From d8154f3bf473e2ca0a85fa449c23fdff108ea05d Mon Sep 17 00:00:00 2001 From: data-bomb Date: Mon, 13 Feb 2023 03:46:23 +0000 Subject: [PATCH] Improve masking technique Attempts to fix the over-conservative masking leading to long signatures by adopting the approach from the legacy IDA script. --- makesig.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makesig.py b/makesig.py index 4bb5196..528549c 100644 --- a/makesig.py +++ b/makesig.py @@ -45,7 +45,7 @@ def shouldMaskOperand(ins, opIndex): optype = ins.getOperandType(opIndex) # if any(reg.getName() == "EBP" for reg in filter(lambda op: isinstance(op, Register), ins.getOpObjects(opIndex))): # return False - return optype & OperandType.DYNAMIC or optype & OperandType.ADDRESS + return optype & (OperandType.ADDRESS or OperandType.DATA) or optype & (OperandType.ADDRESS or OperandType.SCALAR) def getMaskedInstruction(ins): """