[asherkin]

Correct. Read his post again, that's what he said.

[imyz]

Quote:

Originally Posted by asherkin Correct. Read his post again, that's what he said.

I don't get it still. The sequence of bytes of Linux's shows "55 B8 80 30 B3 00 89 E5...", while the one of Windows' says "55 8B EC 66 8B 45 08 66....".

Sorry, I'm a noob to this. Could you please tell me more about this? Thank you.

"GetFileWeaponInfoFromHandle" - server.dll (Windows binary)

Code:

10254B80  55 8B EC 66 8B 45 08 66  3B 05 12 9C 4C 10 73 1A  U..f.E.f;...L.s.
10254B90  B9 FF FF 00 00 66 3B C1  74 10 0F B7 C8 A1 04 9C  .....f;.t.......
10254BA0  4C 10 03 C9 8B 44 C8 0C  5D C3 B8 20 9C 4C 10 5D  L....D..].. .L.]
10254BB0  C3 CC CC CC CC CC CC CC  CC CC CC CC CC CC CC CC  ................

[imyz]

Can anybody show me the way to solve this problem? Thank you very much.

[jess]

Hunting for Windows Signatures requires that you fully understand what you're doing. No two signatures are identical, either, and it makes it a lot easier when there are strings involved. Even if someone walks you through it step-by-step, if you don't know what you're doing 100% by yourself, you're likely going to require assistance for every signature you need.

An easy way to learn is to go to school, or use existing Windows signatures as a starting point. You can pull up both the .so and .dll files in IDA, and already knowing the windows signature, you can work backwards in the process to see how it works. With signature hunting, learning how to do it yourself, even if it takes a while, is still better than hoping one of the few people who can do it will be willing to do it for you.

There is a signature request thread, however, but you do have to wait for someone to get around to it.