A simple PE function signature dumper written in C11 with no external dependencies.
Usage: %s <pePath> <functionName> <sigLength>
pePath - the path to your PE file
functionName - the name of the function you want signature of
sigLength - length of the signature
All of the parameters are required.
- Parses a PE image (e.g.
winload.efi,pcw.sysetc.) to extract its CodeView debug directory - Downloads the matching PDB from the Microsoft symbol server
- Uses DbgHelp to look up a named function's RVA in that PDB
- Maps the RVA back into the original PE file's raw bytes
- Dumps the first N bytes (signature length) of that function as hexadecimal format (
0xAA, 0xBB, 0xFF...)
This repository uses Meson. Make sure you have it installed in your system, if not then please refer to this link.
Build the project by
meson setup build
It will create the build directory. Now compile the project with
meson compile -C build
You will find the executable file inside the build directory.
If any reason you can't have Meson, then use the VS Developer Command Prompt to compile via
cl /W4 /DUNICODE /D_UNICODE /TC Main.c Pdb.c Signature.c Error.c /link DbgHelp.lib WinHttp.lib /out:SigScanner.exe.
- Make signature length optional and force minimum unique signature length
- Add command line parameters
- dump C signature
- no pdb download/use from disk
- signature length
- Improve error messages
- Fork the Repository: Fork this repository to your GitHub account.
- Create a Branch: Create a new branch for your changes.
- Make Changes: Implement your changes, and ensure everything is working.
- Open a Pull Request (PR): Submit a pull request describing your changes. Before contributing, please ensure the following:
- Your code adheres to the existing style.
- All the code you have written is passing i.e. is working as expected.
Have any issues or bugs to report? Please use the GitHub issues tracker to report any problems or request new features.
- Visit the Issues section.
- Provide a description of the problem or feature request.