sigmaker.py - IDA Python Standalone Python Release
Release Information
- Version: 1.10.0
- Source: https://github.com/mahmoudimus/ida-sigmaker
- Author: @mahmoudimus (Mahmoud Abdelkader)
What changed
Fixed
- ARM Thumb operands are now wildcarded. Operand wildcarding sized the mask only for 4- and 8-byte instructions, so every 16-bit Thumb-1 instruction got a wildcard length of 0 and was left fully literal (a PC-relative literal load like
LDR R5, off_Xkept its build-varying offset byte). 2-byte Thumb now wildcards the offset while keeping the opcode byte. (#61, #62) - ARM/Thumb branch and
ADRPoffsets that reach the high byte are fully masked. Thumb-2BL/BLX, longB, and AArch64ADRPplace offset bits in the high opcode byte; masking only the low bytes left those bits literal, so a signature could miss other builds (the reporter saw an offset nibble change fromFFtoF8). These instructions now wildcard the whole instruction. (#61, #65)
Changed
- ARM operand wildcarding is address-aware and driven by the operand dialog. The default now wildcards only address-bearing operands (memory references, displacements, immediates, and branch targets), refined by IDA's offset flag so real addresses (
ADRP #x@PAGE,LDR #x@PAGEOFF) are masked while bare constants (#0x40) and stack slots ([SP,#var]) stay exact. For targets where registers move between builds, enable "General Register" and/or "Register list" in the "Configure operand wildcarding" dialog. (#65)
Description
This is a standalone release of the IDA Pro signature maker plugin. The file sigmaker.py contains the complete plugin code that can be directly imported into IDA Pro.
Installation
- Copy
sigmaker.pyto your IDA Pro plugins directory - Restart IDA Pro
- Use Ctrl+Alt+S to access the Signature Maker menu
License
See the main repository for license information.