Hi all
I have two small question:
1-I'm truing to make signature file for directX libraries.I should make pattern file
first.For finding the type of Lib file,I open it in IDA and it says this Lib type is AR.What is AR type?And how I can make singnature from it?No one of included
pattern generators in FLIRT SDK is not working on it.
2-This is mostly a programming question but I don't know you can answer it or not:
I'm writing an application in .NET that should get a program source code,Compile
and then run it.But I want set privilege for the running process that run for example
in an specific folder(and when that program is 'system("format c:\"' I don't lost
my c: ).
How I can do this?

sincerely yours

Hello,

1) The ar type of library format is in fact an XCOFF format (Extended COFF) wich allows having both 32 and 64 bits versions of an object file (.obj). This means that you ave both in the same file and compile the version you desire (in 32 or 64 bits).

To make a .sig file for IDA you'll need the FLAIR package which comes with IDA. First of all you'll need to produce a pattern file (.pat) of the .lib with pcf.exe, then do a sigmake.exe from the pattern file (which normally produce the .sig). You may need to handle collisions in the produced files.

Everything is explained in the sigmake.txt file in the FLAIR package.

BTW, This is clearly stated in the pattern help file :



2) Just try to do a GetCommandLine or a GetModuleFileName at the beginning of your program to know where your program is currently located. If it's not in the correct directory, just do a proper Exit (ExitProces) or warn the user about that fact. I think this is a simple solution which requires just a few lines of code...

Hope it could help.

Regards, Neitsa.

Hi Neitsa
Thanks for help.But I should say that I have FLIRT SDK and know how to make
pattern for COFF lib files with pcf.exe,But problem is that the pcf.exe is making
an fatal error on directx libraries and say that this is not a COFF file.
I attached one of directx libraries for testing.I don't know what is the problem.

In addition the way that you are suggested can not be used for .NET normally except
using unmanaged code that is not well.

sincerely yours

You're right...

I tried both utility but haven't been able to output a .pat file :



same thing with plb.exe... I don't understand exactly what is the error. I've checked what is at this offset, but I'm not a master in lib format, so i couldn't evaluate what is wrong there...

Sorry, but it seems that none of the tools provided with IDA will work. In a last (and poor) advice, as stated in the sigmake.txt, you'll have to write your own lib parser... (ouch!).

Maybe someone in the forum will be able to help you , I just hope !

Regards, Neitsa.

Hi Hero !
This is an COFF import library for d3dx9d.dll, not a COFF static lib. pcf only works with COFF static lib, and you don't need to make signature for a import library.
Regards,