Database Users

Simple Reverse Engineering

I'm currently doing a little reverse engineering of Coredll so that I can understand how a few functions work. Occasionally I run across a function call to an address similar to F000BDD8. Is this a function call into the kernel or does it correspond to an address in the dll? If someone could point me to the correct reference, I'd appreciate it.
This is how it is layed out:
LDR r0, &0000b650
MOV lr, pc
MOV pc, r0
And at address 0000b650 the value is F000BDD8.
Thanks!

it is something like a "syscall" command on WinCE. The "FIRST_METHOD" value (0xF0010000) is subtracted form the given address, then value is divided by 2 (in your case we get -8468 or 0xff..ffdeec). If the value is negative it is "API call to an implicit handle. In this case, bits 30-16 of the method index indicate which entry in the system handle table." (probably its a typo in comment, bits 8-22 are used instead of 30-16). Lower bits are offset in SystemAPISets[] table for the function address.
For more information look into PrefetchAbort function in "PRIVATE\WINCEOS\COREOS\NK\KERNEL\ARM\armtrap.s" file, and ObjectCall function in "PRIVATE\WINCEOS\COREOS\NK\KERNEL\objdisp.c"
You should get PlatformBuilder and look into Wince 4.20 partial source code that is coming with it. It does not have much information on indexes inside SystemAPISets table for any table except for SystemAPISets[SH_WIN32] (SH_WIN32 == 0).

see this page for a list of systemcalls.
and this page for a description of how systemcalls work.
to convert a trap address ( like 0xF000BDD8 ) back to the syscall nrs:
Code:
$a= (0xf0010000-$addr)/4; # = 0x108a
$api=$a>>8; # 0x10 = SH_GDI
$call=$a&0xff; # 0x8a = ExtCreateRegion
( call defined in public/common/oak/inc/mwingdi.h )
hmm. not sure which is correct though, my wince-systemcalls page lists a different call signature than the headerfile. they should match.

Thank you for the information. I actually have the sample source that comes with the Platform Builder demo. In this case, the call I was investigating was the GetSysColorBrush API.
That brings me to another point. In several of the APIs a check is made to a value (KData->lpvTls[-20], I believe) to see if the 0-bit is 1. The only thing I can determine is whether or not this is checking for the ready state of the API. Whatever the case, it seems that this bit determines whether the function I mentioned earlier is called or whether a function address is loaded from RAM. It's really weird.
The main reason I'm doing this is so that I can access the system's brush cache for the system colors. I've noticed that if I intercept calls to GetSysColor and GetSysColorBrush, it only works for applications that have not called them yet. So, if I override the color for COLOR_BTNFACE, menubars for newly launched applications are colored correctly, but buttons (which belong to GWES) do not use the appropriate color. It's weird because my code has been injected into GWES.Exe.
I guess that brings me to my ultimate question of whether or not someone can point me to the location in RAM where the system brush cache is stored.
Thanks!

is the '-20' in bytes ?
in PUBLIC/COMMON/OAK/INC/pkfuncs.h
#define PRETLS_THRDINFO -5
#define UTLS_INKMODE 0x00000001 // bit 1 set if in kmode
#define IsThrdInKMode() (UTlsPtr()[PRETLS_THRDINFO] & UTLS_INKMODE)
this must be the bit that is set when calling 'SetKmode();'

Yeah, the -20 is in bytes. Here's the disassembly of what I was looking at:
00B5EC E59F6068 LDR r6, &0000B65C
00B5F0 E59F5060 LDR r5, &0000B658
00B5F4 E5960000 LDR r0, [r6, #0]
00B5F8 E5101014 LDR r1, [r0, #-20]
00B5FC E3110001 TST r1, #1
00B600 15950000 LDRNE r0, [r5, #0]
...
00B650 F000BF08 ANDNV r11, r0, r8, LSL #30
00B654 01FC6758 MVNEQS r6, r8, ASR r7
00B658 01FC6760 MVNEQS r6, r0, ROR #14
00B65C FFFFC800 SWINV &FFC800 <-- Points to KDataStruct
What you said makes sense, yet it seems kind of strange that this API would be looking at an offest of -20.

so what you are seeing, is a call to 'IsThrdInKMode()' .
there is a space of thread local storage used by the kernel, just before the publicly accessible thread local storage. - look for SIZE_PRETLS, and PRETLS_RESERVED in the wince source.
this function ( well implemented as a macro actually ) is not a very strange function to call from a system call.
btw, you should have a look at IDA from datarescue. it will give you a much more readable disassembly. the stuff in your example from 00b650-b65c will be recognised as a constant pool, and the references to it, like at 00b5ec will be disassembled as 'LDR r6, =0xffffc800'

The only problem I have with IDA is that I can't afford it and their demo doesn't handle ARM processors. The generated output was done with a fairly simple program and has forced me to learn quite a bit about the underlying code in the OS. I've had to go back and forth between the disassembly and the shared source, but I've managed so far (with this exception).
I do have one other question while I have your attention. I've managed to inject a dll into all of the running processes and I've successfully managed to intercept several APIs by patching an application's IAT (and all attached modules, too) in an attempt to provide a better color handler for the system. It appears, however, that some programs, like Gwes.exe, don't use call my functions, but instead call the functions built into Coredll. For example, the GetSysColorBrush I mentioned earlier. This is what prompted me to begin reverse engineering Coredll in the first place. Do you know if the addresses are being stored somewhere? If so, that would explain why even though I've patched the IAT that the original function is still being called.

contact me in PM, I can help with IDA 4.51 full

gwes.exe is the program implementing the API, so quite likely it either calls it's api's directly, or calls the systemcalls directly.
and maybe someprograms are linked to a statically linked version of coredll?
a while back I experimented with trapping systemcalls, by modifying the method table in an API. ( see hookapi.cpp )
I do remember that my device became very unstable. so I guess that it somewhat worked, but haven't figured out what exactly I did wrong yet.
btw, I would be quite interested to see your code to trap calls via the IAT.

When you have a look to romimage.exe source code in platform builder you will notice that there is a special handling for coredll.dll.
All programs included in the MODULES section will directly resolve calls to coredll.dll. Only if you build a new XIP section a warning will appear "missing coredll.dll ... will late bind".
This means that a hook to coredll.dll will not be visible for in ROM programs since they will call the system functions directly (without the trap).
John

itsme said:
btw, I would be quite interested to see your code to trap calls via the IAT.
Click to expand...
Click to collapse
Unfortunately, I'm not at the computer where I have the code, so I'll have to upload it to you tomorrow. However, it involves extracting the IAT from the PPROCESS structure of a given program, then enumerating through the entries until I find the API I'm looking for. It's actually pretty straight forward. Give me your email address and I'll send it to you as soon as I can.
JohnSmith said:
When you have a look to romimage.exe source code in platform builder you will notice that there is a special handling for coredll.dll.
All programs included in the MODULES section will directly resolve calls to coredll.dll. Only if you build a new XIP section a warning will appear "missing coredll.dll ... will late bind".
This means that a hook to coredll.dll will not be visible for in ROM programs since they will call the system functions directly (without the trap).
Click to expand...
Click to collapse
I don't have the full source code, only what's available in the shared source, so I'm not sure what modules would be affected. However, I'm really only interested in a few of the Gwes APIs. I know it's possible at least at some point to hook into those as I've seen it done, though the individual who did it is under an NDA and can't tell me how he did it.
Itsme's process looks to be about the best so far, assuming I can get it to work. The only thing is that I need to find a way to translate the physical address to a virtual adress (and vice-versa) for MIPS, SH3 and the emulator, not just the ARM/XScale processors. If I could do that, then I might be able to get things to work.
Thanks for all of your help so far. I appreciate the time you have spent in explaining a few things to me.

[email protected]
for translating physical to virtual you would need to find the translation tables for each process, which I assume must exist somewhere, but have not found them yet. - my guess is it may be the 'pPTBL' entry from the process struct, but have not verified this yet.
( you know that virtual addresses can not uniquely be translated back to physical without knowing what process they are for? for instance the virtual address 0x11000 is visable in each process, and mapped to a different physical address each time. )

Fortunately, I've written an OS before, so I know what you mean about address mapping. If the pTBL does contain the page mappings, that would make sense. I found it easier in my OS to keep the TLB entries with the process they belonged to. That way the OS wouldn't have to search through its memory chain looking for the process's mappings.
Also, if the pTBL does contain the TLB entries, then it should be relatively easy to decode the addresses. After reading your code, itsme, I determined that the CINFO structure holds a pServer field which points to the process which contains the APIs. So, for example, the GDI and USER API sets are being held in Gwes.exe (at least, according to the pServer field). The ppfnMethods field is a VA referring to the pServer. If pServer is NULL, then the ppfnMethods field seems to be a PA. So, what I could do is check for pServer. If it is NULL, I could use the current process's pTBL structure to map the PA to a VA. If the pServer field is non-NULL, then I could try the pServer's pTBL field to do the mapping and then do the replacement that way.
If this works, I owe you big!

here is another experimental program, that investigates all the handles present in the system.
I used it to generate this overview of handles.

Progress So Far
I just thought I'd post an update on my progress so far. It appears that I can overwrite the API table pretty easily. Instead of taking a physical address, the table takes a pointer to a function in virtual memory. You just need to map it to slot 0 using MapPtrToProcess.
I've come across two issues in doing this. The first thing is that I can't call the original function address. For example, I store the original address contained in ppfMethods[x] and then attempt to typecast it to the proper function type, passing the incoming variables.
The other issue is that it appears that the API table is NOT refreshed upon a soft-reset. Fortunately, I was playing around with it on the emulator. Had I not, I would have been forced to hard-reset my device.
Does anyone have ideas on either of these issues?
Thanks again for your help so far!

a thing that just occurred to me, is that if you duplicate the apiset struct, the memory pointed to by ppfnMethods should be readable from the process specified in pServer.
so you should allocate the memory in the address space of pServer.
or set pServer to yourself, and add some hook code which does not modify the stack, so you can just pass most calls directly to the original server.
to call the original function address, you have to somehow switch process context, and then call it.

Well, in the case that I tested, I replaced the QueryAPISetID API which exists in Wn32 and therefore has no pServer. It appears that if there is no pServer, then there is no context switch needed. I've been able to verify that the API will execute my code and the generated assembly does not modify the stack in any way.
This one is really weird. Thanks for the suggestions.

chmckay said:
itsme said:
btw, I would be quite interested to see your code to trap calls via the IAT.
Click to expand...
Click to collapse
Unfortunately, I'm not at the computer where I have the code, so I'll have to upload it to you tomorrow. However, it involves extracting the IAT from the PPROCESS structure of a given program, then enumerating through the entries until I find the API I'm looking for. It's actually pretty straight forward. Give me your email address and I'll send it to you as soon as I can.
Click to expand...
Click to collapse
Hi,
Just wondring if you could post/PM/email me the code that lets you replace the API call. This is for the purpose of hooking a different DLL to do my own thing, or see here:
http://forum.xda-developers.com/viewtopic.php?p=131857#131857

I just sent you a PM with the information you requested.

Injecting Assembly Code

I was wondering if anyone here could help me out.
I have a need to intercept a couple of GDI apis. At this point, I can successfully inject a library into GWES and hook the apis using the api set data structure contained in the kernel's memory (i.e. KDataStruct->aInfo[KINX_APISETS]). However, this doesn't work when Gwes calls the api internally.
So, I came up with a method that allows me to "hook" the api, similar to the way Detours works. What I did was allocate 8 bytes of virtual memory and copy the first instruction of the api to the first 4 bytes of the memory block. Then, I created an ARM branch instruction to jump from the second 4 bytes of the buffer to the second instruction in the original api, kind of creating a trampoline function. Then, I created one more branch that jumped to my new function and overwrote the first instruction of the original function.
Basically, this is what ends up happening:
The api is called
The function branches (unconditionally) to my function
My function calls the trampoline function
The trampoline executes the first command of the original function (the one that was overwritten) and branches unconditionally to the original function
The original function does its thing and returns to my function
My function handles whatever it needs and returns to the caller
Now, here's the problem. On my handheld, it works flawlessly. However, this code did NOT work on several other devices, causing freezes and hard-resets. I was wondering if anyone knows what I can do to get this fixed.
Here's how I calculate a branch:
branch = (((dest-source-8)>>2)&0xffffff)|0xea000000;
I've verified that all of the values come out correctly for the ARM specifications.
If anyone can help, I'd really appreciate it.
Thanks!

3 ideas. First is dumb. Maybe these devices keep GDI code you are trying to patch in ROM?
The second idea. Maybe the GDI code is mapped to every process address space without any modifications, and when your hook is called, some of the processes does not have your injected code in them and jump goes to unexistent address -> crash. You may try to use a jump command that uses full 32 bits of adress and a MapPtrToProcess() function to get your address that is visible in every proccess. In this case you should patch 8 bytes of hooked command.
The third idea. Are you sure that the patched bytes does not contain instructions that use PC-relative offsets? In this case you'll have to emulate them manually.

Well, all GDI/USER functions exist in Gwes.Exe. When you call something like BeginPaint, coredll transfers control to Gwes, Gwes makes the function call and control returns to the application. So placing a hook in Gwes is the best location.
On the ARM/Xscale platform, all branches are relative to the PC. My example in my first post shows how the branch offset is calculated. Each branch must be within 32MB (24-bits). The first instruction of the function I'm hooking, according to IDA, is an STFMD.
So, I thought that my original problem was that the jumps were more than 32MB away. However, I've confirmed that this is not the case in any of the crashes, which is why I'm confused.
I believe I wrote everything to ARM specifications, but I guess not. If it will help, I xan post some of code for a reference.

instead of a jump, maybe use
Code:
04 F0 1F E5 LDR PC, [PC-4]
xx xx xx xx DCD jumptarget

[Update v1.1.2 3-10-2008] µTrack passive GPS device tracking

µTrack can be used to track mobile devices in a passive, non-intruisive way.
It can be configured to publish the location of a Windows Mobile powered device to any website or webservice. The only requirement is that HTTP GET request can be used.
The different items of information that can be published are:
- Longitude / Latitude
- DeviceID
- Date and time
When run, the application only shows a notifyicon and stays dormant until another application uses the GPS Intermediate driver. - When the GPS device gets a fix on the position, µTrack will publish this information to the URL specified in the configuration window.
µTrack features:
- A lightweight Windows Mobile client whose sole purpose is to monitor and publish GPS coordinates.
- Four different parameters can be used in the GET request: Longitude, Latitude, Date/Time and the deviceID.
- The request can be tested using a easy to use option which opens the configured URL in the default browser.
- A non-intrusive notify-icon to indicate GPS monitoring is active.
- Both support for Windows Mobile 5 and Windows Mobile 6 powered devices.
- Auto start monitoring on device reset.
- GPS Intermediate Driver support.
- Google Gears GeoLocation support.
Because of its easy concept, µTrack can be used in all kind of situations and applications.
Configuration of a target website is also easy. Just configure the webserver to process the GET request accordingly:
http://www.exampleserver.com/mywebsite/[email protected]&[email protected]&[email protected]&[email protected]
One example (which is used on my website: http://www.petervrenken.nl) is to publish the location of a device to a website. There the information is used to show a Google Maps map as the background of all the pages. The theme of de site is therefore dependent on the location of its owner.
µTrack version 1.1.2 can be downloaded on the link below and is free for any personal use. When µTrack is used in a commercial application, please donate...
http://www.petervrenken.nl/utrack
Version history:
µTrack v1.1.2
- Fixed bug regarding ID replacement in URL.
- Added a new Map tabpage that shows the location.
- Redesigned the internal threading mechanism.
- Optimised showing of the settings Form.
- Fixed bug that disallowed application termination.
µTrack v1.1.1
- Fixed bug in usage of the backspace key when entering the accountname.
- Fixed bug in Google Gears usage setting. This allows usage of Google Gears.
- The Enabled when roaming option now also takes Google Gears into account.
µTrack v1.1.0
- Changed threading mechanism to use Timer.
- Added server side Widget
- Redesigned device application internals
µTrack v1.0.8
- Bug in Interval mechanism fixed (far less CPU usage)
- Re-added program to start menu
µTrack v1.0.6
- Bugfixes
- Redesigned the interval mechanism
µTrack v1.0.5
- Corrected setup folder
- Redesigned internal architecture
- Bugfixes
- Enable when roaming option
- Google Gears GeoLocation usage
µTrack v1.0.4
- Fixed ObjectDisposedException
- Restyled settings screen
- Added interval configuration option
µTrack v1.0.3
- Fixed errors
- uTrack can now online be tested using google maps.
µTrack v1.0.2
- Fixed errors
µTrack v1.0.1
- Fixed errors
µTrack v1.0.0
- First release

this is megacool

could it be possible to use it without dataconnection? just offline tracking, and a simple upload function?

I love the idea of what this app does!
ddookie, I'm getting the following error fairly frequently:
Code:
uTrack.exe
ObjectDisposedException
at System.Threading.Timer.throwIfDisposed()
at System.Threading.Timer.Change(UInt32 dueTime, UInt32 period)
at System.Threading.Timer.Change(Int32 dueTime, Int32 period)
at System.Net.HttpWebRequest.ConnectionClient.Read(Byte[] data, Int32 offset, Int32 length)
at System.Net.HttpReadStream.NetworkRead(Byte[] data, Int32 offset, Int32 length)
at System.Net.ContentLengthReadStream.doRead(Byte[] data, Int32 offset, Int32 length)
at System.Net.HttpReadStream.ReadToDrain(Byte[] buffer, Int32 offset, Int32 length)
at System.Net.HttpReadStream.doClose()
at System.Net.ContentLengthReadStream.doClose()
at System.Net.HttpReadStream.Finalize()
Any ideas?

how does this really work. i have completely understand the concept or idea

Hello honnt!
That error does not look good. could you give me a bit more information? For example which device you're using etc?

VOODOOS!L said:
could it be possible to use it without dataconnection? just offline tracking, and a simple upload function?
Click to expand...
Click to collapse
Hello VOODOOS!L!
No, atm uTrack does not support a offline upload function. The idea behind uTrack is that when GPS activity is detected, the device tries to publish its position to the configured URL.
This is the core concept behind uTrack and ensures that the application stays lightweight.
One enhancement i read from you're question is to monitor network activity and only send the information when there is one.
Greetings,
Peter Vrenken

Hi,
How often does the Tool publish the GPS-Information? Once when the GPS is started or frequently (like every 5 min.)?
I didn't try it yet, but it looks great.

Cell ID based location tracking
Hi,
I am kind of into a project which is "Cell ID based location tracking" for Windows Mobile 5 & 6 devices (both pocket pc & smartphone).
In development I used RIL to get the Cell ID & other tower details.
The problem I am facing now is getting it signed for distribution.
Mobile2Market (M2M) - Seems like the RIL is under undocumented API so Microsoft won't be signing it
Network Operators (Verizon etc.,) - Since the product involves RIL, would they hesitate to have it signed?
1. Is there any other API (documented) which I can use to get Cell ID details
or
2. Will the leading operators be interested in signing the application which uses RIL
I'm sorry to ask you too many questions in the first post... but I am facing a critical issue.
Thanks in advance,
Senthil

eljayone said:
Hi,
How often does the Tool publish the GPS-Information? Once when the GPS is started or frequently (like every 5 min.)?
I didn't try it yet, but it looks great.
Click to expand...
Click to collapse
At the moment uTrack publishes the information each minute (but only when the GPS is active).
In a future version this interval will become configurable.

Hi, this tool looks really great - could you explain how to configure the webserver?

Hello fc959,
I use the following steps in my scripts:
- Add a page to your webserver.
- In this page, check the deviceid (or some kind of magic or other authentication mechanism if the publication is allowed.
- If so, process the lat, long, time and id values that are transmitted in the GET request.
- Write the values to the database.
Hope this helps.

Thanks ddookie.
I've tested the app with my settings and the test url works. However how do configurenthe intermediate driver to work with tomtom?

Hello,
The GPS Intermediate Driver is available on Windows Mobile 5 and higher:
http://blogs.msdn.com/windowsmobile/archive/2006/06/07/620387.aspx
I know that some hardware OEM providers have it disabled, but if there is a GPS icon on the settings->Connection window, the GPS Intermediate Driver is enabled.
To use the GPS Intermediate Driver with TomTom is nothing more than use the GPS Intermediate Driver assigned COM port in TomTom. The idea behind the GPSID is that multiple applications can use the same GPS hardware, so the driver uses some kind of complex multiplexing mechanism.
Greetings,

yes I do have it installed but am not sure about the config though.
program port set to com0 (as per tomtom connection settings)
which port should be set for the hardware tab?

ok I've tried setting various com ports in the external gps settings but still no luck...
ddookie, would you ming writing up a very quick bullet point guide for the settings?
I know I'm almost there !

fc959 said:
yes I do have it installed but am not sure about the config though.
program port set to com0 (as per tomtom connection settings)
which port should be set for the hardware tab?
Click to expand...
Click to collapse
try it the other way around.
hardware tab should be the com port you used to use. so com0:
set programport to com4
and use this com4 in both tomtom and utrack
warning:
There's very few software availalbe that is able to fireup the bluetooth connection through this gps intermediate driver. The only two i know of are Oziexplorer an TrackMe. And not tomtom! Tomtom waits forever to get a connection, what i used to do is startup oziexplorer or TrackMe, then tomtom and stop ozi afterwards.

honnt said:
I love the idea of what this app does!
ddookie, I'm getting the following error fairly frequently:
Code:
uTrack.exe
ObjectDisposedException
at System.Threading.Timer.throwIfDisposed()
at System.Threading.Timer.Change(UInt32 dueTime, UInt32 period)
at System.Threading.Timer.Change(Int32 dueTime, Int32 period)
at System.Net.HttpWebRequest.ConnectionClient.Read(Byte[] data, Int32 offset, Int32 length)
at System.Net.HttpReadStream.NetworkRead(Byte[] data, Int32 offset, Int32 length)
at System.Net.ContentLengthReadStream.doRead(Byte[] data, Int32 offset, Int32 length)
at System.Net.HttpReadStream.ReadToDrain(Byte[] buffer, Int32 offset, Int32 length)
at System.Net.HttpReadStream.doClose()
at System.Net.ContentLengthReadStream.doClose()
at System.Net.HttpReadStream.Finalize()
Any ideas?
Click to expand...
Click to collapse
Finally got everything working, but I now get the same error as above every 20 mins approximately - only solution is to soft rest...
Device is HTC TyTN / Hermes.

Hello,
i'll look into this matter in the beginnig of next week. Quite busy atm.
But this looks like a beginners fault from the developer ...

Hello,
i've just released version v1.0.4 (download here: http://www.petervrenken.nl/uTrack/).
It shouldn't throw as much ObjectDisposedExceptions as v1.0.3, and has a new settings screen which makes it possible to configure the time interval at which the location is published to the server.
Greetings,

[Software] Finansist.PDA v1.2 (24.12.2009)

Finansist.PDA
Hi all!
I glad to show my first project for PPC - Finansist.PDA
Use Finansist.PDA to take account of your finances with the possibility of synchronizing with multiple computers. Program Finansist.PDA offers many functions (some of them are in development) to obtain the current exchange rate from the Internet, show reports, etc.
There are maybe some control layout bugs at different screen resolutions (I've tested at 320*240).
Known bugs and issues:
* After you change the lang - you need reboot application
System Requirements:
* Windows Mobile 5, 6, 6.1, 6.5 (not tested yet)
* DotNet Compact Framework 3.5
Website: http://finansist.chanaev.ru/
Important! To update aplication without lose my data you need copy file MainDB.fdb from path_where_you_install_application\Database\ to any safe place (for example to \My Documents). After that install new version and copy this file back, overwriting existing new file.
Download:
Version 1.0 CAB: View attachment 222095
Changelog:
Initional release with base functions
Version 1.1 CAB: View attachment 222096
Changelog:
If the application installed in a folder other than \Program Files\Finansist PDA\ - required to manually correct the configuration file. Otherwise application don't work.
Controls layout for different screen resolution and layouts
Possibility to add payment into root categories
Cleanup initial database
Category which are curently selected in a category tree goes to New Payment form.
Interface changes in category tree context menu.
Subcategory payments included in output table when category in treeview clicked.
Database errors now also processed by translation module
Autoselect language during first launch
Field «Translated by:» in programm «About» form
Version 1.2 CAB: View attachment 260889
Changelog:
Possibility to set number of displayed rows in the table of payments
Possibility to display payments in subcategories with selected category payments
Possibility to work with many databases. You can disable dialog of database selection and work just with one database. Also you can create, open, compress, delete, set password see database properties and so on.
Database password protection
Many world currencies. For better usability you can select currencies which you use. Non-active will be not displayed in system (for exapmple in account management).
Database versioning. Converting to new format processed automatically without any data lost. This version has database v1. Finansist v1.1 and v1.0 had v0 database.
Possibility to copy databases from PC and back via ActiveSync. First step into records synchronizing. PC client available at the website.
Basic help at english language actually contained general information.
Fixed dates range calculation in Reports
Fixed some crashes in account management
Improvement of internal algorhythms for better perfomance and so on.
Feedback are welcome!
Enjoy =)

Change Currency
Hi, could you tell me how to change the currency???? I use TT$

hmm
Thanks for it

zjxpot, Unfortunately right now there is no possibility to do it. This function is in development stage. I guess it will be avaible as soon as possible.
yonta, you are welcome
2All, I've published new version. See changes and download app from header post.

Password
Hi in menu/option the password box is disabled how do I enable also in new payment regular payment is disabled how to enable or are those option for future use??? btw nice program

Finansist PDA v1.2 has been released after long time pause. Many changes in code, some new feautures and improvements. Work with PC as main feature must simplify process of money tracking and reporting. Don't forget about backup data at your device before first sync. List of changes is in header. Enjoy.
zjxpot, new version support many currencies

chanaev said:
Finansist PDA v1.2 has been released after long time pause. Many changes in code, some new feautures and improvements. Work with PC as main feature must simplify process of money tracking and reporting. Don't forget about backup data at your device before first sync. List of changes is in header. Enjoy.
zjxpot, new version support many currencies
Click to expand...
Click to collapse
Thanks for your work, I will check it out, All the best during this holiday season to you and your family

congrats on the new version

windows.devices.bluetooth dll/namespace

I do have a request to guys with interop-unlocked phones (of course if it's possible to browse \Windows): could you please check handset's assemblies for the windows.devices.bluetooth?
Thanks!

Actually it is not only possible to browse Windows, but also read any file there. Even with developer unlock.

Yes, you are right - I completelly forgot about GoodDayToDie's web server...
[Update] I found the dll with BLE & BT 4.0 support! It calls BLUETOOTHAPIS.DLL, I've attached exports. BLE (Bluetooth Low Energy) API functions begins from BluetoothGATT* , well described here http://msdn.microsoft.com/en-us/library/windows/hardware/hh450825(v=vs.85).aspx