Solved I need a 64-bit debugging tool that can run the SigMaker plugin!

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Kalist

Newbie
Full Member
Jul 5, 2015
24
122
0
I need to codecave, and I'm not familiar with how to manually find/allocate signatures/patterns yet. So as suggested, I need to use the SigMaker 0.4, but my problem is it only works in OllyDbg and that runs in 32-bit, which means I can't attach to 64-bit processes...

Please don't tell me IDA is my only option... It costs money and it's so confusing. Also tutorials on how to use it is very limited apparently.
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
I need to codecave, and I'm not familiar with how to manually find/allocate signatures/patterns yet. So as suggested, I need to use the SigMaker 0.4, but my problem is it only works in OllyDbg and that runs in 32-bit, which means I can't attach to 64-bit processes...

Please don't tell me IDA is my only option... It costs money and it's so confusing. Also tutorials on how to use it is very limited apparently.
It obviously isn't you just gotta know asm and your address and then you don't need a plugin at all, with what memory editing software ever that can view it (Cheat Engine?)
 

Kalist

Newbie
Full Member
Jul 5, 2015
24
122
0
Oh, so the plugin is just for "lazy" people?

How do I manually "test sig" then?
 
Last edited:

Obsta

Jr.Hacker
Meme Tier VIP
Jan 27, 2014
394
4,338
17
I haven't worked with sigs yet, but from just watching the video i think you just structure the sig like
get the functions bytes and separate them like
string mySig = "\0x01\0x02\0x03\0x04\"

and then the mask is just xxxxxxx???
x = if you know its a byte
? = its 0 bytes
 

Kalist

Newbie
Full Member
Jul 5, 2015
24
122
0
Yeah but, how do you know how many bytes you need to create a signature/pattern to that address/function. Because with SigMaker you can see when it has only one signature pointing to that address, but without it you have no guidelines telling you how many functions you need to take into account above or below your desired instruction/function.

As I can understand, there can be more than one signature pointing to the same address, either shorter or longer.
 

Obsta

Jr.Hacker
Meme Tier VIP
Jan 27, 2014
394
4,338
17
Yeah but, how do you know how many bytes you need to create a signature/pattern to that address/function. Because with SigMaker you can see when it has only one signature pointing to that address, but without it you have no guidelines telling you how many functions you need to take into account above or below your desired instruction/function.

As I can understand, there can be more than one signature pointing to the same address, either shorter or longer.
Ah yeah that's a good point, a alternative is to take in a bunch of extra bytes just to make sure there is no secondary signatures as he does in the tutorial, yeah i know this is messy but its the only solution posted so far.
I think the function size is gotten by adding the instruction's byte size? Just a guess.

I'm just theory crafting, there are people here who know how to do this properly though, wait for them.
 

squeenie

Hacker
Meme Tier VIP
Dank Tier Donator
Mar 6, 2013
677
5,478
37
You just replace the bytes that get changed with question marks in your mask. So opcodes like jmp, push etc use 'x' in the mask while dynamic addresses and the like use '?'. It can be tedious to craft your own, but not difficult.
 

rN'

Jr.Hacker
Meme Tier VIP
Jan 19, 2014
340
5,268
41
Well, write the sig and test it in your application or check pm, hf with ida
 

Helios

Coder
Meme Tier VIP
May 24, 2012
207
1,113
4
Yeah but, how do you know how many bytes you need to create a signature/pattern to that address/function. Because with SigMaker you can see when it has only one signature pointing to that address, but without it you have no guidelines telling you how many functions you need to take into account above or below your desired instruction/function.

As I can understand, there can be more than one signature pointing to the same address, either shorter or longer.
You just use cheat engine to search for an "Array of byte" and if there are several results, you done goofed.
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods