Generate compiler\packer signature in Delphi

Question

If you work with PEiD (or similar apps) then you known that apps can tell we, the opened executable file Compiled with what Compiler or Packed with what packer. The PEiD do this work using comparing executable signature with all signatures in UserDB.

I want to create a new signature for (for example) a new compiler/packer .How can i do it ??

I wrote a routine for extracting compiler/packer signature from executable file, Now i want to get a new signature, I should retrieve compiler/packer signature from some of executable file (In this case 5) and compare that's together and create new signature,For example if the following strings are compiler/packer signatures of 5 files :

'E4 55 33 22 00 FF E4 55 33 22 00 11 FF E2 22 00 E0' 
'E4 55 32 22 01 FF E4 55 32 22 01 11 FF E2 21 00 E0' 
'E4 55 42 22 00 FF E2 55 42 22 00 11 FE E2 22 10 E0' 
'E4 55 35 22 01 FF E4 55 35 22 01 11 FF E2 22 00 E0' 
'E4 55 25 22 01 FF E4 55 35 22 01 11 FF E2 22 00 E0' 

I must get this string for result :

'E4 55 ?? 22 ?? FF ?? 55 ?? 22 ?? 11 ?? E2 ?? ?? E0'

It means that : If a value (For example 'E4') was common in all of the other signatures then that's add to the result Else replace with '??' (I hop you can understand my mean)

I wrote the following code but doesn't work correctly and return :

 'E4 55 ?? 22 ?? FF E4 55 ?? 22 ?? 11 FF E2 ?? 00 E0'

Instead of :

'E4 55 ?? 22 ?? FF ?? 55 ?? 22 ?? 11 ?? E2 ?? ?? E0'

Code :

...
uses System.StrUtils, System.Types;
...
var
  InputSignatures: TStringList;
  I, J: Integer;
  CompleteTxt: string;
  Con: array of TStringDynArray;
begin
  InputSignatures := TStringList.Create;

    InputSignatures.Add('E4 55 33 22 00 FF E4 55 33 22 00 11 FF E2 22 00 E0');
    InputSignatures.Add('E4 55 32 22 01 FF E4 55 32 22 01 11 FF E2 21 00 E0');
    InputSignatures.Add('E4 55 42 22 00 FF E2 55 42 22 00 11 FE E2 22 10 E0');
    InputSignatures.Add('E4 55 35 22 01 FF E4 55 35 22 01 11 FF E2 22 00 E0');
    InputSignatures.Add('E4 55 25 22 01 FF E4 55 35 22 01 11 FF E2 22 00 E0');
    // E4 55 ?? 22 ?? FF ?? 55 ?? 22 ?? 11 ?? E2 ?? ?? E0
    SetLength(Con, InputSignatures.Count);

    for I := 0 to InputSignatures.Count - 1 do
    begin
      Con[I] := SplitString(InputSignatures[I], ' ');
    end;

    J := 0;
    for I := 0 to Length(Con[J]) - 1 do
    begin
      for J := Low(Con) to High(Con) - 1 do
      begin
        if Con[J][I] <> Con[J + 1][I] then
        begin
          CompleteTxt := CompleteTxt + '?? ';
          Break;
        end
        else
        begin
          CompleteTxt := CompleteTxt + Con[J][I] + ' ';
          Break;
        end;
      end;
    end;
    ShowMessage(CompleteTxt);
 end;
...

Any idea ?? (Excuse me if my English is bad).

Answer 1

i write this code for same purpose, try this method:

procedure TForm1.Button1Click(Sender: TObject);
var
  InputSignatures: TStringList;
  item, output: TStringList;
  i, j: integer;
  ret: string;
begin
  InputSignatures := TStringList.Create;

  InputSignatures.Add('E4 55 33 22 00 FF E4 55 33 22 00 11 FF E2 22 00 E0');
  InputSignatures.Add('E4 55 32 22 01 FF E4 55 32 22 01 11 FF E2 21 00 E0');
  InputSignatures.Add('E4 55 42 22 00 FF E2 55 42 22 00 11 FE E2 22 10 E0');
  InputSignatures.Add('E4 55 35 22 01 FF E4 55 35 22 01 11 FF E2 22 00 E0');
  InputSignatures.Add('E4 55 25 22 01 FF E4 55 35 22 01 11 FF E2 22 00 E0');
    // E4 55 ?? 22 ?? FF ?? 55 ?? 22 ?? 11 ?? E2 ?? ?? E0

  output := TStringList.Create;
  item := TStringList.Create;
  output.Text := StringReplace(InputSignatures[0], ' ', #13#10, [rfReplaceAll]);

  for i := 1 to InputSignatures.Count -1 do
    begin
    item.Text := StringReplace(InputSignatures[i], ' ', #13#10, [rfReplaceAll]);

    for j := 0 to item.Count -1 do
      if item[j] <> output[j] then
        output[j] := '??';
    end;

  ret := StringReplace(output.Text, #13#10, ' ', [rfReplaceAll]);

  output.Free;
  item.Free;
  InputSignatures.Free;

  ShowMessage(ret);
end;