Static class that is used to match the all supported unpacking stub signatures against the input packed file.
To add new UPX signature follow these steps:
- Create signature in upx_stub_signature.cpp in the right section according to comments or create your own section if it is not present.
Signature archFormatVersionSignature =
{
};
#define CAP
Definition: signature.h:28
#define ANY
Definition: signature.h:23
- Add signature into allStubs. Provide right retdec::fileformat::Architecture, retdec::fileformat::FileFormat and retdec::unpacker::upx::UpxStubVersion. PE signature also require their whole size to be provided. ELF does not require this. If you signature is located at the variable offset from entry point, you also need to provide maximum search distance. See UpxStubData for further details.
Make sure your signature provide all required data according to implementation of UpxStub::detectVersion for specific file format. Check these methods first to see what kind of data your signature need to capture.