Database Users

Hook winsock API calls in WM5

My goal is to get the TCP data from a TCP application on the pocket pc
like data from internet explorer or active sync. I want to write a proxy
that forwards all TCP data to the application server (Web server,...).
So I have tried to replace the ws2.dll with a wrapper dll that forwards all
winsock API calls to the original ws2.dll. But when I replace the ws2.dll file
with my own and make a softreset the device hangs in boot screen and
I must do a hardreset. Could not get this to work on WM5 but it works great
on WM2003 devices.
So I have tried another thing. Have heard about API hooking and want to
try this with winsock API functions (connect, WSAConnect, send, recv,...).
After several days of investigation in some forums I have found many
informations about API hooking and API sets win WM5. But when I look
deeper there is no server process for winsock API calls. So I cannot
change the method adresses.
Another idea was to hook LoadLibrary() API function and when ws2.dll is
loaded from an application I will load my own dll and forward all calls to
the original ws2.dll. But LoadLibrary() has also no server process.
Has anybody another idea how to do this?
Thanks for any information on this.
Houser

Hi Houser!
I think the reason your original method failed on WM5 is because all system DLLs must be signed or the system will not load them.
There are several threads on this forum (sorry, can't remember precise link right now) that explain how to create\use certificates, and sign files, so just search for that.
Good luck.

Thanks levenum for your reply.
I also have thought about signing the dll but I have disabled certificate
check on the WM5 device with the Cert_SPCS.CAB file and now
my system loads every dll without asking the user.
I have written some test applications that explicite load my ws2.dll with
a different name (ws2xx.dll) and then in my ws2xx.dll I load
the org ws2.dll from \windows dir and all worked fine. I can use
any winsock function and can make TCP connects and so on.
So I think signing is not the problem, only when I do not use
the Cert_SPCS.CAB file to disable it?
Or are system file always checked at boot phase?
That would then explain the problem maybe.
Regards
Houser

I am pretty sure system files are treated separately. I once used a device with no cert ROM, which ran all programs and loaded DLLs without asking for certificate, but refused to do so for system files (MUIs).
I think you should give certificates a chance before moving on to more complicated solutions.

So I should try to sign my wrapper dll with a certificate.
So I will try to sign with the Visual Studio 2005 developer
certificate. And then I must install this certificate on my device
so that the system trusted the dll file with this certificate?
Houser

Another thing: What do you mean with MUIs?

That's correct.
There are provisioning CABs in the 2005 SDK. You just run them on your device and they insert all the test certificates.
SDK also shows how to provision devices through RAPI, but most WM5 ROMs block that option.
Also you should use the 'privileged' execution certificate to make sure you have maximum access to the system.
MUIs are duplicate system DLLs that contain resources for other languages. For example: coredll.dll.0409.mui will contain English resources for coredll.dll (409 is hex for English code page). They are used to switch interface languages both on PC windows and mobile. (Metalanguage User Interface).
P.S.
If you want, there are XML templates for provisioning CABs in the SDK, and makecert.exe that let you create your own certificate and put it on the device.

Another thing: What do you mean with MUIs?

So I have tried this:
1) Installed the SdkCerts.cab certificates on the device (copied the file on
the ppc and tap in explorer on it) A success message was displayed from
the setup process.
2) In VS2005 I have set in the project settings the cert signing to "Sample
Privileged Root for windows mobile SDK" certificate and rebuild my dll.
In the dll file properties I can see the certificate.
3) Have copied my ws2.dll file to \windows and replaced the org ws2.dll file
there, my dll loads a copy of the org ws2.dll (ws2copy.dll) that is also
in the \windows dir
4) Then the big moment: Soft reset and..... hanging again in boot screen
The installed certificates did not appear in the pocket pc certificate manager.
Do you know if they should appear there or not?
Maybe the SDK certificates are not imported correctly?
Thanks for you help!
Houser

I'm sorry my solution didn't help.
The test certificates do not show in the list (don't know why).
The way I see it there are two possibilities:
1. I was wrong about the certificates. (Though I think you may still need them)
2. There might be a problem with the copy DLL you try to load (ws2copy.dll). Is it from a good dump? Have you tried loading it from a test app? Is it signed? I think it needs to be signed to.
Sorry I can't give you advice on an alternate way. Insufficient knowledge...

It is very frustrating, I do not knwo how many
hard resets I have made in the last few weeks. :?
I have written a test app that loads my winsock dll file and
then my dll loads the copy ws2.dll file. The copy ws2.dll file
is from a platform builder 5.0 build.
These tests with my test app all worked fine, I can make TCP connects
and do all the winsock stuff like I load the org ws2.dll file directly.
I have even disabled certificate check on the device and tested
with unsigned dll and it works too.
The copy dll from PB 5.0 is not signed. may be this could
be a problem when my dll is loaded in boot time.
Do you know a way to sign the copy PB dll with the SDK certificate?
Thanks man!
Houser

Signing files (DLL, EXE, CAB) is very easy. In the SDK, there is a file called signcode.exe. It will give you a step by step wizard to sign the file. The only additional thing you will need is the certificate files themselves which should also be in the SDK.

Got it to work with signing the copy dll file and
now after soft reset my device does NOT hang. :lol:
Many thanks for your support levenum!
That is very good but now I have figured out that
I cannot make a localhost connect on a local tcp port
on the device. That has something to do with WM5
because it was working under Wm2003. Strange..very
strange.
Houser

itsutils.dll

Hello,
Have anobody a signed itsutils.dll? or a programm that load this fu**ing .dll without a user prompt (Yes/No) on a Windows Mobile 5 Device.... I need this for a Software deployment.
Greetz

acme said:
Hello,
Have anobody a signed itsutils.dll? or a programm that load this fu**ing .dll without a user prompt (Yes/No) on a Windows Mobile 5 Device.... I need this for a Software deployment.
Greetz
Click to expand...
Click to collapse
Here is the solution:
Extract everything in a directory on your pc.
From the Command Prompt, go in the directory where you extracted the files and type: sign.bat [path of the dll or exe to be signed]
ex.:
c:\signcode>sign.bat c:\itsutils.dll
Cheers,
.Fred

Hello, It doesnt work
C:\...Downloads\SignCode>sign itsutils.dll
Warning: This file is signed, but not timestamped.
Succeeded
After this step i copy the modified .dll to \Windows (PDA) on my device. No i start the psynctime.exe on WinXP and my Device starts a user prompt for ItsUtils.dll (YES/NO). Thats the Problem

The 'not time stamped' is normal, but what you are trying to do won't work.
Here's the thing: The certificate in the attached cab is the test certificate from WM5 SDK. In order for device to recognize it you need to first provision the device (import the certificate). I can attach the cab that does it, but it isn't signed as well, so it will still ask for yes / no.
If you are looking to by pass certificates on a distribution version of your software you are out of luck.
For apps and cabs not to ask yes / no they have to be signed by an official Verisign certificate (costs money) or the device has to be set to no cert.
The second option is even more problematic for the average user, since it requires installing a reg editor on the device and changing some reg settings.

Ok, do you know an other way to stop this user prompt? Install method with automatic /yes or something like that.

Why don't you use the certified CAB that changes the registry values to allow Unsigined apps to be installed?
Check this post: http://forum.xda-developers.com/showthread.php?t=252356

dotfred said:
Here is the solution:
Extract everything in a directory on your pc.
From the Command Prompt, go in the directory where you extracted the files and type: sign.bat [path of the dll or exe to be signed]
ex.:
c:\signcode>sign.bat c:\itsutils.dll
Cheers,
.Fred
Click to expand...
Click to collapse
Hi!
If i want to sign my edited MUI file how can i do that?
Can you five me a syntax and what else need to be inside the folder?
ToddeSwe

Edit .mui file's....

I whant to change something in that mui file but when i open it with resourche editor i see something like (\0x00) or (000)
after some words..
When i edit this words i can't put buck those 000
Example :
22372, "1\0x00"
22373, "2abc\0x00"
22374, "3def\0x00"
22375, "4ghi\0x00"
Also i have Microsoft Visual Studio 2005 & Pocket PC SDK.
In Microsoft Visual Studio 2005 doesn't show those 000, but if i edit with Microsoft Visual Studio 2005 when i go to sign the file give's me error.
Error: Signing Failed. Result = 80070057, (-2147024809)
Click to expand...
Click to collapse
Please any one to know something about that tell me...
Thank's for your time.

Never ever ever use VS to edit resources! It screws up dialog templates and makes MUIs unusable.
The only good way to edit an MUI is Platform Builder. You can download a free evaluation version that will run for 180 days, but even with most options striped on installation it is still around 1GB.
Hope you have a good internet connection.

what version of Platform builder i need to edit mui files from WM 2003 ?
i see difrent version like: 5, 4.2 and other
but i dont know what chose

levenum said:
Never ever ever use VS to edit resources! It screws up dialog templates and makes MUIs unusable.
The only good way to edit an MUI is Platform Builder. You can download a free evaluation version that will run for 180 days, but even with most options striped on installation it is still around 1GB.
Hope you have a good internet connection.
Click to expand...
Click to collapse
Thank's Levenum ...
I sucesfull download the Windows Embedded CE 6.0 Evaluation Edition but it is say This download is a plug-in for Visual Studio 2005 ...
So what i 'm doing??
I nead the Windows Embedded CE 5.0 ??
I also download the 5 version but at the end give one error and say something like:
the download file have been interuptut before the installation finish...
So what can i do and what for those two version i have to download and if you know how can resolve the error problem on version 5??
Sorry for
&
Many many thank's Levenum

Ok i download and install the platform builder 5.0 but when i load the mui file after do my change's and go to save it he say me:
''Cannot save the file.
Cannot load a resource from the executable.''
So what i'm doing wrong??
Thank's adn sorry again....

I explained this in a PM, but just in case others are interested:
Possible causes are:
1) MUI was signed when you edited it.
2) MUI was extracted using WM5test tool by mamiac. (This tool is excellent for dumping ROMs for viewing but files can not be used on the device)
3) PB sometimes does that for no apparent reason (at least to me)
Get another DLL one that is not signed or dumped from device, delete any resources it has and put the resources from the MUI in it. Then save and rename.

levenum said:
I explained this in a PM, but just in case others are interested:
Possible causes are:
1) MUI was signed when you edited it.
2) MUI was extracted using WM5test tool by mamiac. (This tool is excellent for dumping ROMs for viewing but files can not be used on the device)
3) PB sometimes does that for no apparent reason (at least to me)
Get another DLL one that is not signed or dumped from device, delete any resources it has and put the resources from the MUI in it. Then save and rename.
Click to expand...
Click to collapse
Thank's for your help again Levenum but doesn't work.
I try tu build one new .dll but when i put one string (for test) after i try to save but give's me the same error.
''Cannot save the file.
Cannot load a resource from the executable.''
What else can i do ???
Please help me..
I try weeks now to edit five lines
Thank's and sorry...

Sorry, but now I am stomped. I never had PB fail to save a single string to a new 'clean' DLL.
Any chance there is some kind of access problem to the actual location where the file resides? Could it be 'read only' or under restricted permission?
This is really strange...

VipMSCRexe is a utility to run MortScript without Assigning .mscr to MortScript.exe

VipMSCRexe is a utility to run MortScript without Assigning .mscr extension to MortScriptexe.
How to Use it
Rename exe to your scriptname.exe e.g if your script name is sashimi.mscr then rename this VipMSCRexe.exe to sashimi.exe
This utility will first find MortScript.exe in Current directory and Sub directory under it
if not found then look in \Program Files and sub directory
if still not found then look in \Storage Card\Program Files
if still not found then look in root directory.
Once MortScript.exe found then find <exename>.mscr in same above fashion.
Once script found then execute command like MortScript.exe scriptname.mscr parameter1 parameter2 etc.
Advantages of this Utility
you can have only one installation of MortScript and may be all your script in one another folder.
Now if you want to call any of script copy this exe and rename to your scriptname.exe
Basically if you have script name sashimi.mscr then copy this exe and rename to sashimi.exe and put it in any folder
Root or storage card any where and run exe will execute your script you do not give any path or tell where it located etc.
To me MortScript.exe only support one parameter where as this Utility support multiple parameter
Version 1.0
Initial version
Version 2.0
Make changes so that Arguments are passed properly
Performance Improvement using config file
Version 3.0
Performance and Special Chars Handling in Mortscript's Path
Version 5.0
Performance improvement Using registry values
Version 6.0
Fixed Langeuge issue
Fixed Error Handling Routine

Very interesting. I have several uses for this right away so I'll download it and test. Many thanks for sharing!

Just want to note that although this is a fine tool (I'm using it for SASHIMI), if you DON'T need to pass parameters to your program you would be better off to use a renamed Autorun.exe file from the MortScript download.
The only reason I say this is becuase of the delay that VipMSCRexe has when locating/opening the script.
But, if you need to pass parameters to your script, this is the tool!

Don't work in my PC "System.ArgumentException: URI formats are not supported"
In smartphone with WM6.1 is the same error

hurtavy said:
Don't work in my PC "System.ArgumentException: URI formats are not supported"
In smartphone with WM6.1 is the same error
Click to expand...
Click to collapse
Don't work in my PC "System.ArgumentException: URI formats are not supported"
Only Supported for Pocket PC's not for desktops
In smartphone with WM6.1 is the same error
SmartPhone and WM6.1 I am not sure you have smartphone or Wm6.1
Can you please let me know which phone you have?

I have Motorola MPx200 with WM6.1 Standart Russian.
Error message is in russian language. Translate:
System.ArgumentException: It is not possible to show the error message, since it is impossible to find its containing additional assembling of resources in System.IOath:InternalCombine()...

Do you have .netCf 3.0 installed?
hurtavy said:
I have Motorola MPx200 with WM6.1 Standart Russian.
Error message is in russian language. Translate:
System.ArgumentException: It is not possible to show the error message, since it is impossible to find its containing additional assembling of resources in System.IOath:InternalCombine()...
Click to expand...
Click to collapse
Do you have .netCf 3.0 installed?

v3patel said:
Do you have .netCf 3.0 installed?
Click to expand...
Click to collapse
No. Only .NETcf 2.0

I do not have smartphone to test but can you try changing your languegue to english and then try. I just want to see is it languege problem or somthing else.

Posted Version 6.0
Posted Version 6.0

v3patel said:
Posted Version 6.0
Click to expand...
Click to collapse
You Can make it run in Win-CE ?

Great App.
But I have a same problem, it delayed 3-4 second before running a script.
Hope that you can fix it!
Thank u.

blue1311218 said:
Great App.
But I have a same problem, it delayed 3-4 second before running a script.
Hope that you can fix it!
Thank u.
Click to expand...
Click to collapse
Me too, I know that you may have heavy code inside to do like path checking & etc., may be another version with just execute the .mscr in same folder as MortScript.exe & <VipMSCRexe>.exe ?
Many thanks for this great app.,

Thanks, that the thing I need~~~

Hope you can me help
Hello,
i have program in the startup of my WinCE 5 Falk GPS. After the Hard Reset, has a Error. And the text:
Script \Temp\0084Script.mscr not found, waiting for existence (Storage Card not Initializied?)... After 3 sec. my falk stops.
Sry for bad english, im german.....

[DEV-UTIL][19.03.2009]DriverWiz - Make signed CABs from driver DLLs that work

Intro
Lately I've seen a lot of posts by people who are trying to replace WM internal or driver DLLs, either for hacking/testing or to release. Aside from the possibility they are just doing something that won't work in the first place, I've seen failure a lot of times because files aren't properly signed, or if they are, the certificate in question not being in the right certificate stores for it to have any effect. On some ROMs it will still work due to patched NK.EXE, on others it won't, its just not very reliable.
So, I present you with the correct way of doing this by means of a small tool that will do this for you: DriverWiz. It will take care of most of the stuff, and leave you room for additions. You will however still need some basic knowledge of the command line, if you don't have that, you have no business doing anything like this anyways.
Background
I use this technique myself all the time. When just hacking away, replacing system DLLs to trace calls, etc. It's also the same method used for the HTC-CA drivers and the ICS installer. This method works on most stock ROMs as well, though not on all of them (in rare cases some security policies are set that will prevent CAB installation)
Usage
It's fairly simple to use. Just extract the attached zip file somewhere, open the command promt, and change directory to where the zip was extracted. That's the installation part.
Now when you actually want to build a CAB file from a DLL, you use the DriverWiz.bat file.
DriverWiz v1.0 by Chainfire
Usage:
DriverWiz.bat "Description" "CAB-name" "DLL-name-1" ["DLL-name-2" ...]
Examples:
DriverWiz.bat "New DDI" "ddi.cab" "ddi.dll"
DriverWiz.bat "Two DDIs" "ddi.cab" "ddi.dll" "ddiaux.dll"
Click to expand...
Click to collapse
DriverWiz will take care of signing the DLLs, inserting the certificate, etc, and you will end up with a proper CAB file for this kind of thing. Just copy it to your device and run it to install.
#1. You need to put the DLL files in the same folder as DriverWiz. Do NOT include paths in your DLL names
#2. Include the quotes in the command like in the examples!
#3. The first time you install a CAB made by DriverWiz, your phone may still give you a certificate warning. This is normal, don't worry about it.
Caveats
While this method has never failed me yet, it is possible that some files cannot be replaced this way. Just a disclaimer
Modifying
DriverWiz bases the inf file it will create to build a CAB from on DriverWiz.tpl. If you need to add registry entries to your CAB file, modify DriverWiz.tpl before you run the batch file. You can make other modifications too, add files, etc. Just take care that you don't break it
You can use your own certificates as well, instead of the supplied "Dummy" certificate that comes with DriverWiz. The files you will want to modify/replace are DriverWiz.pfx (used for signing) and DriverWiz.xml (used for injecting the certificate). I'll see about finding a reference for how to do that online and posting the URL here (someday). Creating a new certificate from scratch can be a frustrating effort - make sure you got openssl handy
Changelog
19.03.2009 - 1.1 - Added some file exists checks and attribute changes
Download

Temporary PlaceHolder for more Info.

Whoo this is hot from the plate, looks very promising!
Driver testing withoud cooking! joohie

Well if you replace the wrong files you're still going to need to hard-reset to boot. I advise KITL before you do

Works flawless. You tha man.

Didn't work for me trying to cab up No2Chems Fast Charge battery divers.

ruskiyab said:
Didn't work for me trying to cab up No2Chems Fast Charge battery divers.
Click to expand...
Click to collapse
What exactly happened? Attach the files and such

It made the cab and all, but when I went to install it, the unsigned error message popped up just like when I tried it with WinCE cab manager.

That is perfectly normal behavior. The first time you install a CAB with this certificate it will not know the certificate. However, once you install it, the certificate will be injected in the right place, and the files signed with the certificate (the driver files in the CAB) will be allowed to be run.
It won't happen the second time you try it

So if I try to install it again, it'll work fine? is there aa soft reset required in between? I can replace these drivers manually by renaming the old ones and copying them over, the whole reason I want a cab in the first place is to facilitate the UC process when I flash a different rom

ruskiyab said:
So if I try to install it again, it'll work fine? is there aa soft reset required in between? I can replace these drivers manually by renaming the old ones and copying them over, the whole reason I want a cab in the first place is to facilitate the UC process when I flash a different rom
Click to expand...
Click to collapse
Actually it should just work the first time. Just click OK when the certificate error appears.

Nice nice nice work!

error message
I got error messages when creating a cab from a rilphone.dll. Does it mean anything, or are these errors okay? I guess I'm specifically wondering about the SignTool error. If its okay, then my cab should be good.
EDIT: I think I found the problem. I didn't have UAC disabled in Windows 7. I tried it again, after disabling it, and it works fine now. Thanks for the easy to use tool!

syntax for registry entries?
I was experimenting with creating a cab for the Rogers folks who need a specific rilphone for their Caller ID to work. There are some registry entries associated with this feature, so I was wondering what the correct syntax is for putting the registry entries into the .tpl file. I've tried a few different ways, and I've either a gotten a 'Registry section is empty' message, or a 'Registry has an unsupported registry root key' error. I'm sure its something really simple I'm missing, so any help you can offer is appreciated.
It just seems that since we now have this easy method to sign these dlls, so that they can be used in any ROM, that the Rogers people shouldn't have to jump through so many hoops to get it to work.
EDIT: Nevermind. I'm an idiot that didn't do a little bit of research. All is well now.

Excellent stuff, Microsoft may rant about this way of distributing signtool and cabwiz though.
Chainfire said:
You can use your own certificates as well, instead of the supplied "Dummy" certificate that comes with DriverWiz. The files you will want to modify/replace are DriverWiz.pfx (used for signing) and DriverWiz.xml (used for injecting the certificate). I'll see about finding a reference for how to do that online and posting the URL here (someday). Creating a new certificate from scratch can be a frustrating effort - make sure you got openssl handy
Click to expand...
Click to collapse
Here's an intro to cert stores for WM:
http://msdn.microsoft.com/en-us/library/aa458010.aspx
pfx generation is a 2-liner with openssl:
# Generate a CA certificate
openssl req -new -nodes -x509 -days 9999 -newkey rsa:1024 -md5 -keyout cert.key -out cert.cer -subj "/CN=DriverWiz"
# Convert to pkcs12/PFX format
openssl pkcs12 -export -in cert.cer -out cert.pfx -inkey cert.key

got error messages under vista sp2, any ideas?

I also get an error saying that the latest version of CAPICOM.dll is missing. The ones I can find for download from the internet are version 2.0.0, and the tool requires 2.1.0.1 or later.
Does anyone have the needed version of the dll?
EDIT: Found it, 2.1.0.2 version of the dll is in the attachment.

Time Saver !
Many thanks; DriverWiz /w the CAPICOM.DLL saved me about an hour of troubleshooting.
Cheers,

Thanks for the capicom.dll Even after disabling UAC in W7Rc1 it wouldn't go, so great to have it posted to.
Chainfire, which format should the Reg's be added?
I tried the default .reg formating just under:
[Registry]
[HKEY_CURRENT_USER\ControlPanel\Profiles]
@=""
"ActiveProfile"="Normal"
?
Scrap that i found the .inf format
[AddRegistry]
HKCU,"New Key","",0x00010001,1
Many thanks for this, i'll try to Point Driver replacing Sinners from now on to here.

Well INF files are a regular female dog.
If you rather use WinCE CAB Manager, the trick is easily done as well. I do not have it handy right here (I'm not at dev box), but it goes like this.
Put the DLL's and EXE's that need to go in the CAB into the same folder as DriverWiz
Execute the following command from the command prompt in the DriverWiz folder: signtool sign /f DriverWiz.pfx *.exe *.dll
Open your WCM/CAB with CM
Somewhere is an option for "Pre XML" (main screen IIRC).. click to add/edit, and load the DriverWiz.xml file
Save
signtool sign /f DriverWiz.pfx *.cab
Et voila. I should really make an update to DriverWiz to include CAPICOM and write a proper guide on how to do all this manually (including making your own certificates and such). It's easy if you know how
If you could insert another empty post for me at the top, that'd be great.