sigmaker 0.1.0__tar.gz

sigmaker-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Mahmoud Rusty Abdelkader
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

sigmaker-0.1.0/PKG-INFO

@@ -0,0 +1,8 @@
+Metadata-Version: 2.1
+Name: sigmaker
+Version: 0.1.0
+Summary: IDA Pro plugin to generate signatures for code
+Author: Mahmoud Abdelkader
+Requires-Python: >=3.10
+Provides-Extra: dev
+License-File: LICENSE

sigmaker-0.1.0/README.md

@@ -0,0 +1,97 @@
+# Signature Maker Plugin for IDA Pro 9.0+
+
+[![ida-sigmaker tests](https://github.com/mahmoudimus/ida-sigmaker/actions/workflows/python.yml/badge.svg)](https://github.com/mahmoudimus/ida-sigmaker/actions/workflows/python.yml)
+
+An IDA Pro 9.0+ cross-platform signature maker plugin that works on MacOS/Linux/Windows. The primary goal of this plugin is to work with future versions of IDA without needing to compile against the IDA SDK as well as to allow for easier community contributions.
+
+## What is a "sigmaker"?
+
+Sigmaker stands for "signature maker." It enables users to create unique binary pattern signatures that can identify specific addresses or routines within a binary, even after the binary has been updated.
+
+In malware analysis or binary reverse engineering, a common challenge is pinpointing an important address, such as a function or global variable. However, when the binary is updated, all the effort spent identifying these locations can be lost if their addresses change.
+
+To preserve this work, reverse engineers take advantage of the fact that most programs do not change drastically between updates. While some functions or data may be modified, much of the binary remains the same. Most often, previously identified addresses are simply relocated. This is where `sigmaker` comes in.
+
+Sigmaker lets you create unique patterns to track important parts of a program, making your analysis more resilient to updates. By generating signatures for specific functions, data references, or other critical locations, you can quickly relocate these points in a new version of the binary, saving time and effort in future reverse engineering tasks.
+
+## Requirements
+
+- IDA Pro 9.0+
+- IDA Python
+- Python 3.10+
+
+## Installation
+
+sigmaker's main value proposition is its cross-platform (Windows, macOS, Linux) Python 3 support. It uses zero third party dependencies, making the code both portable and easy to install.
+
+- Copy `sigmaker.py` into the /plugins/ folder to the plugin directory!
+- Restart your disassembler.
+
+That's it!
+
+### Need to find your plugin directory?
+
+From IDA's Python console run the following command to find its plugin directory:
+
+```python
+import idaapi, os; print(os.path.join(idaapi.get_user_idadir(), "plugins"))
+```
+
+### Where and what is my default user directory?
+
+The user directory is a location where IDA stores some of the global settings and which can be used for some additional customization.
+Default location:
+
+- On Windows: `%APPDATA%/Hex-Rays/IDA Pro`
+- On Linux and Mac: `$HOME/.idapro`
+
+## Usage
+
+In disassembly view, select a line you want to generate a signature for, and press
+**CTRL+ALT+S**
+![](https://i.imgur.com/b4MKkca.png)
+
+The generated signature will be printed to the output console, as well as copied to the clipboard:
+![](https://i.imgur.com/mTFbKce.png)
+
+___
+
+| Signature type | Example preview |
+| --- | ----------- |
+| IDA Signature | E8 ? ? ? ? 45 33 F6 66 44 89 34 33 |
+| x64Dbg Signature | E8 ?? ?? ?? ?? 45 33 F6 66 44 89 34 33 |
+| C Byte Array Signature + String mask | \xE8\x00\x00\x00\x00\x45\x33\xF6\x66\x44\x89\x34\x33 x????xxxxxxxx |
+| C Raw Bytes Signature + Bitmask | 0xE8, 0x00, 0x00, 0x00, 0x00, 0x45, 0x33, 0xF6, 0x66, 0x44, 0x89, 0x34, 0x33  0b1111111100001 |
+
+___
+
+### Finding XREFs
+
+Generating code Signatures by data or code xrefs and finding the shortest ones is also supported:
+![](https://i.imgur.com/P0VRIFQ.png)
+
+___
+
+### Signature searching
+
+Searching for Signatures works for supported formats:
+
+![](https://i.imgur.com/lD4Zfwb.png)
+
+Just enter any string containing your Signature, it will automatically try to figure out what kind of Signature format is being used:
+
+![](https://i.imgur.com/oWMs7LN.png)
+
+Currently, all output formats you can generate are supported.
+
+Match(es) of your signature will be printed to console:
+
+![](https://i.imgur.com/Pe4REkX.png)
+
+## Acknowledgements
+
+Thank you to to [@A200K](https://github.com/A200K)'s [IDA-Pro-SigMaker](https://github.com/A200K/IDA-Pro-SigMaker) plugin which served as an inspiration and the initial port of this plugin.
+
+## Contact
+
+ping me on x [@mahmoudimus](https://x.com/mahmoudimus) or you may contact me from any one of the addresses on [mahmoudimus.com](https://mahmoudimus.com).

sigmaker-0.1.0/pyproject.toml

@@ -0,0 +1,38 @@
+[build-system]
+requires = ["setuptools", "wheel", "cython>=3.0.11"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "sigmaker"
+requires-python = ">= 3.10"
+version = "0.1.0"
+authors = [{ name = "Mahmoud Abdelkader" }]
+description = "IDA Pro plugin to generate signatures for code"
+dependencies = []
+
+[project.optional-dependencies]
+dev = []
+
+[tool.setuptools]
+package-dir = { "" = "src" }
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.cyright]
+include = ["*.py", "src/", "include/"]
+exclude = ["build/", "docs/", "scripts/", "samples/", "tests/"]
+
+reportGeneralTypeIssues = true
+reportOptionalSubscript = true
+reportOptionalMemberAccess = true
+reportOptionalCall = true
+reportOptionalIterable = true
+reportOptionalContextManager = true
+reportOptionalOperand = true
+reportMissingModuleSource = true
+
+[tool.cython-lint]
+max-line-length = 88
+ignore = ['E503', 'E504']
+exclude = []

sigmaker-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

sigmaker-0.1.0/setup.py

@@ -0,0 +1,218 @@
+"""Build script for the IDA Pro sigmaker Cython module.
+
+This ``setup.py`` detects the host platform and architecture in order to
+select appropriate compilation and linkage flags.
+The build expects the IDA SDK to be installed and accessible via the
+environment variable ``IDA_SDK``.
+"""
+
+import functools
+import os
+import pathlib
+import platform
+import re
+
+from Cython.Build import cythonize
+from setuptools import Extension, find_packages, setup
+
+# ---------------------------------------------------------------------------
+# Platform detection
+# Use the host system and architecture to adjust compiler options.
+OSTYPE = platform.system()
+ARCH = platform.processor() or platform.machine()
+x64 = platform.architecture()[0] == "64bit"
+COMPILER_OPTIMIZATION_LEVEL = re.compile(r"-O[0-3]\b")
+
+
+if ARCH == "ppc64le":
+    LIBRARY = "ppc64le"
+elif ARCH == "aarch64":
+    LIBRARY = "aarch64"
+elif ARCH == "arm" or ARCH == "arm64":
+    LIBRARY = "arm64"
+else:  # 'AMD64', 'x86_64', 'i686', 'i386'
+    LIBRARY = "amd64" if x64 else "intel32"
+
+if OSTYPE == "Darwin":
+    LIBRARY_EXT = ".dylib"
+elif OSTYPE == "Linux":
+    LIBRARY_EXT = ".so"
+else:
+    LIBRARY_EXT = ".dll"
+
+
+def compile_args(debug_mode=False):
+    """Return platform-specific compilation arguments."""
+    match OSTYPE:
+        case "Windows":
+            if debug_mode:
+                debug_flags = ["/Z7", "/Od"]
+            # For MSVC: `/TP` tells the compiler to treat sources as C++
+            # files and `/EHa` enables asynchronous exception handling.
+            return ["/TP", "/EHa"] + debug_flags
+        case "Linux":
+            # Suppress a few warnings that are often triggered by IDA
+            # headers.  These are the same warnings ignored in amplpy's
+            # build script【561865107149785†L125-L153】.
+            if debug_mode:
+                debug_flags = ["-g", "-O0", "-Wall", "-Wextra", "-Wpedantic"]
+            return [
+                "-Wno-stringop-truncation",
+                "-Wno-catch-value",
+                "-Wno-unused-variable",
+            ] + debug_flags
+        case "Darwin":
+            # On macOS specify the minimum supported version and optionally
+            # enable debug symbols when the DEBUG environment variable is set.
+            ignore_warnings = [
+                "-Wno-unused-variable",
+                "-Wno-nullability-completeness",
+                "-Wno-sign-compare",
+                "-Wno-logical-op-parentheses",
+                "-Wno-varargs",
+                "-Wno-unused-private-field",
+                "-Wno-c99-extensions",
+                "-Wno-nested-anon-types",
+                "-Wno-gnu-anonymous-struct",
+                "-Wno-nullability-extension",
+                "-Wno-extra-semi",
+            ]
+            debug_flags = []
+            if debug_mode:
+                debug_flags = [
+                    "-g",
+                    "-fno-omit-frame-pointer",
+                    "-O0",
+                    "-ggdb",
+                    "-UNDEBUG",
+                    "-Wall",
+                    "-Wextra",
+                    "-Wpedantic",
+                    # Cython is not deprecation-proof
+                    "-Wno-deprecated-declarations",
+                ]
+                # If DEBUG is set, ensure CFLAGS has -O0 (override any -O[0-3])
+                cflags = os.environ.get("CFLAGS", "")
+                # Remove any -O[0-3] flags
+                cflags = COMPILER_OPTIMIZATION_LEVEL.sub("", cflags)
+                # Add -O0 at the beginning (or just set if empty)
+                cflags = "-O0 " + cflags.strip()
+                os.environ["CFLAGS"] = cflags.strip()
+            return ["-mmacosx-version-min=10.9"] + debug_flags + ignore_warnings
+        case _:
+            # Default: no extra flags
+            return []
+
+
+def link_args(debug_mode=False):
+    """Return platform-specific linker arguments."""
+    debug_flags = []
+    match OSTYPE:
+        case "Darwin":
+            # Use @loader_path to encode a relative rpath.  The placeholder
+            # ``{rpath}`` will be substituted at runtime below.
+            rpath = os.path.join("lib")
+            if debug_mode:
+                debug_flags = ["-g"]
+            return [
+                "-Wl,-headerpad_max_install_names,-rpath,@loader_path/" + rpath
+            ] + debug_flags
+        case "Linux":
+            rpath = os.path.join("lib")
+            if debug_mode:
+                debug_flags = ["-g"]
+            return ["-Wl,-rpath,$ORIGIN/" + rpath] + debug_flags
+        case "Windows":
+            if debug_mode:
+                return ["/DEBUG"]
+            return []
+        case _:
+            return []
+
+
+def using_ida_sdk(include_dirs, library_dirs):
+    IDA_SDK = pathlib.Path(os.environ.get("IDA_SDK", "/opt/ida/9/sdk"))
+    if not IDA_SDK.exists():
+        raise FileNotFoundError(f"IDA SDK not found at {IDA_SDK}")
+    include_dirs.append(IDA_SDK / "include")
+    library_dirs.append(IDA_SDK / "lib")
+
+    match OSTYPE:
+        case "Windows":
+            library_dirs.append(IDA_SDK / "lib" / "x64_win_vc_64")
+            library_dirs.append(IDA_SDK / "lib" / "x64_win_qt")
+        case "Darwin":
+            if LIBRARY == "arm64" or LIBRARY == "aarch64":
+                library_dirs.append(IDA_SDK / "lib" / "arm64_mac_clang_64")
+            else:
+                library_dirs.append(IDA_SDK / "lib" / "x64_mac_clang_64")
+        case "Linux":
+            library_dirs.append(IDA_SDK / "lib" / "x64_linux_gcc_64")
+        case _:
+            pass
+
+
+def ext_modules(with_ida_sdk=False, debug_mode=False):
+    include_dirs = [
+        pathlib.Path(__file__).parent / "include",
+    ]
+    library_dirs = []
+    libraries = []
+    if with_ida_sdk:
+        using_ida_sdk(include_dirs, library_dirs)
+
+    include_paths = [str(path) for path in include_dirs]
+    library_paths = [str(path) for path in library_dirs]
+
+    modules = []
+    macros: list[tuple[str, str | None]] = [("__EA64__", "1")] if x64 else []
+    if debug_mode:
+        # Profiling requires special macro directives
+        macros.append(("CYTHON_TRACE", "1"))
+        macros.append(("CYTHON_CLINE_IN_TRACEBACK", "1"))
+        macros.append(("CYTHON_CLINE_IN_TRACEBACK_RUNTIME", "1"))
+        macros.append(("CYTHON_USE_SYS_MONITORING", "1"))
+
+    partialed_cythonize = functools.partial(
+        cythonize,
+        compiler_directives={
+            "language_level": "3",
+            "binding": True,
+            "embedsignature": True,
+            "boundscheck": False,
+            "wraparound": False,
+            # these are enabled for debugging only
+            "profile": debug_mode,
+            "linetrace": debug_mode,
+        },
+        annotate=debug_mode,
+        gdb_debug=debug_mode,
+    )
+    modules += partialed_cythonize(
+        Extension(
+            "*",
+            ["src/**/*.pyx"],
+            language="c++",
+            include_dirs=include_paths,
+            library_dirs=library_paths,
+            libraries=libraries,
+            extra_compile_args=compile_args(debug_mode),
+            extra_link_args=link_args(debug_mode),
+            define_macros=macros,
+        )
+    )
+
+    return modules
+
+
+DEBUG_MODE = os.environ.get("DEBUG", "0") == "1"
+setup(
+    name="ida-sigmaker",
+    version="0.1.0",
+    description="IDA Pro plugin to generate signatures for code",
+    ext_modules=ext_modules(with_ida_sdk=False, debug_mode=DEBUG_MODE),
+    packages=find_packages(include=("sigmaker*",)),
+    package_dir={"": "src"},
+    python_requires=">=3.10",
+    zip_safe=False,
+)