a200k / ida-pro-sigmaker Goto Github PK

i want use it with arm v7 but its take all the bytes , can you make it support arm v7

can you share sdk ?

Pattern doesn't get copied to clipboard.

It is working great for me, only for the exception that making XREF sigs are painfully slow. I just had to wait more than 15 minutes for it to process 70 XREFs. Is this normal?

Binary size is about 50MB.

I saw the content you sent on the unknowncheats forum. I have recently been imitating the cheating program for Apex Legends, but I lack some knowledge and information on how to bypass anti-debugging. I think you can help me, and I hope you can give it to me. Some help, technical communication and coding help are greatly appreciated.
I hope you can give me a discord contact information, thank you very much again.

this is an error if the pattern is too long

I would love if you could implement the pattern search functionality from the original sig maker.

Original SigMaker had option to make signature from code selection, your version also has it from what I can see, but it doesn't support wildcards while creating pattern from code selection. This feature was really amazing.

Sometimes we don't want to use wildcards for constant operands, because those bytes will not be affected by relocations.

.text:0043AE70 55                                      push    ebp
.text:0043AE71 8B EC                                   mov     ebp, esp
.text:0043AE73 F6 45 10 0F                             test    byte ptr [ebp+hModule], 0Fh
.text:0043AE77 74 04                                   jz      short loc_43AE7D
.text:0043AE79 33 C0                                   xor     eax, eax
.text:0043AE7B 5D                                      pop     ebp
.text:0043AE7C C3                                      retn

Output

Signature for 43AE70: 55 8B EC F6 45 ? ? 74

Thank you for developing this excellent plugin.

I have recently started hammering away at how the GTA V Script VM works, and there's very little information about it, as it's a custom product only for the RAGE engine, so the only information that exists about it is basically estimations based on reverse engineering, some debug strings that have been left behind in some releases of RDR2, GTA V and GTA IV, and some less than legal means (someone yoinked the source code during the Rockstar breach).

Anyway! The YimMenu team mostly uses this plugin written by our anti-anti-cheat engineer, which can be found here: https://github.com/yubie-re/ysc-ida

This is a simple Python plugin that converts the opcodes into text. Not very sophisticated, but neither is the script VM.

After it's finished decompiling the YSC file, IDA will look something like this:

However, you'll notice the head of the function immediately calls a function. If I tell your plugin to generate a signature right now, it will just find whatever unique string of bytes it can that is unique to this block of code. Which is 2D 02 04 00 00 5D 0E A7 07, which translates to the ENTER and the CALL instruction. As you may have guessed, the 5D instruction is CALL, followed by a 3 byte mask (Rockstar is weird). Globals are also susceptible to changing (except Global_262144, that's the tunables global, and it's always at 262144 because Rockstar declared it to start at 0x40000 of the memory block).

Yeah, that's a lot of words. Is there we could instruct the plugin on custom assembly instructions? Like tell it this is a CALL instruction followed by X masks, etc?

^^