Fix issue #106

[N0fix]

Hello,

I tested this comment fix, and it seems to work, so here is the PR.

Context

Some context about issue #106: an error occurs within sigmake while processing pattern files that provide invalid function length, with "invalid" meaning that the function length should be an hexadecimal number with either 8 or 4 digits. In the current code of idb2pat, function sizes were calculated to at least 4 digits, but not forced to 8 digits if the number exceeds 4 digits. Analyzing any function which size exceeds 0xFFFF would result in an invalid pattern file.

The fix

Changed the %04X format to %08X format. This should not have any impact on the signature generation.

Testing the PR

The following shows what I did to test this PR.

Create a simple C program such as:

#include<stdio.h>
#include <stdlib.h>

int call_h(){
    int x = 2;
    int y = 4;
    puts("Hello");
    return x * 4 - 2;
}

void main(){
    printf("%x\n", call_h());
}

Compile it:

gcc -m32 a.c -o a32.out
gcc a.c -o a.out

Then:

• create pat signatures with idb2pat
• create a valid signature with sigmake
• stripp the executables and load them in IDA to check that the signature applies correctly.

I also tried on serde_derive_internals executable from Rust's serde crate, which has a proc_macro function that was exceeding 0xFFFF bytes, and it works perfectly.

[N0fix]

Also seems to be related to #107 and #59 , but doesn't fix all the issues presented in those GitHub issues.

[williballenthin]

thanks!