I don't have access to the shared source for Win CE 4.2 and I need a few #define values from the kernel header files. I am looking for the MID_GetMessageW, MID_PostMessageW, MID_SendMessageW and CreateWindowExW values. These are the indexes of the methods in the APISet function array kernel structures and they have changed implementation between 4.2 and 5.0. I can't seem to find an eval copy of the WinCE platform builder for 4.2 all that's out there is 5.0 and newer. Any help with the MID defines found in the Core OS header files would be much appreciated. It would be even better if someone could post all of the MID defines just in case I need to find another function.
In case your wondering why I need these defines, I'm trying to hook into the GWE message passing API for all processes so that I can intercept window messages and possibly inject my own.
Thanks in advance.
RG
Related
Hello. I want to scan and modify every IP packet that goes thru PPP (dial-up) (or thru all interfaces if easier). I've done a lot of research and found that maybe the only way to achieve this on lousy wince is to patch the OS itself...I am an x86 programmer and I've done this relatively easily on winxp...
P.S. How can one debug wince os code in ROM with software debuggers?
P.P.S. So far I don't have any solution to my problem so it would be a success to do this even with one device (I have htc universal for tests...)
Today I've finally downloaded the platform builder and so called "Shared" code of wince 6.0...To my surprise I found ARM4 .lib files instead of source code for everything that I needed to look in (ip*.*) . However there is a binmod utility and other stuff for editing rom that you might need. I don't need to modify rom since i can neither debug ROM nor have it's source even from a different version of wince (I need for 5.0). M$ is sh*t as usual.
It is the har work to modify ppp packets on pocket pc (wince).
Yo can try the passthru sample in PB:
\PUBLIC\COMMON\OAK\DRIVERS\NETSAMP\PASSTHRU
and
\WINCE500\PUBLIC\COMMON\OAK\DRIVERS\NETSAMP\ASYNCMAC
i think you have to modify the drivers.
good luck !
Hi,
I've been porting a large number of linux based programs to the Gizmondo (CE 4.2 device).
One of the main issues is the broken c-runtime of CE, specifically the lack of current dir support (not to mention no posix layer ). At any rate I wanted to be able to hook fopen etc. to call my own functions which would handle current dir.
To do this I thought I'd make some nice and easy IAT hooking code, that was until I discovered how complex this was on CE (relative to Win32 that is).
After much head scratching and looking at the stellar work of those such as mamaich, itsme etc. I finally managed to get it right.
I hope this is useful to someone (I searched this board, but couldn't find any code, though I do remember someone asking how to do it) and have attached a zip file with the hooking code. In order to use this you will need to provide your own undoc.h with the relevant kernel struct and function definitions for your wince flavour.
Once again, I stand on the shoulders of giants, without whom this would not have been possible
Enjoy
-(e)
Beatiful~
You are genius~
Thank you.
Wow~
You are so beautiful~ ^_____^
Thank you.
I just wanted to start asking questions here... sweetlilmre, THANK YOU VERY MUCH!!!
excellent job~
thank you
Does anybody have undoc.h created for windows mobile 6 (wince 5.x)? If not, where should I look for the undocumented type info?
Hi~ JKingDev
I have ever created undoc.h with referencing "private" directroty.
"private" directory is installed with Platform builder. ( I used Platform Builder 5.0 )
If PB is installed, then C:\WINCE500\PUBLIC and C:\WINCE500\PRIVATE is created.
( I don't know Window Mobile 6.0 environment. )
p.s :
If you can translate KOREAN, then visit http://www.digipine.com/programming/1310.
This site has attached file "WinCE_ARM_Hook.zip". ( bottom side )
It is not my post, maybe it is posted by "jung cheulwon".
Hi all,
first of all, thank you sweetlilmre for posting this.
Your solution works perfectly fine for platforms based on Win CE 5, e.g. Win Mobile 6.1 and Win Mobile 6.5.3.
However it does unfortunately not work on Win CE 6 and Win CE 7.
I assume that this is due to changes in the memory architecture of Win CE 6 and higher.
Does anyone have a clue on how to port the "Deep IAT Hooking" solution on Win CE 6 and Win CE 7?
Some techical details on what i have tried so far...
Code:
[INDENT]
PROC WINAPI DeepHookImportedFunction(
LPCWSTR pwszModuleToHook, // Module to intercept calls to
LPCWSTR pwszFunctionToHook, // Function to intercept calls to
PROC pfnNewProc, // New function (replaces old function)
LPWSTR* ppwszExcludeList // List of module names to exclude from the hook
) {
PROC pfnOriginalProc;
PIMAGE_IMPORT_DESCRIPTOR pImportDesc;
PIMAGE_THUNK_DATA pThunk;
PPROCESS pProcess;
struct info inf;
PMODULE pmods;
LPVOID baseptr;
BOOL bHooked = FALSE;
SetKMode(TRUE);
// Get current process struct from KData
pProcess = KData.pCurPrc;
// Get process import descriptor
[B][COLOR="Red"]inf = pProcess->e32.e32_unit[IMP];[/COLOR][/B]
[/INDENT]
The program crashes (at the red marked spot) when i try to access the member
Code:
pProcess->e32
.
This is because the structure
Code:
pProcess
is filled up by the value zero only.
This happens quite early in the implementation, therefore i didn't proceed very far. I still hope that somebody can help me out with this case.
Kind regards
Hi There,
We are working on an application that runs on both the PC and android that opens encrypted data. Our problem is, even when we are using the exact same code, the key generated under Android is different from the key generated under Linux PC. When we encrypt a file under android, we are able to decrypt it under android and the same for linux. However, if we try to decrypt a linux file under android, it doesnt work, and vice versa.
We have noticed that the provider for SecureRandom for android is Crypto, whereas for linux, it says SUN. I am wondering if this is the main cause? Here is a sample of our code with debug prints:-
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
SecureRandom secRandom = SecureRandom.getInstance("SHA1PRNG");
// This is where the provider between linux and android differs
System.err.println(secRandom.getProvider().getName());
And later down the code, after we generate we call generateKey and getEncoded, the hex values of the final key are different between android and linux.
Are there any suggestions on how we can get the final keys for both platforms to work?
Thanks in advance.
Hi All,
I am using VS2008 to write C# codes for a Windows Mobile 6.5 device. I know that Trace.WriteLine could be used to trace a program for a non Windows Mobile project However, when I try to use Trace.WriteLine in a Windows Mobile 6 project, I receive the following compilation error :
CS0117: 'System.Diagnostics.Trace' does not contain a definition for 'WriteLine'
I find that if I use Debug.WriteLine, then the mobile project compiles OK. But due to some technical issues I have to stick to the "release" build in this mean time. Does anyone know of other ways to trace a C# program in a windows mobile project, i.e. write debug messages to the VS2008 output window.
Thanks for any suggestion.
Regards
Lawrence
How to trace C# code in Windows Mobile 6.5
Hi All,
In fact, I have a downloaded opensource VS2008 solution with a C++ DLL project and a C# Application Form project. The C# project calls the DLL created in the C++ project. Both the two projects have a "release" config but the C++ DLL project doesn't have a usable "debug" config. The original opensource solution could be compiled and run OK if both of the two projects are in "release" mode.
However, I want to turn the two projects into "debug" mode and add debug/trace statements (Debug.WriteLine, Trace.WriteLine) in the two projects. For the C# project it is trivial but for the C++ project I find no way to do this. If I turn the C# project in "debug" mode while keeping the C++ project in "release" mode, the solution rebuilds OK but when I deploy the projects into my Windows Mobile 6.5 device, an exception occurs complaining that the "debug" mode DLL (i.e. the DLL with an extra "D" in its name) could not be found.
Does anyone know of an easy way that I could create a "debug" config from the existing "release" config for the C++ project so that I could turn the whole solution into "debug" mode, or could I re-config the "debug" mode C# project so that it could use the "release" mode DLL created in the "release" mode C++ project ?
I am sorry if I have asked a too naive or too hard question as I am mainly using Java and am new to the VS2008 C++/C# environment.
Thanks for any suggestion and any pointer/link would be appreciated.
Regards
Lawrence
Hi,
I extracted several executables (EXEs and DLLs) from the firmware image of a WinCE6 device.
In addition to that, I also build my own WinCE6 image with VS2005 that is running in the Device Emulator.
Now, what I'm planning to do is copy some of the extracted executable files to my emulator image and run them there.
For instance, it already worked to copy the "zlib.dll" to the emulated image and then load it with some customly written code.
However, this only works for a few DLLs. Most of them just crash.
I believe this is because of the memory mapping.
As you might know, WinCE6 has its own address space for shared libraries.
Typically they are loaded to the 0x40000000 region whereas libraries that are not shared are loaded to the address space of the application itself (i.e. 0x100000000 region).
While the DLLs from my own image mostly map to the 0x100000000 region, most of the extracted DLLs are loaded to the shared memory region which seems to cause problems.
Initially, the extracted zlib.dll did not work in the emulator image either.
However, increasing the RAM size of the emulator image did the trick.
Yet, the emulator supports at most 256MB of RAM. So further increasing the RAM size for DLLs that do not work yet is not an option.
Did anyone else try to run extracted binaries in an emulator environment ?
My ultimate goal is to run these extracted executables inside my emulated environment, so that I can debug and reverse engineer the code.
Is it possible to change the memory mapping of a DLL so that, instead of being loaded to the 0x40000000 shared region, it is loaded to the process space ?
There is a nifty freeware PE editor called CFF Explorer currently version VII.
http://www.ntcore.com/exsuite.php
One of the options under the Rebuilder tab is to change the Image Base of an object and rebuild it.
Make sure you are only doing this to a copy of your DLL. It's a long shot but it may work.
Good Luck.
Hi,
stephj said:
There is a nifty freeware PE editor called CFF Explorer currently version VII.
One of the options under the Rebuilder tab is to change the Image Base of an object and rebuild it.
Click to expand...
Click to collapse
cool, thanks !
I just tried it, but unfortunately the "New Image Base" functionality is greyed out.
I guess it's because the DLL I'm trying to change is not for x86_32/x86_64, but for the ARM platform.
Do you also debug WinCE stuff ?
I'm currently trying to get IDA Pro working with WinCE.
It seems to have debug support through ActiveSync.
The 5x5 and Life programs listed in my signature both have a separate CE version, but they were ported over to CE after I had shaken all the bugs out of the WinMo version in the WinMo Emulator and on the device itself.
The CE versions were only tested on the CE emulator, and given a quick spin round the block to make sure it all works. I do not have a 'real' CE device to test them on.
I have a copy of IDA Pro, but is only the freeware version, not the full blown paid-for versions. I don't know whether the free version has full CE debug support, I'll have to have a try sometime.
Testing in CE-Emulator is not enough at all
stephj said:
The CE versions were only tested on the CE emulator, and given a quick spin round the block to make sure it all works. I do not have a 'real' CE device to test them on.
Click to expand...
Click to collapse
Probably these CE-Emulator tests were not enough at all, because for example your SUDOKU does NOT work properly on my 800x480px sized unit based on CE 6.0 Professional. FileDialogs not populated, etc pp
Do not worry, I mainly are playing flash games, IMHO the better type of gaming applications ...
Only 5x5 and Life have versions specifically built ising the Windows CE SDK.
The others don't, as they were built using the Windows Mobile SDK.
Is it really surprising that it looks crap or doesn't work properly, if you try and run it under the wrong platform?
Likewise, CE versions look crap when run under Windows Mobile.