Hi,
I extracted several executables (EXEs and DLLs) from the firmware image of a WinCE6 device.
In addition to that, I also build my own WinCE6 image with VS2005 that is running in the Device Emulator.
Now, what I'm planning to do is copy some of the extracted executable files to my emulator image and run them there.
For instance, it already worked to copy the "zlib.dll" to the emulated image and then load it with some customly written code.
However, this only works for a few DLLs. Most of them just crash.
I believe this is because of the memory mapping.
As you might know, WinCE6 has its own address space for shared libraries.
Typically they are loaded to the 0x40000000 region whereas libraries that are not shared are loaded to the address space of the application itself (i.e. 0x100000000 region).
While the DLLs from my own image mostly map to the 0x100000000 region, most of the extracted DLLs are loaded to the shared memory region which seems to cause problems.
Initially, the extracted zlib.dll did not work in the emulator image either.
However, increasing the RAM size of the emulator image did the trick.
Yet, the emulator supports at most 256MB of RAM. So further increasing the RAM size for DLLs that do not work yet is not an option.
Did anyone else try to run extracted binaries in an emulator environment ?
My ultimate goal is to run these extracted executables inside my emulated environment, so that I can debug and reverse engineer the code.
Is it possible to change the memory mapping of a DLL so that, instead of being loaded to the 0x40000000 shared region, it is loaded to the process space ?
There is a nifty freeware PE editor called CFF Explorer currently version VII.
http://www.ntcore.com/exsuite.php
One of the options under the Rebuilder tab is to change the Image Base of an object and rebuild it.
Make sure you are only doing this to a copy of your DLL. It's a long shot but it may work.
Good Luck.
Hi,
stephj said:
There is a nifty freeware PE editor called CFF Explorer currently version VII.
One of the options under the Rebuilder tab is to change the Image Base of an object and rebuild it.
Click to expand...
Click to collapse
cool, thanks !
I just tried it, but unfortunately the "New Image Base" functionality is greyed out.
I guess it's because the DLL I'm trying to change is not for x86_32/x86_64, but for the ARM platform.
Do you also debug WinCE stuff ?
I'm currently trying to get IDA Pro working with WinCE.
It seems to have debug support through ActiveSync.
The 5x5 and Life programs listed in my signature both have a separate CE version, but they were ported over to CE after I had shaken all the bugs out of the WinMo version in the WinMo Emulator and on the device itself.
The CE versions were only tested on the CE emulator, and given a quick spin round the block to make sure it all works. I do not have a 'real' CE device to test them on.
I have a copy of IDA Pro, but is only the freeware version, not the full blown paid-for versions. I don't know whether the free version has full CE debug support, I'll have to have a try sometime.
Testing in CE-Emulator is not enough at all
stephj said:
The CE versions were only tested on the CE emulator, and given a quick spin round the block to make sure it all works. I do not have a 'real' CE device to test them on.
Click to expand...
Click to collapse
Probably these CE-Emulator tests were not enough at all, because for example your SUDOKU does NOT work properly on my 800x480px sized unit based on CE 6.0 Professional. FileDialogs not populated, etc pp
Do not worry, I mainly are playing flash games, IMHO the better type of gaming applications ...
Only 5x5 and Life have versions specifically built ising the Windows CE SDK.
The others don't, as they were built using the Windows Mobile SDK.
Is it really surprising that it looks crap or doesn't work properly, if you try and run it under the wrong platform?
Likewise, CE versions look crap when run under Windows Mobile.
Related
Could anyone of you who's so lucky to already own an HTC Universal please post if the ROM of this device contains a file called RTCDLL.DLL?
If anywhere, it's probably located in the \Windows folder (or one of its subfolders).
This file is a library that can be used by developers who want to create real-time communication applications. It is part of the Windows CE 5 operating system, but no all Windows Mobile devices include it on their machines.
I would like to make use of this library to write a SIP-based videophone application for the HTC Universal.
Hm...couldn't find it..sorry
I've found that file for you. It's part of the "Windows Real-Time Communications Client API SDK 1.3" wich can be found here: http://www.microsoft.com/downloads/...15-FD1C-4BF7-A505-3F8FAF1E120A&displaylang=en
Hope it helps
Eric
Eric,
That SDK contains the Windows XP version of the DLL.
What I'm trying to find out here is whether the ROM of the HTC Universal contains the Windows Mobile version of the RTCDLL.DLL which can be used to create SIP compatible realtime communication apps for Windows Mobile devices.
I'm sorry it was the wrong one. Have you also looked at the Windows Mobile 5.0 Pocket PC SDK? There is some support for the .dll in Windows CE 4.3. One other source could be www.opennetcf.org
Eric
Hello. I want to scan and modify every IP packet that goes thru PPP (dial-up) (or thru all interfaces if easier). I've done a lot of research and found that maybe the only way to achieve this on lousy wince is to patch the OS itself...I am an x86 programmer and I've done this relatively easily on winxp...
P.S. How can one debug wince os code in ROM with software debuggers?
P.P.S. So far I don't have any solution to my problem so it would be a success to do this even with one device (I have htc universal for tests...)
Today I've finally downloaded the platform builder and so called "Shared" code of wince 6.0...To my surprise I found ARM4 .lib files instead of source code for everything that I needed to look in (ip*.*) . However there is a binmod utility and other stuff for editing rom that you might need. I don't need to modify rom since i can neither debug ROM nor have it's source even from a different version of wince (I need for 5.0). M$ is sh*t as usual.
It is the har work to modify ppp packets on pocket pc (wince).
Yo can try the passthru sample in PB:
\PUBLIC\COMMON\OAK\DRIVERS\NETSAMP\PASSTHRU
and
\WINCE500\PUBLIC\COMMON\OAK\DRIVERS\NETSAMP\ASYNCMAC
i think you have to modify the drivers.
good luck !
We need to update one of our old pocketpc programs to Windows Mobile. It's a pretty simple program, but I'm not a C#/VB programmer.
For a visitor center we give the visitors a PDA with a flash interface. The only thing the wrapper needs to do is:
Play a flash7 file Fullscreen (regardless of resolution on screen)
Disable all hardware keys (but send to flash) and flash right click if possible.
Receive quit & reset command from Flash
Flash Lite is not an option as we use flash communication server for all communication.
This was no problem for PPC2003, but the old program does not work in WM5/6. Since we have simplified our wrapper functionality I thought it would be simple to create a new flash wrapper. I can preinstall the flash7 plugin.
Option 1: I've managed to get a C# file running if I embed IE and let that open a html with a swf, but I still need to block all hardware keys and flash right click. I've tried several things, but nothing works. It also seems like using IE inbetween is a bad solution. Embedding the flash player directly by adding it as a reference like the VB example below.
Option 2: I VB if I add the flash.dll (extracted from cab file) as a reference and run the following code:
Code:
Dim FlashObj As New ShockwaveFlashObjects.ShockwaveFlash
FlashObj.Movie = "main.swf"
I don't get a error, but I also don't get a visible flash file...
Any ideas? I know several people need to play flash files on wm5/6 as Zinc and other commercial wrappers don't support it.
I would pay for a product like this
I want to modify the messaging program but I've not done any WM coding before. I've looked at a number of posts on the forum and taken a look at the wiki but I'm still totally confused about where to start.
My current view is that I need to:
Extract the messaging program from the ROM I'm using
Is this possible? If so, what tools do I need? I found a few utilities that look promising on the wiki but there is no documentation for them so I've got no idea how to use them.
Disassemble the program
Can I do this with Visual Studio? Ideally I would like to step through the execution to find the bits I need to change, can I do that with the extracted program in the WM emulator? Or can I do it directly on my PDA?
Patch the program
I can probably figure this bit out by myself.
Get the patched program onto my PDA
As the program is in ROM, I'm assuming I'll have to re-make the ROM. Or can ROM files be updated/overwritten without rebuilding the ROM?
Each of those steps is assuming the previous one is the correct approach and is actually possible. I'm not looking for hand holding at every step, just some good pointers to relevant information and tools. Thanks.
0. - which programm you want to hack ?
1. What type of PDA you use ?
for example - for hx4700 -
prepare_imgfs.exe dump.dat
viewimgfs.exe imgfs_raw_data.bin
2. IDA - diassemble, or Visual Studio for debugging - if you know how
3. What type of PDA you use ?
for example - for hx4700 - like vivi kitchen.
4. ...
Thanks for your reply.
0. - which programm you want to hack ?
Click to expand...
Click to collapse
The messaging program, is it called Outlook Mobile? Do you know if it is native or managed code? If not, what's the easiest way to tell?
1. What type of PDA you use ?
for example - for hx4700
Click to expand...
Click to collapse
I've got a Kaiser. Currently running "udK 8.0 R0 Vega" ROM (WM6.1). Forgot to mention that in my previous post.
IDA - diassemble, or Visual Studio for debugging - if you know how
Click to expand...
Click to collapse
Does IDA support remote debugging on Windows Mobile? Also, are there any restrictions on what you can debug in VS, ie. do they stop you from debugging things you don't have the source for or are Microsoft applications (eg. Outlook) restricted from debugging in some way?
I'm finding it really hard to get decent information on these kinds of things. If I actually manage to get anywhere with this then I'll write up some kind of guide for the wiki.
Ok, I've used this tool to extract the ROM and get a file called 00_OS.nb. I then got these tools and managed to dump the NB file so that I now have all of the files inside the ROM.
I've been playing about with IDA but when I try and run poutlook.exe in the debugger, it runs but exits straight away (ie. it doesn't create a window on the PDA). I tried copying poutlook.exe onto my device but it doesn't run, I think I need to get it running from the exe before I do anymore IDA stuff. I remember reading somewhere that executables in the ROM image have been manipulated in some way (addresses rewritten or relocated or something), is that what is affecting it? Or do I need to run some additional tool on the extracted exe before it will run standalone?
How do I get an executable extracted from the ROM to run on my device? Or do I have to roll it all up into a ROM for it to work?
My brother got a Samsung M8800 Pixon mobile running on TouchWizz (as I understood running on top of WM 6.1).
The problem is that it can not start .exe files, error message I got is "file not supported".
I have really searched across the forums but could not find anything on that topic, so maybe anyone here can help ?
btw. trying to install iGo, don't want to run.exe file which I can run without problem on my HTC Tytn (WM6.1) ...
the .exe just says it is executable - but not on which platform.
if the .exe was compiled for an desktop pc or notebook with intel/amd cpu it only runs on the x86 plattform.
your mobile phone has the ARM plattform - so the program must be compiled for the arm plattform.
you will get an .exe too, but it will only run on arm and not on yur pc.
all software on your phone was compiled for it's plattform and will not run on you pc. so running an .exe file from your pc on your phone and the other way round will not work.
if yo got the source code from the progam, you can compile it (with an croll compiler an your pc) for you phones plattform.
-gb-
Hi,
tnx fo the response !
This same .exe file is running on my HTC TyTn, which is ARM processor.
I am not sure for Samsung, they say it has Qualcomm MSM6281 processor, which I believe is ARM also.
Aren't Samsung processors anyway ARM based also ?
ok yes it sould be arm ... hm strange.
is there any kind of security layer on your device which prevents you to run unsigned .exes?
i don't have any of these devices but i would try to run other .exe filesfrom one device on the other. just try some copy them to the samsung and run them. if the don't run we still don't know why^^ but if they do - it is perhaps only this one .exe which doesn't run.
-gb-
The Samsung Pixon is not a windows mobile phone, so it can't run .exe files, can't install .cab files and can't navigate with iGO. Otherwise the phone would be a lot more popular then it is today....
Oh ...
that what I was afraid off ...
Are you sure ?
Is it a Symbian then ? Or ?
(I couldn't find that information...)
tnx
it does not run a "OS" ....
well it does, but it is one made by samsung......
you have no chance of installing winmo apps.
only java
which application should I install then (except java), something coded specially for Samsung OS ?
or Symbian apps would work also ?
Do you know what is the base for this OS (is it Symbian, or some linuxoid version...)
any links on some good forums for that kind of aplications ?
tnx !
It has a propietary OS made by samsung the only applications you can install on it and i dont think you will(cause of security) are java based apps, if its a non branded model then your good to go, but if its a carriers model then its most likely that is application lock't , meaning you can only install official apps, and also if its application lock't most java app's wont have permission to access web content, cause you wont be able to give them permission via settings on the java emulator that the phone has, anyways my advice sell the phone and buy a windows mobile device.
Regards
Rafyvitto