Make ida function signatures for non-library functions
idb_2_pat is used to make pattern files for library functions from a database loaded into ida.
bin2pat is used to make pattern files (used as input to make signature files) for functions which are the same from file to file except for external refernces. often the external reference is to an address outside the function and which may differ from file to file or between different versions of a file.
1. first save the function from an ida database to a binary file.
save the same function from the ida database of a different version file.
this script works ok: https://techbliss.org/threads/function-to-binary-file.1007/
2. use bin2pat to make a pattern file.
usage:
bin2pat will make an ida compliant pattern file, substituting " .. " for bytes that vary between the two input files.
3. repeat for each function, you want to identify
4. use sigmake from the ida distribution to make the signature file.
sigmake can make one signature file from multiple pattern files.
5. place the signature file in your signature directory/processor subdirectory.
archive contains source code and exe
idb_2_pat is used to make pattern files for library functions from a database loaded into ida.
bin2pat is used to make pattern files (used as input to make signature files) for functions which are the same from file to file except for external refernces. often the external reference is to an address outside the function and which may differ from file to file or between different versions of a file.
1. first save the function from an ida database to a binary file.
save the same function from the ida database of a different version file.
this script works ok: https://techbliss.org/threads/function-to-binary-file.1007/
2. use bin2pat to make a pattern file.
usage:
Code:
bin2pat functionv1.bin functionv2.bin function_name
(output file name will be function_name.pat)
bin2pat will make an ida compliant pattern file, substituting " .. " for bytes that vary between the two input files.
3. repeat for each function, you want to identify
4. use sigmake from the ida distribution to make the signature file.
sigmake can make one signature file from multiple pattern files.
5. place the signature file in your signature directory/processor subdirectory.
archive contains source code and exe
Attachments
Last edited: