then.

alright, tested in 5.5, works great... was doing this manually always, thanks

alright, tested in 5.5, works great... was doing this manually always, thanks

I am glad you like it :)

Pato Industries.
Enhancing your game hacking experience since 1999.
:P

Thx P47R!CK, always very usefull stuff, the best christmas gift so far...


Pato Industries.
Enhancing your game hacking experience since 1999.
:P
totally true, we owe you alot man.

I'd rather use this over your olly one. I haven't even used it yet and I'm sure it is the best there can be. Thanks!

And bobbysing too, he is a nice guy

I'd rather use this over your olly one. I haven't even used it yet and I'm sure it is the best there can be. Thanks!

Thanks but it's actually not that good. I just made this tool because I needed it.




And bobbysing too, he is a nice guy

yes, that he is.

thank you for this, much appreciated

The guy above me is responsible for opening Satan's stargate.

Thanks but it's actually not that good. I just made this tool because I needed it.

Then: Fix all these bugs! :knocked:

glbl.bShortJumps -> 0
glbl.bIncludeData -> 1
glbl.bMemReferences -> 1
glbl.bAdditonalInfo -> 1
glbl.bPreferedSigLength -> 0
glbl.bIncludeUnsafeData -> 0
glbl.bSaveToFile -> 0
glbl.bSavetoCB -> 1
sig maker settings were successfully loaded
couldn't grab selection


I keep getting this, what are the arguments that it is creating the sig from.

glbl.bShortJumps -> 0
glbl.bIncludeData -> 1
glbl.bMemReferences -> 1
glbl.bAdditonalInfo -> 1
glbl.bPreferedSigLength -> 0
glbl.bIncludeUnsafeData -> 0
glbl.bSaveToFile -> 0
glbl.bSavetoCB -> 1
sig maker settings were successfully loaded
couldn't grab selection


I keep getting this, what are the arguments that it is creating the sig from.

did you select some opcodes to create a sig from?

3081

Is the SDK for IDA 5.5 publicly available?

Is the SDK for IDA 5.5 publicly available?

I don't think so.

Is the SDK for IDA 5.5 publicly available?

not everything can be pirated...

not everything can be pirated...

Actually, everything CAN, just not everything IS. :p

since the cracked 5.5 has (finally) been out for a little while i guess the sdk aint gonna take too long either

I been using this for like a week now and forgot to tell how much I love you P47R!CK. Hopefully you will continue to work on this.

I been using this for like a week now and forgot to tell how much I love you P47R!CK. Hopefully you will continue to work on this.

I am very glad to hear that, thanks mate :)

Test signature is my favorite!

Another great plugin thanks alot bro.

How i can made warrock signatures with this?

The author of the text within this quote has recently been selling an address logger for warrock, he said he uses a pro method in ida to get them. I thought he was a bit of an idiot at the time of talking, now looking at this thread I want to slap him with a wet fish.

Thanks for the plugin.

Thanks alot, very handy. Wish I would've found it earlier.

Thanks, I will test. This is perfect for person that use IDA!! :D

hello, when i use this "Test Sig" to find pattern matches, the resulting addresses are 1000h too low. for example my pattern can be found at 0x54d708 but TestSig reports it has found a match at 0x54C708.

:(


See you

hello, when i use this "Test Sig" to find pattern matches, the resulting addresses are 1000h too low. for example my pattern can be found at 0x54d708 but TestSig reports it has found a match at 0x54C708.

:(
See you

yes the plugin was created when the module.base was code base for whatever reason.
here is how you can fix it, change:
msg( "sig found at 0x%x\n", i - dwBufferBase + dwBase - 0x1000 );
to:
msg( "sig found at 0x%x\n", i - dwBufferBase + dwBase );
and recompile for profit.

ah, i did not realize that sourcecode was included and the plugin compiles perfectly. thank you!

I wonder if somone could make it to work with the free version of IDA, which I'm using at this moment.
Thanks for this tool.

I also noticed with this plugin under the TEXT style output when it makes the pattern it makes it like so:

"?? EB ?? ??

But when searching in ida the '??' will fuck your search up as ida uses single question marks for its wildcards like '? EB ? ?'