Thread: Windows sigscan address finding
View Single Post
Chrisber
AlliedModders Donor
Chrisber's Avatar
Join Date: Jul 2007
Location: localhost
Old 07-29-2010 , 08:50   Re: Windows sigscan address finding
Reply With Quote #5
So if I understand you right, you have 4 possibilities:
Code:
1.) "direct" sigs
myFunc = SigToPointer(sig);

->
"myFunc"
{
    "type"    "direct"
    "sig"        "blah"
}

2.) sig to another function + offset
myFunc = SigToPointer(sig) + offset;

->
"myFunc"
{
    "type"    "offset"
    "sig"        "blah"
    "offset"    "290"
}

3.) calling a sigged function
myFunc = ((myFunc_t*)SigToPointer(sig));

->
"myFunc"
{
    "type"    "call"
    "sig"        "blah"
    "offset"    "290"
}

4.) calling a sigged function + offset
myFunc = ((myFunc_t*)SigToPointer(sig)) + offset;

->
"myFunc"
{
    "type"    "offsetcall"
    "sig"        "blah"
    "offset"    "290"
}
I think it isn't a problem to create a parser for this.
If you (or your dev team want) I can create one for you (or extend your old ones).

Chris
Chrisber is offline