How to get a signature for an incredibly short function
I'm trying to get a signature function for
Code:
CEventAction::__operator_delete I managed to locate the function in IDA, however the function is incredibly short, how can I create a unique signature to locate this function since the IDA script was unable to generate one, and the function is incredibly short. (For an existing extension) (I know this isn't 100% coding related, but I didn't think it belonged in the signature request thread as I already have the function just don't know how to make a unique signature to find it) |
Re: How to get a signature for an incredibly short function
Looking at the disassembly in a random server binary I have, three choices come to mind:
Don't mask the address of the global variable used. This will probably break the signature every update. If you just want to use it, reimplement it yourself. More work, but you might be able to get something that won't break every update. (Alternative: if you do this work and can find the address of the global, you can patch your signature at runtime?) Find another function that uses it, then use a signature plus offset to pull the address out of the call. |
Re: How to get a signature for an incredibly short function
Quote:
|
Re: How to get a signature for an incredibly short function
Even so, the offset from the unrelocated binary can be added to the base found at runtime; basically the 'alternative: patch the signature at runtime.'
|
All times are GMT -4. The time now is 20:20. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.