May 2, 2020
Hey i'm thinking about working on a function that will find a sig to a function to update addresses across updates, can anyone reference any books/videos that could help out with finding a signature.


Jan 21, 2014
Watch this video

Then checkout this updated code, because the code in the video was not perfect

That will teach you how to make sigs, why to make sigs etc... There are many sig generation tools, none are necessary.

I make all my sigs manually, just convert anything that might change such as relative offsets or hard coded addresses to wildcards, that's it, it's not rocket science

You want to make sigs a bit longer than necessary so they won't get false positives on updates

Make your sig scan function return a vector of results, if vector size is more than 1 or 0, you should error out and report to you that you need to update the sig


Jun 25, 2014
A signature is just a series of bytes that will not change, no books or videos necessary

You simply need to understand which instructions CAN have their bytes modified depending on relocation, and know which parts of those instructions are actually changed, if you truly want a resource then you can look up how instructions are encoded (some keywords: Mod r/m and displacement should get you to a decent pdf or something)
