Convert IDA signature to code signature and vice versa.
Simple C program for converting an IDA pattern (89 04 24 FF 92 ? ? ? ? 89 34 24)
into a code pattern (\x89\x04\x24\xFF\x92????\x89\x34\x24) or vice versa.
The code patterns are meant to be used with a signature scanning library such as 8dcc/libsigscan. See also my Signature scanning in C blog entry.
$ git clone https://github.com/8dcc/ida2sig
$ cd ida2sig
$ make
...
$ sudo make install
...$ ./ida2sig "89 04 24 FF 92 ? ? ? ? 89 34 24"
"\x89\x04\x24\xFF\x92????\x89\x34\x24"
$ ./ida2sig -m "89 04 24 FF 92 ? ? ? ? 89 34 24" # Use mask
code = "\x89\x04\x24\xFF\x92\x00\x00\x00\x00\x89\x34\x24"
mask = "xxxxx????xxx"
$ ./sig2ida "\x89\x04\x24\xFF\x92????\x89\x34\x24"
"89 04 24 FF 92 ? ? ? ? 89 34 24"