mr-tz
commented
3 years ago It may be worth doing something about collisions like these:
$ sigmake.exe -v -v -v VS9-VC-lib-msvcrt.lib.pat test.sig
Signature file maker (c) 1997-2020 Hex-Rays. Version 1.51
Reading file VS9-VC-lib-msvcrt.lib.pat
Total leaves in tree now=116; total dropped=13
Resolving collisions...
COLLISION:
___setargv
___wsetargv
COLLISION:
_WinMainCRTStartup
_mainCRTStartup
_wWinMainCRTStartup
_wmainCRTStartup
Modules : 101
Leaves : 116
Total dropped : 13 (13 at inclusion, 0 at resolution)
Collision nodes : 2
Files : 1
# 0: VS9-VC-lib-msvcrt.lib.pat : 1852402836 leaves (out of 129 total)
Collision nodes details:
C705........0100000033C0C3...................................... : 2 leaves.
E8........E9.................................................... : 4 leaves.
When using sigmake it may be worth spending some time inspecting the .exc files to generate even more useful .sig files. However, this may be a lot of work. So, let's explore the actual benefit vs. work load first.