Quote:
Originally Posted by Arkshine
Well, I don't have enough knowledge in assembly to affirm whether this opcode is static. As I said in the tutorial, it's easier to take just the first byte of each line until you have a unique signature. No need to bother with the others bytes. It might create longer signatures but doesn't matter much.
And by the way, "?" should be used by default. "?" = any bytes, "*" = any bytes or nothing. Most of time, you want "?".
|
Hey Arkshine, could u better explain what keep always the first byte emans? Thanks !
I understood, in the IDA View-A I look for the 1st byte and keep it, and replace any other bytes with ?