Results 1 to 3 of 3

Thread: IDA signature file format

  1. #1

    IDA signature file format

    i am searching for information about the *.sig file format used in IDA. also i am looking for information about the tool "dumpsig.exe", which can dump a txt file from a sig file.

    i took a look at the help file "...\flair\pat.txt", but i dont understand this pattern format. also the examples in this file look different as the dumped txt file from dumpsig.

    i couldnt find any help about the tool dumpsig. maybe someone here in this forum has any experience with it?

    my idea is that i want make applying signatures in ollydbg easier. there are many sig files which belongs to one programming language. i hate it to select them all one by one. so i want make a popup dialog which ask you which programming language is used. i know ida applys some signatures atomaticly, but just a few standard sig and not the crypto sigs.

    godup plugin for ollydbg is a little slow (coded in delphi). if i could find more information about those sig files, i would like to code a faster plugin.
    Last edited by diablo2oo2; October 27th, 2005 at 13:23.

  2. #2
    rheax
    Guest

    IDA .sig example code

    I know this thread is *old*, replying to this seemed to be better than starting a new thread. Anyway, as a way to learn more about IDA and annoyed for the same reasons as the above, I decided to learn more about the .sig format. Attached is a simple program that dumps a signature file in a similar manner to dumpsig. Its only been tested against version 7 sigs, but should work with minor tweaking against other versions. I've also found GoDup to be buggy to the point of being unusable. Maybe now someone (maybe me...) will code a better sig loader for Olly.
    Attached Files Attached Files
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    oh very old thread

    i coded this ollydbg plugin. its called "ida_sigs". Just google for it.

    It can detect some more signature than "godup".

    ida_sigs.source.rar
    Last edited by diablo2oo2; August 9th, 2010 at 15:15. Reason: attached file

Similar Threads

  1. Unable to create signature file in IDA Pro
    By akovid in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: January 28th, 2014, 01:31
  2. IDA/FLAIR signature file issue
    By rheax in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: January 15th, 2010, 10:46
  3. Android - DEX file format
    By OHPen in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: June 25th, 2009, 18:15
  4. Question concerning .NET file format...
    By rendari in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: March 12th, 2008, 13:27
  5. Iso image file format
    By godel in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: October 31st, 2001, 15:49

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •