SHARE
TWEET

CESigMaker - cleaned up

a guest May 25th, 2019 78 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include "loader.h"
  2.  
  3. static CE_EXPORTED_FUNCTIONS exports;
  4.  
  5. //static int memory_view_tab_pluginid = -1;
  6.  
  7. static CE_MEMORY_VIEW_PLUGIN_INIT memory_view_tab;
  8. static CE_DISASSEMBLER_CONTEXT_INIT disassembler_context_option;
  9.  
  10. static size_t sig_size = 18;
  11.  
  12. void set_clipboard(const std::string& str) {
  13.     OpenClipboard(0);
  14.     EmptyClipboard();
  15.    
  16.     auto buf = GlobalAlloc(GMEM_MOVEABLE, str.size());
  17.    
  18.     if (!buf) {
  19.         CloseClipboard();
  20.         return;
  21.     }
  22.  
  23.     std::memcpy(GlobalLock(buf), str.c_str(), str.size());
  24.    
  25.     GlobalUnlock(buf);
  26.     SetClipboardData(CF_TEXT, buf);
  27.     CloseClipboard();
  28.     GlobalFree(buf);
  29. }
  30.  
  31. BOOL CE_CONV on_makesig(uintptr_t* selected_address) {
  32.     std::ostringstream stream;
  33.     HDE hs;
  34.  
  35.     auto size = sig_size + 2;
  36.     auto handle = *exports.OpenedProcessHandle;
  37.     auto buffer = new unsigned char[size];
  38.  
  39.     std::memset(buffer, 0, sig_size);
  40.     ReadProcessMemory(handle, reinterpret_cast<void*>(*selected_address - sig_size), buffer, size, nullptr);
  41.  
  42.     for (int i = 0; i < size; i++) {
  43.         unsigned char c = buffer[i];
  44.         HDE_DISASM(buffer + i, &hs);
  45.  
  46.         switch (hs.opcode) {
  47.         case 0xE8: // call
  48.         case 0xE9: // jmp
  49.             i += hs.len;
  50.             for (int k = 0; k < hs.len; k++)
  51.                 stream << "\\?";
  52.             continue;
  53.         }
  54.  
  55.         stream << "\\x" << std::hex << std::setfill('0') << std::setw(2) << std::uppercase << static_cast<int>(c);
  56.     }
  57.  
  58.     delete[] buffer;
  59.  
  60.     auto str = stream.str();
  61.     auto res = stream.str().substr(0, str.size() - 3);
  62.  
  63.     set_clipboard(res);
  64.  
  65.     exports.ShowMessage("Copied signature to clipboard!");
  66.  
  67.     return true;
  68. }
  69.  
  70. BOOL CE_CONV on_rightclick(uintptr_t selected_address, const char** name_address, BOOL* show) {
  71.     return true;
  72. }
  73.  
  74. BOOL CE_CONV on_settings_click(uintptr_t* disassembler_address, uintptr_t* selected_disassembler_address, uintptr_t* hexview_address) {
  75.  
  76.     return TRUE;
  77. }
  78.  
  79. BOOL CE_CONV CEPlugin_GetVersion(CE_PLUGIN_VERSION* version, int version_size) {
  80.     version->plugin_name = "SigMaker";
  81.     version->version = 1.0;
  82.  
  83.     return sizeof(CE_PLUGIN_VERSION) == version_size;
  84. }
  85.  
  86. BOOL CE_CONV CEPlugin_InitializePlugin(CE_EXPORTED_FUNCTIONS* ef, int pluginid) {
  87.     exports = *ef;
  88.  
  89.     memory_view_tab.name = "SigMaker: Settings";
  90.     memory_view_tab.callback_routine = on_settings_click;
  91.     memory_view_tab.shortcut = "Ctrl+E";
  92.  
  93.     disassembler_context_option.name = "SigMaker: Create signature";
  94.     disassembler_context_option.callback_routine = &on_makesig;
  95.     disassembler_context_option.callback_routine_onpopup = &on_rightclick;
  96.  
  97.     exports.RegisterFunction(pluginid, CE_PLUGIN_TYPE_DISASSEMBLER_CONTEXT, &disassembler_context_option);
  98.     //memory_view_tab_pluginid = exports.RegisterFunction(pluginid, CE_PLUGIN_TYPE_MEMORY_VIEW, &memory_view_tab); //adds a plugin menu item to the memory view
  99.  
  100.     return true;
  101. }
  102.  
  103. BOOL CE_CONV CEPlugin_DisablePlugin() {
  104.     return true;
  105. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top