-
-
[转帖]Signsrch 0.1.7a
-
发表于: 2012-11-13 10:21
-
Signsrch 0.1.7a
signsrch.zip
tool for searching signatures inside files, extremely useful as help in reversing jobs like figuring or having an initial idea of what encryption/compression algorithm is used for a proprietary protocol or file.
it can recognize tons of compression, multimedia and encryption algorithms and many other things like known strings and anti-debugging code which can be also manually added since it's all based on a text signature file read at runtime and easy to modify.
supports also the scanning of processes, the conversion of the offsets of the executables in memory offsets, the loading of custom signature files and their automatic checking for avoiding errors, the automatic finding of the instructions that reference the found signatures (like "Find references" of Ollydbg) and the launching of an executable placing an INT3 byte at the desired memory offset (for example one of those retrieved with the -F option, watch the Video setion for an example).
the tool supports 8, 16, 32 and 64 bits, float and double plus automatic CRC table creation and C style strings.
feel free to send me your comments and other signatures if you like this tool.
the latest signsrch.sig file is available here: 05 Nov 2012
exists also a wrapper for Immunity Debugger available on http://www.autistici.org/ratsoul/iss.html
http://aluigi.org/
http://aluigi.org/mytoolz/signsrch.zip
signsrch.zip
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
