Skip to content

v1.10.0

Latest

Choose a tag to compare

@github-actions github-actions released this 03 Jul 20:19
bafc12e

sigmaker.py - IDA Python Standalone Python Release

Release Information

What changed

Fixed

  • ARM Thumb operands are now wildcarded. Operand wildcarding sized the mask only for 4- and 8-byte instructions, so every 16-bit Thumb-1 instruction got a wildcard length of 0 and was left fully literal (a PC-relative literal load like LDR R5, off_X kept its build-varying offset byte). 2-byte Thumb now wildcards the offset while keeping the opcode byte. (#61, #62)
  • ARM/Thumb branch and ADRP offsets that reach the high byte are fully masked. Thumb-2 BL/BLX, long B, and AArch64 ADRP place offset bits in the high opcode byte; masking only the low bytes left those bits literal, so a signature could miss other builds (the reporter saw an offset nibble change from FF to F8). These instructions now wildcard the whole instruction. (#61, #65)

Changed

  • ARM operand wildcarding is address-aware and driven by the operand dialog. The default now wildcards only address-bearing operands (memory references, displacements, immediates, and branch targets), refined by IDA's offset flag so real addresses (ADRP #x@PAGE, LDR #x@PAGEOFF) are masked while bare constants (#0x40) and stack slots ([SP,#var]) stay exact. For targets where registers move between builds, enable "General Register" and/or "Register list" in the "Configure operand wildcarding" dialog. (#65)

Description

This is a standalone release of the IDA Pro signature maker plugin. The file sigmaker.py contains the complete plugin code that can be directly imported into IDA Pro.

Installation

  1. Copy sigmaker.py to your IDA Pro plugins directory
  2. Restart IDA Pro
  3. Use Ctrl+Alt+S to access the Signature Maker menu

License

See the main repository for license information.