ida 7.7 sdk needs a flag in plugin_t class, which one we should use for this plugin?

#define PLUGIN_MOD  0x0001      ///< Plugin changes the database.
                                ///< IDA won't call the plugin if
                                ///< the processor module prohibited any changes.

#define PLUGIN_DRAW 0x0002 ///< IDA should redraw everything after calling the plugin.
#define PLUGIN_SEG 0x0004 ///< Plugin may be applied only if the current address belongs to a segment

#define PLUGIN_UNL  0x0008      ///< Unload the plugin immediately after calling 'run'.
                                ///< This flag may be set anytime.
                                ///< The kernel checks it after each call to 'run'
                                ///< The main purpose of this flag is to ease
                                ///< the debugging of new plugins.

#define PLUGIN_HIDE 0x0010      ///< Plugin should not appear in the Edit, Plugins menu.
                                ///< This flag is checked at the start.

#define PLUGIN_DBG  0x0020      ///< A debugger plugin. init() should put
                                ///< the address of ::debugger_t to dbg.

#define PLUGIN_PROC 0x0040      ///< Load plugin when a processor module is loaded. (and keep it
                                ///< until the processor module is unloaded)

#define PLUGIN_FIX 0x0080 ///< Load plugin when IDA starts and keep it in the memory until IDA stops

#define PLUGIN_MULTI    0x0100  ///< The plugin can work with multiple idbs in parallel.
                                ///< init() returns a pointer to a plugmod_t object
                                ///< run/term functions are not used.
                                ///< Virtual functions of plugmod_t are used instead.

#define PLUGIN_SCRIPTED 0x8000  ///< Scripted plugin. Should not be used by plugins,
                                ///< the kernel sets it automatically.

When I'm pressing "Test code pattern" in the main form nothing happens. "Test ida pattern" works completely fine and gives me a pop up where I have the insert the pattern.

I'm pretty sure I'm missing something.

Kind regards

First of all, i am very sorry. it's actually not an issus about this plugin.

I am using this ida sdk on Windows with VS2019. And writed a simple plugin. I can build for x64 platform. and it works.

But for x86 platform, the compiler tells "error LNK2001: unresolved external symbol _qgetenv@8". The compiler added a "_" and "@8" to the function qgetenv. I checked that there is an export "qgetenv" in \x64_win_vc_32\ida.lib.

the declare of function in idasdk is:
extern "C" bool __stdcall qgetenv(const char *varname, DEFARG(qstring *buf,NULL));

i googled, it means "_" and "@" is added by __stdcall. I tried __cdecl, but the external symbol changed to "_qgetenv".

Could you help me about this ? Thanks a lot

Sigs cannot be found anymore

It just gave me a wrong sig.

Well i thing the title says everything.
Im a little bit confused why this happens?
Because i cant find any reason why its not working

#15

sorry for reopen. problem not solved

in latest post was uploaded new dll, because csgo was updated after first post.
in last post i am attach new offset for new binary. you check old offset for new dll(its work for me too without problems)

https://www.upload.ee/files/8670562/client_-_offset_.text.1046E6C6.zip.zip.html

1. .text:1046E6C6

.text:1046E6C6                 call    sub_1046EB80
.text:1046E6CB
.text:1046E6CB loc_1046E6CB:                           ; CODE XREF: sub_1046E560+27^j
.text:1046E6CB                                         ; sub_1046E560+3B^j
.text:1046E6CB                 pop     edi
.text:1046E6CC                 pop     esi
.text:1046E6CD                 mov     esp, ebp
.text:1046E6CF                 pop     ebp
.text:1046E6D0                 retn    8
.text:1046E6D0 sub_1046E560    endp

2. this offset .text:1046EB80 freezy ida too

.text:1046EB80                 push    ebp
.text:1046EB81                 mov     ebp, esp
.text:1046EB83                 sub     esp, 8
.text:1046EB86                 push    esi
.text:1046EB87                 push    edi
.text:1046EB88                 mov     edi, ecx
.text:1046EB8A                 mov     ecx, [edi+10h]
.text:1046EB8D                 mov     dword ptr [edi], offset ??_7?$CProtoBufMsg@VCMsgGCCStrike15_v2_ClientReportPlayer@@@GCSDK@@6B@ ; const GCSDK::CProtoBufMsg<CMsgGCCStrike15_v2_ClientReportPlayer>::`vftable'
.text:1046EB93                 test    ecx, ecx

Is there a way to only generate sigs that start with the current instruction? I find sigs to the containing function sometimes unreliable or even useless.

It's been a while

Needs int changed to size_t for 7.5 or it throws an error when compiling
Aside from that seems to work fine.

size_t idaapi init( void )
{
Settings.Init( );
Settings.Load( "sigmaker.ini" );

return PLUGIN_OK;

}

Thanks

After I change the base address, "SigMarker" stops working (search for patterns and automatically generate them).

Does not work for IDA 7
LoadLibrary(C:\Program Files\IDA Freeware 7.0\plugins\sigmaker64.dll) error: The specified procedure could not be found.
C:\Program Files\IDA Freeware 7.0\plugins\sigmaker64.dll: can't load file

Hi. I've not really worked with this kind of thing before and I'm having an issue where I can't seem to generate any signatures at all. It was just giving me a fail message but upon turning up the logger level I found that every attempt failed with the message:
"dropped a sig due to decompilation failure."

I'm not sure if this is normal, if I'm doing something wrong or if something is actually broken with the plugin. It'd be great to get some help. This seems to happen with any and every function I try to generate a sig for which is what makes me think this isn't normal.

loop here:
do
{
....
//for some reason vecSig.size() can be 0 then HasOneHitSig all time return false -> infinity loop
} while (HasOneHitSig( vecSig ) == false);

for example:
in current csgo release 11.07.2018 client.dll.
search sig for address .text:1046E3A6

mb this fix?
if (nTotalCount < 1 || vecSig.size() < 1) // vecSig.size()
{
hide_wait_box( );

        if (Settings.iLogLevel >= 2)
        {
            msg( "automated signature generation failed. Unable to proceed.\n" );
        }

        return false;
    }