Quote:
Originally Posted by Chdata
I haven't had problems with their return values yet.
Is finding windows sigs that hard?
I wanted to use them to avoid offset maintenance during updates.
|
If you know the windows offset the easiest way to get the signature is to find the virtual function table (RTTI makes this easy, there are plugins for IDA that do all the work for you) and then count the functions in the vftable until you reach the offset - you got the function! Now you can either manually create the signature or use a script like
magesig.idc to do it for you.