slm flirt sigs and ida dll problem [Archive] - RCE Messageboard's Regroupment

View Full Version : slm flirt sigs and ida dll problem

Sab

December 21st, 2000, 00:40

um.. just a few questions wondering if anyone has the answer.
First one is when loading a sentinal lm protected application into ida.. it asks for a lsapiw32.dll; this is a dll used by the protection system. Problem is ida wont except lsapiw32 . says something along the lines of "lsapiw32.dll cannot be accepted as module LSAPIW32" (btw it will take any other dll i spit at it though).

Second question is the ida flirt signatures. When applying the flirt signatures to the protected app it doesnt have any results for sentinal lm.? sometimes it says 1 applied sometimes it says 0 applied. Can this be because of the dll deal ? who knows heh thanks for reading

Nagual

December 21st, 2000, 12:46

I had same problem

The couse of the problem - dll export table.
It contain no Ordinals and Names of functions
How can we rebuild Export section? - i dont know

Nolan Blender

December 21st, 2000, 15:36

I believe that there are libs associated with
the appropriate DLL's supplied with the SDK.

If no one is forthcoming with the full sigs,
I'll generate them when I get some time.

--nb.

CrackZ

December 22nd, 2000, 22:38

Hiya,

I think the answer here is a combination of the 2 previous posts ;-). The IDA problem you mention I've had with several other dll's (including lsapiw32.dll), no idea why since the export table of my lsapiw32.dll was absolutely fine, name and ordinal, how do I know this?, well I'm writing a replacement so had too know ;-). I did however find that by just saying cancel IDA did find all the names anyway ;-). msym and bpx time.

The key with FLIRT is applying a signature file generated from the .lib or at least the compiler interface you think the developer used, 90% of the time it seems to be VC++. If you want the various libs drop me an e-mail.

Regards

CrackZ.

Sab

December 23rd, 2000, 00:55

i thank u kindly for your replies, i did just end up useing the good ole cancel button however i did fix it by useing the lsapwhatever.dll by useing the one supplied in the sdk and not the one my app came with (also different sizes hrm..). Anyways i also got the flirts going thx all ( : (PS i was dieing to read the replies but mirror was down for 12 hours or so) C ya again -Sab