View Single Post
  #5  
Old 02-11-2016, 06:03
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
@atom0s: sure, I mainly use it for a more fine-grained matching on instructions with wildcard registers, for example FF D0 (call eax), for call reg you need to match FF D?, so without nibbles you would match on FF and this also matches a lot of other shit (invalid instructions, inc [reg], call [] etc). I agree that in signature matching it isn't quite useful, but if you need to find the next 'call reg' in a reliable way you need nibble matching. Same applies to 'push reg'.

Obviously if you feel it's a bloat you shouldn't use it I just commented so other people don't have to implement it themselves.

Greetings
Reply With Quote
The Following User Says Thank You to mr.exodia For This Useful Post:
tonyweb (02-15-2016)