Can't access system dlls - Windows Mobile Development and Hacking General

Hi,
First of all sorry for double posting.
I'd already posted in the universal forum, but then I figured this also concerns other modules
So here goes:
I'm trying to disassemble the Camera app with IDA, it wants to see some DLLs like note_prj.dll and mfcce300.dll, but when I try to copy them from my Universal I get an access denied error :/
Is there any other way to get these files ?
Thanks,
TB

TheBlasphemer said:
Hi,
First of all sorry for double posting.
I'd already posted in the universal forum, but then I figured this also concerns other modules
So here goes:
I'm trying to disassemble the Camera app with IDA, it wants to see some DLLs like note_prj.dll and mfcce300.dll, but when I try to copy them from my Universal I get an access denied error :/
Is there any other way to get these files ?
Thanks,
TB
Click to expand...
Click to collapse
They are XIP and that is why you cannot copy them - they are not normal files. There are several ways to dump such modules.
1. Use my TestWM5 tool (search forum). It would produce incorrectly dumped files with garbage at data sections, at the end of file and all sections merged to one, but IDA can understand such modules
2. Use rdmsflsh.pl by itsme. It would produce better files, but as far as I remember it is incompatible with universal ROM
3. Use my viewimgfs tool, but in this case you have to manually reconstruct a DLL from individually dumped sections.

Related

n00b question about adding my own programs

Okay I understand you have to use mkrom and Linux (or cygwin on Windows) to roll your own ROM my question is regarding how one could say remove one program from the SE ROM and include something else, for instance take off the byte counter and put another different counter on or such, would you just copy the necessary files (.exe and dll's) to the files1 or files2 folder and that's it ? What more is involved? Thanks in advance!
for simple programs, that is all there is to it.
some might need more research, as to which registry settings need to be tweaked to get te program to run from the windows directory. and what settings it needs to run at all.
You copy the files to either files1 or files2. Both sets of files end up in the \Windows subdir. So if you do not want to copy the files to RAM (see below), you should make sure the program is set to run from \Windows. Then you add any necessary registry keys to "default.reg", and any file-copy or directory creation commands to initobj.txt. Then run "mkrom <ROMfile>" and hey-presto.
Thanks so much for all your guys awesome work!!
entropy1980 said:
ok sounds good, what would one need to do to mod the registry for the programs (By that I mean prior to booting) I don't want to be mucking around with a reg editor after the device boots just to get the progs to work...
Click to expand...
Click to collapse
Not sure I understand the question. Default.reg just holds the entire registry as present after a cold restart. So if you put something in there, this will be in the registry when the device wakes up.
I think we wrote at the same time , so you answered my question before I posted it !!! What you said made complete sense! Thanks!
entropy1980 said:
[...]so you answered my question before I posted it !!! [...]
Click to expand...
Click to collapse
I installed the phpBB telepathy mod a couple of days ago, so I guess it's working.
Hey I knew you were going to say that.... :lol: :lol:
hi,
i want to add the skelmir java virtual machine (thats default installed in windows\ceej) and copy the swingall.jar in the windows\ceej map.
I have the cab file of the virtual machine but i can't find out which files are in it (when i open it with cabextract is shows .001 files and not the files that i find back in the device)
please help me
Using Special Edition ROM, Tthe CabInst tool will run CAB files on the device if you move it there manually and double-tap it. It allows to set a new directory to install in.
Also the System Snapshot tool will write a file in the root of the device which holds a list of the entire filesystem and registry contents, so you can compare and see what changed. UltraEdit for the desktop has a compare function.
Good luck...
hi,
i installed it to a seperate directory and zipped the files. i also took a snapshot when the xda was fresh and after install. i only can't find where the xda's gets is files from in:
43 <! [\Windows\AppMgr]
8544 <! 31/12/2002 12:31 1632 FC0E9EE1 Skelmir CEEJ Virtual Machine.DAT
8576 <! 16/02/2003 23:10 27 AEBB1DF3 CEEJ.lnk
8587 <! 16/02/2003 23:10 40 1EAF4EB3 CEEJ Examples.lnk
8588 <! 16/02/2003 23:10 27 AEBB1DF3 CEEJ.lnk
because these are not in the map where i extracted the cab file too. maybe you can take a look for me and tell me what i have to change in mkrom to have ceej by default installed
the extraced cab map:
http://www.devosjansen.nl/xda/java installed.rar
the snapfiles:
http://www.devosjansen.nl/xda/xda snapshots files.rar
thanks in advance
laurens0619 said:
hi,
i installed it to a seperate directory and zipped the files. i also took a snapshot when the xda was fresh and after install. i only can't find where the xda's gets is files from in:
43 <! [\Windows\AppMgr]
Click to expand...
Click to collapse
These files are generated during the install process, and contain uninstall information. You do not need to write them if you install in ROM, since you don't need/want your programs to show up the in the 'Add/Remove Programs' dialogue.
ah i understand,
so i just put the files in the files1 or files2 directory and add this reg files to the default.reg? i dony really understand the readme file
ah little kick,
isn't also good for the next SE rom? because you have finally a java virtual machine on the xda and the app is freeware (got it from www.skelmir.com)
laurens0619 said:
isn't also good for the next SE rom?
Click to expand...
Click to collapse
Noted...
nice but can you please help me out for the moment? i dont know which part i must add to the default.reg file
laurens0619 said:
I dont know which part i must add to the default.reg file
Click to expand...
Click to collapse
default.reg holds the registry that is present when the system wakes up from cold-boot. So any registry entries your installer (or first run of the app) has made that you would like to have present should go in there. Clear enough?
almost
so i just copy paste the **** at the end of the reg file? and the files in the files 2 map
but how will the rom know where to put the files??
sorry if i'm stupid but i don't want to f*ck my rom so i can use me xda's as a frisbee
Yes, the registry entries can be pasted at the end of default.reg. It doesn't matter if there's earlier entries with the same values, since the latter ones override.
All files in files1 and files2 will end up in \Windows, and if you want them somewhere else, (where they'll take up RAM), you must manually copy them (or pre-made links pointing to them) by issueing commands in initobj.txt.
Take a real close look at initobj.txt, and you'll get the picture.

HOW to replace/relocate modules anyway?

Hello,
Please forgive me if i'm asking a dull question
I wish to import a module from another Rom
I tried to replace it with a file that reconstructed by Recmod.exe but it's not working....
Sadly I failed to find a tutorial about relocating modules
Got some pieces of info but very vague
What would be modified actually? S000? S001...imageinfo.bin? imageinfo.txt?
Address range of *.DLL are listed in dump_MemoryMap.txt
How about *.EXE ones?
(PS, Which tool can extract XIP partition other than RomMaster.exe?)
Any help will be welcome
Thanks in advance
Regards
No one can help?
I've been searching over and over but no luck
All that I know is about hex editor, xipport by Mr Bepe(if modify XIP), modify imageinfo.txt, imageinfo.bin(How to do this?)
Am I missing something?
Please kindly do me a favor
All I've found about it so far is:
(look for section "documents"): http://hpcmonex.net/izemize.htm
(about xip): http://www.pxdxa.com/read.php?tid=40125
Sources of mamaich's and bepe's tools (xda-developers)
Itsme tools and infos: http://www.xs4all.nl/~itsme/projects/xda/romtools.html
Pls give some feedback if it's worth to read.
Did you ever figure out how to do it?
I tried replacing a single module (folder) and it messed up my ROM (locks up on Today screen). I even tried G'Reloc after replacing the module and then the ROM wouldn't get past the boot screen. Information on how to replace modules is hard to find.

dummy.exe needed

Hello,
could I ask any of the developers here to create very simple exe file for me that would actually do nothing.
Just two features needed:
1. system will recognize it as executable
2. will terminate itself immediately.
I just need to replace real application with it on some occasions by script.
I tried all other options to conditionally block the autorun but this seems to be my last option and I was not able to find one on the internet.
Many Thanks
hmmm, Im not a expert in EXE files, but wont a empty text file renamed to .exe do the trick?
This seems like it will do what you want. VS2005 project attached. It includes a compiled file for WM2003, which seems to run on WM6Pro fine. So, this ought to work on anything from WM2003 to WM6.1Pro.
…fantastic. This is exactly what I need.
Many Thanks!
not the right place to post.
READ THE RULES
thank you

[DEV-UTIL][19.03.2009]DriverWiz - Make signed CABs from driver DLLs that work

Intro
Lately I've seen a lot of posts by people who are trying to replace WM internal or driver DLLs, either for hacking/testing or to release. Aside from the possibility they are just doing something that won't work in the first place, I've seen failure a lot of times because files aren't properly signed, or if they are, the certificate in question not being in the right certificate stores for it to have any effect. On some ROMs it will still work due to patched NK.EXE, on others it won't, its just not very reliable.
So, I present you with the correct way of doing this by means of a small tool that will do this for you: DriverWiz. It will take care of most of the stuff, and leave you room for additions. You will however still need some basic knowledge of the command line, if you don't have that, you have no business doing anything like this anyways.
Background
I use this technique myself all the time. When just hacking away, replacing system DLLs to trace calls, etc. It's also the same method used for the HTC-CA drivers and the ICS installer. This method works on most stock ROMs as well, though not on all of them (in rare cases some security policies are set that will prevent CAB installation)
Usage
It's fairly simple to use. Just extract the attached zip file somewhere, open the command promt, and change directory to where the zip was extracted. That's the installation part.
Now when you actually want to build a CAB file from a DLL, you use the DriverWiz.bat file.
DriverWiz v1.0 by Chainfire
Usage:
DriverWiz.bat "Description" "CAB-name" "DLL-name-1" ["DLL-name-2" ...]
Examples:
DriverWiz.bat "New DDI" "ddi.cab" "ddi.dll"
DriverWiz.bat "Two DDIs" "ddi.cab" "ddi.dll" "ddiaux.dll"
Click to expand...
Click to collapse
DriverWiz will take care of signing the DLLs, inserting the certificate, etc, and you will end up with a proper CAB file for this kind of thing. Just copy it to your device and run it to install.
#1. You need to put the DLL files in the same folder as DriverWiz. Do NOT include paths in your DLL names
#2. Include the quotes in the command like in the examples!
#3. The first time you install a CAB made by DriverWiz, your phone may still give you a certificate warning. This is normal, don't worry about it.
Caveats
While this method has never failed me yet, it is possible that some files cannot be replaced this way. Just a disclaimer
Modifying
DriverWiz bases the inf file it will create to build a CAB from on DriverWiz.tpl. If you need to add registry entries to your CAB file, modify DriverWiz.tpl before you run the batch file. You can make other modifications too, add files, etc. Just take care that you don't break it
You can use your own certificates as well, instead of the supplied "Dummy" certificate that comes with DriverWiz. The files you will want to modify/replace are DriverWiz.pfx (used for signing) and DriverWiz.xml (used for injecting the certificate). I'll see about finding a reference for how to do that online and posting the URL here (someday). Creating a new certificate from scratch can be a frustrating effort - make sure you got openssl handy
Changelog
19.03.2009 - 1.1 - Added some file exists checks and attribute changes
Download
Temporary PlaceHolder for more Info.
Whoo this is hot from the plate, looks very promising!
Driver testing withoud cooking! joohie
Well if you replace the wrong files you're still going to need to hard-reset to boot. I advise KITL before you do
Works flawless. You tha man.
Didn't work for me trying to cab up No2Chems Fast Charge battery divers.
ruskiyab said:
Didn't work for me trying to cab up No2Chems Fast Charge battery divers.
Click to expand...
Click to collapse
What exactly happened? Attach the files and such
It made the cab and all, but when I went to install it, the unsigned error message popped up just like when I tried it with WinCE cab manager.
That is perfectly normal behavior. The first time you install a CAB with this certificate it will not know the certificate. However, once you install it, the certificate will be injected in the right place, and the files signed with the certificate (the driver files in the CAB) will be allowed to be run.
It won't happen the second time you try it
So if I try to install it again, it'll work fine? is there aa soft reset required in between? I can replace these drivers manually by renaming the old ones and copying them over, the whole reason I want a cab in the first place is to facilitate the UC process when I flash a different rom
ruskiyab said:
So if I try to install it again, it'll work fine? is there aa soft reset required in between? I can replace these drivers manually by renaming the old ones and copying them over, the whole reason I want a cab in the first place is to facilitate the UC process when I flash a different rom
Click to expand...
Click to collapse
Actually it should just work the first time. Just click OK when the certificate error appears.
Nice nice nice work!
error message
I got error messages when creating a cab from a rilphone.dll. Does it mean anything, or are these errors okay? I guess I'm specifically wondering about the SignTool error. If its okay, then my cab should be good.
EDIT: I think I found the problem. I didn't have UAC disabled in Windows 7. I tried it again, after disabling it, and it works fine now. Thanks for the easy to use tool!
syntax for registry entries?
I was experimenting with creating a cab for the Rogers folks who need a specific rilphone for their Caller ID to work. There are some registry entries associated with this feature, so I was wondering what the correct syntax is for putting the registry entries into the .tpl file. I've tried a few different ways, and I've either a gotten a 'Registry section is empty' message, or a 'Registry has an unsupported registry root key' error. I'm sure its something really simple I'm missing, so any help you can offer is appreciated.
It just seems that since we now have this easy method to sign these dlls, so that they can be used in any ROM, that the Rogers people shouldn't have to jump through so many hoops to get it to work.
EDIT: Nevermind. I'm an idiot that didn't do a little bit of research. All is well now.
Excellent stuff, Microsoft may rant about this way of distributing signtool and cabwiz though.
Chainfire said:
You can use your own certificates as well, instead of the supplied "Dummy" certificate that comes with DriverWiz. The files you will want to modify/replace are DriverWiz.pfx (used for signing) and DriverWiz.xml (used for injecting the certificate). I'll see about finding a reference for how to do that online and posting the URL here (someday). Creating a new certificate from scratch can be a frustrating effort - make sure you got openssl handy
Click to expand...
Click to collapse
Here's an intro to cert stores for WM:
http://msdn.microsoft.com/en-us/library/aa458010.aspx
pfx generation is a 2-liner with openssl:
# Generate a CA certificate
openssl req -new -nodes -x509 -days 9999 -newkey rsa:1024 -md5 -keyout cert.key -out cert.cer -subj "/CN=DriverWiz"
# Convert to pkcs12/PFX format
openssl pkcs12 -export -in cert.cer -out cert.pfx -inkey cert.key
got error messages under vista sp2, any ideas?
I also get an error saying that the latest version of CAPICOM.dll is missing. The ones I can find for download from the internet are version 2.0.0, and the tool requires 2.1.0.1 or later.
Does anyone have the needed version of the dll?
EDIT: Found it, 2.1.0.2 version of the dll is in the attachment.
Time Saver !
Many thanks; DriverWiz /w the CAPICOM.DLL saved me about an hour of troubleshooting.
Cheers,
Thanks for the capicom.dll Even after disabling UAC in W7Rc1 it wouldn't go, so great to have it posted to.
Chainfire, which format should the Reg's be added?
I tried the default .reg formating just under:
[Registry]
[HKEY_CURRENT_USER\ControlPanel\Profiles]
@=""
"ActiveProfile"="Normal"
?
Scrap that i found the .inf format
[AddRegistry]
HKCU,"New Key","",0x00010001,1
Many thanks for this, i'll try to Point Driver replacing Sinners from now on to here.
Well INF files are a regular female dog.
If you rather use WinCE CAB Manager, the trick is easily done as well. I do not have it handy right here (I'm not at dev box), but it goes like this.
Put the DLL's and EXE's that need to go in the CAB into the same folder as DriverWiz
Execute the following command from the command prompt in the DriverWiz folder: signtool sign /f DriverWiz.pfx *.exe *.dll
Open your WCM/CAB with CM
Somewhere is an option for "Pre XML" (main screen IIRC).. click to add/edit, and load the DriverWiz.xml file
Save
signtool sign /f DriverWiz.pfx *.cab
Et voila. I should really make an update to DriverWiz to include CAPICOM and write a proper guide on how to do all this manually (including making your own certificates and such). It's easy if you know how
If you could insert another empty post for me at the top, that'd be great.

[Q] OEM package with dll

hey there,
i created an oem package which contains an dll file, one that exists also in the sys-folder as folder (contains imageinfo.bin and s000), when cooking with my kitchen buildos gives an error, something about that the expected file already exists as folder...
what can i do?
It's not a good idea to over-write a module; in fact, it's a bad idea, because it crashes most kitchens (buildos will crash every time).
1. Why are you trying to over-write a module with a file?
2. If you really want to do it, you need to remove the module from the sys directory. I'm not sure it's a good idea myself; you should at least convert the file to a module. If you don't know the difference between a file and a module, then you should search and find the answer. It's easy enough to do.
It would help a great deal when you start a topic if you give more information. What build are you using? What device? Most importantly, what module are you trying to replace?
Thanks Ted,
sorry for the small amount if informations. I'm using EXEcutor von pako777, it's kitchen tool for the omnia 2... almost, it dissambles the dump-file, then i can delete/add files and then it assembles it again... some kitchens i saw over here a really great, but the executor get the work done...
i found the informations, thanks for the hint i will now try reversmode.exe
right now i want to convert a taskbar.cab to an oem package and so i need to replace shellres.192.dll and some other files
I think that kheb 1.1 (search, it's easy to find) is the best way to make a package for your cab. Just run a snapshot, install the cab, then run another snapshot (+difference). Select the 'make an oem' function. It doesn't make a working oem, but it will dump the reg keys that you need, and collect all the files (I assume they'll all go to windows). It sounds like you're building the rom straight from a dump, and not with full packages? Then you'll need to just swap the new files in for any old ones (as well as add new ones), and figure out how to add the registry keys, if there are any. I guess you can use ceregeditor or something similar to import the keys into the default.hv. Convert files to modules, if that's how the dll's appear in the dump.
You have to be a little careful with an app like kheb (or sk tracker): it may dump out some extraneous files or reg keys, as changes occur all the time to a device's registry and file system. Make sure you separate the wheat from the chaff. It's best not to soft reset after the cab install, if you're prompted to do so. That creates a butt-load of random new reg values that are irrelevant. If any certificates are installed by the cab, you can probably ignore them.
Thanks again, but i used the package creator from ervius to convert the cab, converted the rgu to an provxml and the dll-files with reversmode and everything worked fine
but i will take a look onto kheb, sound promising when converting a cab with setup.dll

Resources