Signature Maker Plugin for IDA Pro 8 and 9
Plugin downloads are in the Releases section
Drop into plugins folder of your IDA installation.
%AppData%\Hex-Rays\IDA Pro\plugins
In disassembly view, select a line you want to generate a signature for, and press
CTRL+ALT+S
The generated signature will be printed to the output console, as well as copied to the clipboard:
| Signature type | Example preview |
|---|---|
| IDA Signature | E8 ? ? ? ? 45 33 F6 66 44 89 34 33 |
| x64Dbg Signature | E8 ?? ?? ?? ?? 45 33 F6 66 44 89 34 33 |
| C Byte Array Signature + String mask | \xE8\x00\x00\x00\x00\x45\x33\xF6\x66\x44\x89\x34\x33 x????xxxxxxxx |
| C Raw Bytes Signature + Bitmask | 0xE8, 0x00, 0x00, 0x00, 0x00, 0x45, 0x33, 0xF6, 0x66, 0x44, 0x89, 0x34, 0x33 0b1111111100001 |
Generating code Signatures by data or code xrefs and finding the shortest ones is also supported:
Searching for Signatures works for supported formats:
Just enter any string containing your Signature, it will automatically try to figure out what kind of Signature format is being used:
Currently, all output formats you can generate are supported.
Match(es) of your signature will be printed to console:
This plugin uses qis's AVX2-optimized signature searching library: https://github.com/qis/signature
If the CPU doesn't support AVX2, it will fallback to the slow builtin IDA functions.
If you want to compile for IDA 9, check out the IDA9 branch
- IDA Pro Plugin SDK 8 / 9
For your convenience, here are the steps to get started:
git clone git@github.com:A200K/IDA-Pro-SigMaker.git
cd IDA-Pro-SigMaker/
git submodule init
git submodule update
Then,
- drop the IDA SDK into the according
SDK/8orSDK/9path - open the project with Visual Studio