name garbaling in dll - Windows Mobile Development and Hacking General

I am using some functions in a dll but the only way I can get the name of the function to remain as I name it is to make it extern "c". If I do not do this then I have to copy the name from directly inside the dll and put the garbled text in my code, ed "someFunctionName" ends up "[email protected]@YAHXZ". It seems that every example I ever see dose not have this problem. Is there some setting I do not know about to force the linker to use the names I type without using a def file?

It was my understanding that this has something to do with C++ convention and cannot be changed, though I could be wrong on this point and if so, would also like to earn the answer.
Mean while if you are using functions from your DLL in your own code you can link to it "implicitly" (am I confusing the terms here?) by simply linking in the lib file compiler creates for the DLL and using the regular function names without all the garbage.

I think that what I am seeing is microsoft ("decoration") not from c++. I think the c++ name mangaling follows some rules that let it show the size of data being passed as arguments.
I do not want to link to it and use .lib etc because I do not want my main project to be entangled with the dll. I am trying to make a pluggin so it will be dynamically loaded with loadlibrary and getprocaddress. I am a bit new to this but it seems to work ok, I was just not sure how to use the def file properly. For example what are the rools regarding the order of names in the def as compared to the header file and what about variables, are they exported or do I have to have a function that returns a pointer to them.

Well some of MS help I encountered states that DEF files are obsolete, or at least MS is trying to make them so.
I didn't get deep in to the DLL rules my self but from what I understand it is sufficient to declare a function as _dllexport for it to be seen from the outside. If you want to specific ordinals (like in the plug-in case) that's another matter.
Variables can be exported and so are classes. I never tried using it, but the "hello world" example of a DLL that eVC 4 builds exports a function a class and a variable and does not use DEF file.

and after building that automatically generated code I get a dll with decorated function names (I view the dll in notepad to check). At first I could not figure out what was going on but after I put the decorated names into getprossaddres it works.

Related

HOWTO: save complex structures in a file?

hi,
I have a program and it has lots of settings saved in memory, when I exis the program I need to save settings in a config file.
My program has CString(s), CArray(s) and other basic int and DWORD varibles, so how can I save such complex settings?
Mohammad
as xml maybe
If you're using MFC you could always attach a CArchive to a file and serialize
Perhaps you need to either create a log file - for debugging purposes or save your settings to the registry. If its the former then, check this one http://www.codeproject.com/ce/GenericLogFunctionality.asp it should be helpful. If its the latter, then you just search codeproject and you'll find lot of tutorials on the registry. Also, you can use CEDB which is a flat table data base that can store many data type structures including files and images, use it if you need to.
It may seem like you're lost now, but you can take an overview about the cons and pros of each technique so as to choose the best one for you.
For my config file I use plain english bounded by my own tags. I use a character sequence as a seperator for lists. I convert numerical values into text that can be human readable. There are some benefits to being able to read and edit it manually if the need arizes. I also made a class purely for writing and reading from my config file. Now when I to use a config file I can just drop that class into my project.
XML sounds good and similar but it would require a greater knowledge of xml.
Registry is easier and faster to do/execute but for data that can potentially grow too much it is probably best to keep it out of registry.
Is CArray serializable? do we just simply use CArray::Serialize and it will dump all included objects into a file?
thanks
http://msdn2.microsoft.com/en-gb/default.aspx
this site may be helpfull while you wait for somebody to answer your question
If you can it would be easier to use CObArray and ensure that the array members are subclassed from CObject with the DECLARE_SERIAL / IMPLEMENT_SERIAL macros. You could also add a new << operator to the CArchive class and write the serialization routine but that would kinda defeat the object I guess.
I solved the issue using serialization, for CArray structures I used the following method:
File<<MyArray.GetSize();//store how many objects
for(all my objects in the CArray)
serialize them one by one
I did the same when loading and it works flawlessly.
Thanks all for your help

Free Common Dialog available

My experiences last year with building an open file dialog into GSMbeam made me want to have a more reusable solution. So I present my common file dialog here for any one to use. It is a open file dialog and a save file dialog. You just need to get the base class from my site and have a look at the example code to use it. It is very easy to use if you already know how to dynamically load a dll at run time. The dll exports 3 functions. One instantiates an object of the base class, one destroys it. Very easy.
The dialog is a big improvement on my previous one. It has search capabilities and it better adjusts to screen orientation ( I can't test for vga devices sorry, but it should work). It lets the user interact with the file system and returns a full path of their desired file to open. for saving you can suggest a file name (and path) and the user can just accept it or choose another. The save dialog then returns their desired path. The starting directory can be specified in both modes. The art is nice looking and intuitive.
I provide a small app for those who can't be bothered to code it but just want to have a look. All it dose is load the dll and demonstrate its functionality.
Lovely work!
V
Hey dude it sounds great. Unfortunately, the link is down, so it doesn't look great yet
Anyone has a copy ?
yea right man
the link is dead....pls be informed if there is new link...Alive

[LIBRARIES][SOURCE] WP8 Native Access project

This thread is for announcements and discussion around the WP8NativeAccess project (https://wp8nativeaccess.codeplex.com/). The purpose of this project is to provide general-purpose libraries, usable from C++ or .NET, which enable access to the underlying functions of the OS. In some cases, this will mean simple wrappers around native APIs; in other cases, these will be more advanced operations which simplify using the low-level APIs.
Some of the functions that the Native Access project exposes are already available via the official APIs. Other functions, however, are not. While I have no objection to these libraries being used in Store apps (license permitting), it is unlikely that Microsoft will permit the ones which use unofficial APIs.
Note that this library does not provide any method for elevation of privileges. Consequently, the use of these APIs will be constrained by the sandbox in which all third-party WP8 apps run, as defined by the capabilities in the app manifest. In practical terms, this means that most of the system will be either inaccessible or read-only. Even so, it has already proven useful to myself. When combined with interop-unlock and Capability-unlock hacks (making it possible for apps to obtain higher privileges), these APIs become much more useful. In fact, the EnableAllCapabilities utility uses the Registry library. Similarly, if you have the ability to use restricted Capabilities in an app you are developing, you may find these libraries useful.
The libraries are as follows:
FileSystem version 0.4.0: Implements functionality to read, write, and get information about files and directories, plus supports creating symbolic links and enumerating file system volumes. This version contains a breaking change from 0.3.x: the NativeFileSystem functions are now static and the constructor is removed. This library may be built with or without the macro USE_NON_PUBLIC_APIS; by default it now includes this macro and require kernelbase.lib to build. If this macro is not defined, it builds using the public APIs without requiring any special libraries.
Registry version 0.2.9: Implements functionality to read and write registry values, and to create and delete registry keys and values. Many, though not yet all, registry value types are fully supported. This library consists entirely of non-public (for WP8) APIs and requires the KERNELBASE.LIB and ADVAPI32LEGACY.LIB export libraries for Windows Phone 8 in order to build (the DLLs are in C:\Windows\System32 on the phone; you can use Dll2Lib.exe to extract the .LIB files).
Processes version 0.1.0: Implements basic functionality to get information about your process, and to create or kill a child process. Very early version.
They are licensed under the Microsoft Permissive License.
The FileSystem and Registry libraries are currently being used by my WP8 File Access Webserver project (http://forum.xda-developers.com/showthread.php?t=2355034).
My EnableAllSideloading app uses the Registry library (http://forum.xda-developers.com/showthread.php?t=2435697).
@hjc4869 has a basic FileExplorer app which uses the FileSystem library (http://forum.xda-developers.com/showthread.php?t=2497788).
You may need to use 7-Zip or another extraction program better than the built-in Windows Zip extractor to open the archive.
Reserved for OP...
Updated. This will be the main place on XDA for releases of the NativeAccess libraries going forward. Additionally, please report problems or make feature requests here.
I think there should be some way to list all the volumes...
Perhaps windows runtime has provided an async win32 file API wrapper which has the same ability as win32 ones ,so I think undocumented file API and registry ,process and etc are more important.
The latest version of the NativeFileSystem library can give you the mount points (as strings) for all volumes (C:\, D:\, etc.)... I implemented that a few days ago; it should be in this update. Sorry for not highlighting that more clearly (typo in the OP fixed now).
Can't open "NativeAccessLibraries_040_029_010.zip"
Edit Ok with 7-zip
How odd, you're right. I didn't do anything terribly fancy while building that ZIP, so I really don't know what's up with that.
I have added the NativeFileSystem library to my PDF to Office app...
Thanks again for all your work !
@GoodDayToDie: Congratulations, good work! Unfortunately I can't import the registry library, it says it's not a valid DLL. I have Visual Studio 2013 Pro. Does it work for WP8? Please help me solving the problem. Thanks!
Sent from my Windows Phone using Tapatalk
myst02 said:
@GoodDayToDie: Congratulations, good work! Unfortunately I can't import the registry library, it says it's not a valid DLL. I have Visual Studio 2013 Pro. Does it work for WP8? Please help me solving the problem. Thanks!
Sent from my Windows Phone using Tapatalk
Click to expand...
Click to collapse
You need to reference .winmd file, not the .dll file.
Thanks! Can we also modify hex registry values with it?
Sent from my Windows Phone using Tapatalk
If you have the required permissions, yes. There's read/write functions for REG_BINARY, and also a simple wrapper around RegSetValue that will work for any type.
However, the library doesn't actually give you any privileges your app didn't already have. Without special Capabilities (which usually require hacks to enable), you won't have write access anywhere in the registry at all...
GoodDayToDie said:
If you have the required permissions, yes. There's read/write functions for REG_BINARY, and also a simple wrapper around RegSetValue that will work for any type.
However, the library doesn't actually give you any privileges your app didn't already have. Without special Capabilities (which usually require hacks to enable), you won't have write access anywhere in the registry at all...
Click to expand...
Click to collapse
OK, thanks, but another question: I referenced .winmd file, but it gives me error, the component was not found. Any idea how to fix it?
Do you have the DLL and the WINMD in the same location? Are you creating a WP8.0 app (I don't know if apps targeting 8.1 specifically will work)? Are you building for ARM?
Yeah, I have. Library now working, but it doesn't recognize the commands, I mean if I write NativeRegistry.ReadDWORD command not found :/ Can you help me?
Sent from my RM-915_lta_lta_330 using Tapatalk
You're going to need to be way more specific.
How far did you get, i.e. can you compile the app? Install the app? Launch the app? Does it crash immediately or does it actually load? Etc.
What, *exactly*, breaks? Does it break when you try to reference the NativeRegistry library, or only when you try to actually use ReadDWORD function, or some time later? If you are able to call readDWORD, what is the return value? If it fails, what is the error code?
Are you getting an exception, or does it just not work? If it's an exception, give me as much detail about it as you can (the type, the message, the code where it happened, etc. if possible).
myst02 said:
Yeah, I have. Library now working, but it doesn't recognize the commands, I mean if I write NativeRegistry.ReadDWORD command not found :/ Can you help me?
Sent from my RM-915_lta_lta_330 using Tapatalk
Click to expand...
Click to collapse
Try to rebuild the solution.
GoodDayToDie said:
You're going to need to be way more specific.
How far did you get, i.e. can you compile the app? Install the app? Launch the app? Does it crash immediately or does it actually load? Etc.
What, *exactly*, breaks? Does it break when you try to reference the NativeRegistry library, or only when you try to actually use ReadDWORD function, or some time later? If you are able to call readDWORD, what is the return value? If it fails, what is the error code?
Are you getting an exception, or does it just not work? If it's an exception, give me as much detail about it as you can (the type, the message, the code where it happened, etc. if possible).
Click to expand...
Click to collapse
Hi, I can't even build it, it doesn't recognize the command and makes a red line under it. I can reference the library, but not use any commands like ReadDWORD, WriteDWORD and so on. Screenshot is attached, this is happening if I load your EnableAllSideloading App, for example. With self-created projects I have the same problem. My system is Win 8.1 Pro x64 and I'm using Visual Studio 2013 Professional. Can you help me? Thanks!
You have added
Registry.winmd in reference library
and
Using Registry;
in your source code
Source code for EnableAllSideloading already has the requisite using directives...
When you look in the project's References, is the Registry library referenced correctly? By default it'll try to use a relative path that I use on my PC, but probably not the same path you use. You may need to manually adjust the reference, or delete it and re-create it.
Alternatively, what auto-fix options does Visual Studio give you when you click on those red lines?

[XAP][SOURCE] WP8 Registry Tools

Rebranded to WP8 Registry Tools from Lumia Registry Modifier
This is a basic registry viewer/editor demonstration using Registry dlls pulled from Nokia xaps within the latest FFUs.
First, a few things to note.
1) This only retrieves values from HKEY_LOCAL_MACHINE
2) It CAN read DWORD values now, but can't write. (Hell you probably won't be able to write ANYWHERE, but the code is there)
Instructions are quite simple.
To Read Values:
1) Put the Registry key in the first box (ex. SOFTWARE\Classes\MIME\Database\Codepage\1254
2) Put the Registry Value in the second box (ex. 1254)
3) Press Get Value.
To Set Values:
1) Put the Registry key in the first box (ex. SOFTWARE\Classes\MIME\Database\Codepage\1254
2) Put the Registry Value in the second box (ex. 1254)
3) Put the new registry value result in the Set Value box.
4) Press Set Value.
This is very very basic, but I wanted to just show off something using what Nokia has provided us.
We can't write dword values unfortunately so hopes of using this to change the MaxUnsignedApp value are lost. This MAY be possible with @GoodDayToDie 's WP8NativeAccess library, but with this it isn't.
In case everyone wondered what that key is... SOFTWARE\Microsoft\DeviceReg\Install
Side load away
Hmm... I get Access Denied in my library on most keys that I've tried to write. If you can write the codepage, that's interesting (generally speaking, HKLM has stronger protections). I'll double-check whether I can write there myself. If not, but you can, then we have an elevated privilege attack vector...
Also, we should see whether the app runs on non-Nokia devices. I suspect that it will, if it works the way I think it does, but in that case it also won't have much in the way of permissions.
Getting DWORDs to work is a good project, I'm sure it's possible (works fine in NativeAccess, incidentally).
EDIT: Any chance you could include the source?
snickler said:
This is a basic registry viewer/editor demonstration using Nokia's Native Registry dll pulled from one of their apps.
First, a few things to note.
1) This only retrieves values from HKEY_LOCAL_MACHINE
2) DWord values aren't supported.
Instructions are quite simple.
To Read Values:
1) Put the Registry key in the first box (ex. SOFTWARE\Classes\MIME\Database\Codepage\1254
2) Put the Registry Value in the second box (ex. 1254)
3) Press Get Value.
To Set Values:
1) Put the Registry key in the first box (ex. SOFTWARE\Classes\MIME\Database\Codepage\1254
2) Put the Registry Value in the second box (ex. 1254)
3) Put the new registry value result in the Set Value box.
4) Press Set Value.
This is very very basic, but I wanted to just show off something using what Nokia has provided us.
This doesn't seem to work with dword values unfortunately so hopes of using this to change the MaxUnsignedApp value are lost. This MAY be possible with @GoodDayToDie 's WP8NativeAccess library, but with this it isn't.
In case everyone wondered what that key is... SOFTWARE\Microsoft\DeviceReg\Install
Side load away
Click to expand...
Click to collapse
atleast its a start.
GoodDayToDie said:
Hmm... I get Access Denied in my library on most keys that I've tried to write. If you can write the codepage, that's interesting (generally speaking, HKLM has stronger protections). I'll double-check whether I can write there myself. If not, but you can, then we have an elevated privilege attack vector...
Also, we should see whether the app runs on non-Nokia devices. I suspect that it will, if it works the way I think it does, but in that case it also won't have much in the way of permissions.
Getting DWORDs to work is a good project, I'm sure it's possible (works fine in NativeAccess, incidentally).
EDIT: Any chance you could include the source?
Click to expand...
Click to collapse
ah yes, sorry about that. Let me load up my laptop
EDIT: Source added.
Hi I found the Registry item
(File path : <ffu>\Windows\Packages\RegistryFiles\SOFTWARE.REG)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
where we can set extensions and their types.so is it possible to add a new extension so that it will also be supported and visible in sdcard ?
vivekkalady said:
Hi I found the Registry item
(File path : <ffu>\Windows\Packages\RegistryFiles\SOFTWARE.REG)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
where we can set extensions and their types.so is it possible to add a new extension so that it will also be supported and visible in sdcard ?
Click to expand...
Click to collapse
It doesn't support creating new key values, only modifying existing ones. If the data is within one key value and it's able to be read, then it should be able to have things added to it.
EDIT: From what I've seen, what you're trying to do won't be possible with this. Each extension has a different key value.
We may need to start an "interesting registry values" thread here, similar to the one for WP7. Of course, it'll be more interesting if we can actually change any of them.
Oh, and the app works on my ATIV S, just by the way. Need to find some interesting paths to test it on, though.
EDIT: Have you been able to write to *any* values using this? It fails for me every time, but I haven't tried that many yet.
GoodDayToDie said:
We may need to start an "interesting registry values" thread here, similar to the one for WP7. Of course, it'll be more interesting if we can actually change any of them.
Oh, and the app works on my ATIV S, just by the way. Need to find some interesting paths to test it on, though.
EDIT: Have you been able to write to *any* values using this? It fails for me every time, but I haven't tried that many yet.
Click to expand...
Click to collapse
it has failed for me also. The only values I could write to were the ones that corresponded to Nokia. I'll look through the code again and make another update. I'm going to also rebrand it since it works for non Lumia phones.
Interesting about the Nokia paths working. That could be some characteristic of the DLL you use having better permissions or something specific to OEM stuff, but I actually suspect it's just that Nokia didn't bother to lock down the ACLs on their parts of the registry. You can easily adapt the app to my NativeRegistry class to test this, if you want.
Hmm that's a good idea. I just rebranded it to WP8 Registry Modifier. I'll add in your NativeRegistry class to work along with the RegistryRT class to see what comes about.
DWORD support
For DWORD support, take a look at the Nokia.SilentInstaller.Runtime.wim... The "CSilentInstallerRuntime" class contains multiple methods to interact with the registry including:
CreateKey
GetRegDWORDValue
GetRegSZValue
GetRegSZValueL
IsRegistryDWORDValueExists
IsRegistryKeyExists
IsRegistryREGSZValueExists
SetRegDWORDValue
SetRegSZValue
A bit off topic, I found a way to launch any URI... Literally, ANY URI (app:// http:// or anything). I can launch any application (using the GUID - so it must be a registered application but doesn't have to be one that you see in your programs list) and go to a specific page within that application. I can also pass any kind of query string that could unlock some hidden features in an application (such as the Extras+Info application - I can launch it using any dial string even though my ROM has that particular dial string disabled). I do so by launching a Toast message which allows me specify a launch uri and once it pops up, I click it. If anyone's interested, I can post a code sample for that...
@GoodDayToDie I'm able to read DWORDs with your NativeRegistry framework. I haven't been able to write though (I've only looked at the MaxUnsignedApp reg value).
What I think I'm going to do is possibly scrap the RegistryRT framework and just use yours. I can then make an even more robust app.
cpuguy said:
For DWORD support, take a look at the Nokia.SilentInstaller.Runtime.wim... The "CSilentInstallerRuntime" class contains multiple methods to interact with the registry including:
CreateKey
GetRegDWORDValue
GetRegSZValue
GetRegSZValueL
IsRegistryDWORDValueExists
IsRegistryKeyExists
IsRegistryREGSZValueExists
SetRegDWORDValue
SetRegSZValue
A bit off topic, I found a way to launch any URI... Literally, ANY URI (app:// http:// or anything). I can launch any application (using the GUID - so it must be a registered application but doesn't have to be one that you see in your programs list) and go to a specific page within that application. I can also pass any kind of query string that could unlock some hidden features in an application (such as the Extras+Info application - I can launch it using any dial string even though my ROM has that particular dial string disabled). I do so by launching a Toast message which allows me specify a launch uri and once it pops up, I click it. If anyone's interested, I can post a code sample for that...
Click to expand...
Click to collapse
I was actually looking at the SilentInstaller not long ago. I got sidetracked by the fact that I could use the NativeRegistry read DWORD values. I'll check that out and upload a new build in a few
GoodDayToDie said:
We may need to start an "interesting registry values" thread here, similar to the one for WP7. Of course, it'll be more interesting if we can actually change any of them..
Click to expand...
Click to collapse
I can write one up later. I have several registry keys that I'd like to bring attention to.
NOTE: I don't see anything editable yet, at least I can read it to compare it to the files in the ffu.
Launching a URI should be possible more directly than that, using ShellExecute, or similar, but that way is cool (and doesn't require importing unofficial native functionality).
Just a word of warning: NativeRegistry is under heavy modification. I hope to have the next Alpha release done soon, which brings a ton of changes, but in the meantime you might want to follow the changes on CodePlex; while I test every build that I push, I don't always publish the binaries.
There will be two ways to use the registry through NativeAccess soon: one is to use fairly thin wrappers around the native functions (that's mostly what's implemented now, but it will be expanded to include key and value enumeration, key creation, etc.), and the other is to use a class more akin to a .NET RegistryKey class, offering the ability to interact in a more object-oriented manner (where the object itself represents an open key).
Something I did notice when I tried to compile the NativeRegistry source (I just ended up using the binary you had for my testing) is that it kept blowing up on the include for WinReg.h. I don't have that anywhere. Am I missing something?
snickler said:
Something I did notice when I tried to compile the NativeRegistry source (I just ended up using the binary you had for my testing) is that it kept blowing up on the include for WinReg.h. I don't have that anywhere. Am I missing something?
Click to expand...
Click to collapse
I'm not sure how GoodDayToDie did it himself (probably same approach I take it) but I compiled it using the "WinReg.h" from the Windows 8 SDK and removing the desktop-only compiler "if" instruction (lines 49 and 1446). And like he mentioned, you also have to create the KERNALBASE.LIB with the required registry export functions for the linker.
cpuguy said:
I'm not sure how GoodDayToDie did it himself (probably same approach I take it) but I compiled it using the "WinReg.h" from the Windows 8 SDK and removing the desktop-only compiler "if" instruction (lines 49 and 1446). And like he mentioned, you also have to create the KERNALBASE.LIB with the required registry export functions for the linker.
Click to expand...
Click to collapse
Ah ok, thanks!
cpuguy said:
A bit off topic, I found a way to launch any URI... Literally, ANY URI (app:// http:// or anything). I can launch any application (using the GUID - so it must be a registered application but doesn't have to be one that you see in your programs list) and go to a specific page within that application. I can also pass any kind of query string that could unlock some hidden features in an application (such as the Extras+Info application - I can launch it using any dial string even though my ROM has that particular dial string disabled). I do so by launching a Toast message which allows me specify a launch uri and once it pops up, I click it. If anyone's interested, I can post a code sample for that...
Click to expand...
Click to collapse
Yes, please post your code and give yourself your own thread (at least keep it here in development ). There are a lot of underlying dialer codes that Nokia disabled when flashing the 928s. Also this could mean we could have a custom app launcher, if you wanted to customize it that way. Most of the work we have done on WP8 has occurred in the past few months; we are finally getting so close to the first InteropUnlock for Nokia/WP8.
Sent from my RM-860 (Lumia 928) using the OFFICIAL Tapatalk app.
I'm trying to figure out the correct method prototype (since this is a method that appears to be WinPhone only and isn't part of the SDK so, no details on it whatsoever)... I stumbled upon this toast functionality in "NokiaFrameworkOBAWinPRT.dll" under the "DevPropHelper" class. The method to call is "InvokeToast". This method ends up calling "Shell_PostMessageToast" in "ShellChromeAPI.dll" (this is what I'm trying to invoke directly without going through the Nokia dll).
Add a reference in your project to "NokiaFrameworkOBAWinPRT.winmd" (you can find this in newer versions of the Extras+Info app)
Add the necessary <InProcessServer> tag (to allow the "NokiaFrameworkOBAWinPRT.DevPropHelper" class) in the <ActivatableClasses> section of you WMAppManifest.xml file
In the code... Create an instance of "NokiaFrameworkOBAWinPRT.DevPropHelper"
In the code... Call the "InvokeToast" method (of the previously created object) passing it:
Application GUID (can be your local app's GUID - doesn't seem to matter)
URI to launch in string format
Toast title (can be anything)
Toast content(can be anything)
When the Toast notification pops up, click on it and that's it.

[XAP][SOURCE] Native Toast Notification Launcher

This is a very simple application that enables you to specify any kind of Uri to launch. This is done through creating a Toast notification that, when clicked on, will execute the specified Uri. This uses a native method outside of the regular SDK; the standard methods available in the SDK that you'd normally use to create a Toast notification are restrictive in what kind of Uri you can specify. By using the native method not part of the SDK, these limitations can be by-passed.
I've attached both the XAP and the source code. The source project contains three projects:
CShellChromeAPI: The C++/CLI project which calls the native un-documented method
NativeToastLauncher: The .NET wrapper which simplifies the interaction with the C++/CLI project
NativeToastLauncherApp: The test application used to quickly launch any Uri
You'll notice I've hard-coded a default Uri when you launch the application: this will open the Windows Phone 8 "About" page.
To run this, you'll need to side load the XAP which requires a dev unlocked device...
Can I use any system GUID to launch?
djtonka said:
Can I use any sytem GUID to launch?
Click to expand...
Click to collapse
Any registered app GUID yes. You'd do app://GUID/_default (or replace the _default with the particular task to run - in most cases, that's _default).
@cpuguy this is awesome, thanks!
If you guys are looking for GUIDS and default tasks, they are all in the app's WMAppMAnifest.xml. the "ProductID" is the GUID and the "DefaultTask Name" property contains the name of the default task.
Hopefully we can use this to find a program to exploit.
Sent from my Nokia 521 using XDA Windows Phone 7 App
Does anyone happen to have a list of the ID's for the system and settings apps? Obviously, I can't go into the code and get these without messing with the file system. If no one has them, then I can just trial/error until I get some...
If you download the registry hives located at http://forum.xda-developers.com/showthread.php?t=2393883 , you can load the Software hvie and search for "app://" That will give you a few system files you can launch.
EDIT:
I posted a zip file of the default ones in a new thread.
IF anyone has tethering blocked, see if you can get it to work by launching this URI app://5B04B775-356B-4AA0-AAF8-6491FFEA5629/Default
compu829 said:
If you download the registry hives located at http://forum.xda-developers.com/showthread.php?t=2393883 , you can load the Software hvie and search for "app://" THat will give you a few system files you can launch.
Click to expand...
Click to collapse
Im only seeing the app:// function used on the system settings options after going through the regsistries so far.
aclegg2011 said:
Im only seeing the app:// function used on the system settings options after going through the regsistries so far.
Click to expand...
Click to collapse
that's what I saw too. I am having way more luck finding cool stuff in the extracted ffu. Take a look at the zip file in the new thread I started.
compu829 said:
that's what I saw too. I am having way more luck finding cool stuff in the extracted ffu. Take a look at the zip file in the new thread I started.
Click to expand...
Click to collapse
yea, I saw the new thread. Hopefully somebody can find a exploit in all that. It executes some cool files. Too bad there wasn't a cmd.exe file on our phones that we can execute.
aclegg2011 said:
yea, I saw the new thread. Hopefully somebody can find a exploit in all that. It executes some cool files. Too bad there wasn't a cmd.exe file on our phones that we can execute.
Click to expand...
Click to collapse
actually..there is! but it's stuck in a WIM. It inflates it on an "as-needed" basis.
I am hoping that we can use the backgroundworker to run some stuff elevated
compu829 said:
I am hoping that we can use the backgroundworker to run some stuff elevated
Click to expand...
Click to collapse
But they all are pretty much isolated. It is unlikely that you will be able to run anything elevated
aclegg2011 said:
yea, I saw the new thread. Hopefully somebody can find a exploit in all that. It executes some cool files. Too bad there wasn't a cmd.exe file on our phones that we can execute.
Click to expand...
Click to collapse
Not only is there a CMD.exe, but there are other interesting things like a BSOD screen, Control Panel, registry keys referencing desktop (A future exploit I might attempt), and even native EXEs (We knew about native EXEs since WPs release).
Why does this launcher not work with "normal" toasts: {YOUR-APP-GUID} and "/Page1.xaml"? Only with empty GUID and full path.
Similarly, any chance this could be used to open arbitrary XAML pages, rather than just the ones defined in the app manifest? For example, something like what was posted in another thread (http://forum.xda-developers.com/showpost.php?p=45265419&postcount=56) using the following URI: app://5edbdbbc-2ab2-df11-8a2f-00237de2db9e/_default#/View/APNSettingPage.xaml to launch a hidden page in the Connection Setup app. I don't know if that's a weird behavior of CS or if its universally possible (and while it feels lazy to ask, I'm at work right now). There are a bunch of "hidden" pages in the ATIV S Diagnosis app, some of which would be very useful, but the navigation code for them is blocked or outright missing. If we could invoke those directly... There are probably a bunch of other such hidden gems in other OEM apps too.
Yes you can. The way I found the one in the HTC app was by loading the dlls in JetBrain's dotPeek. Then I looked for the xaml files. It is all a relative URI based on what dotPeek/the app "sees". The only thing the manifest states is where the default entry point is for the page. Basically I looked in the manifest file for how it calls the "default" page. and then replace it with the relative URI for the other page you want.
If you guys want, I can write up a simple tutorial. I just have an HTC 8x, so my hands are tied. If someone can figure out how to deflate an nbh file so I can browse it, that'd be fantastic! I found a "dead" 521 on eBay that I am thinking of picking up for research since there are way more tools for Nokia.
compu829 said:
Yes you can. The way I found the one in the HTC app was by loading the dlls in JetBrain's dotPeek. Then I looked for the xaml files. It is all a relative URI based on what dotPeek/the app "sees". The only thing the manifest states is where the default entry point is for the page. Basically I looked in the manifest file for how it calls the "default" page. and then replace it with the relative URI for the other page you want.
If you guys want, I can write up a simple tutorial. I just have an HTC 8x, so my hands are tied. If someone can figure out how to deflate an nbh file so I can browse it, that'd be fantastic! I found a "dead" 521 on eBay that I am thinking of picking up for research since there are way more tools for Nokia.
Click to expand...
Click to collapse
That's correct. I have been navigating to various - normally unreachable - XAML pages in quite a few of the Nokia apps. I gave an example of that in a different thread:
Code:
app://[COLOR="Navy"][B]2377fe1b-c10f-47da-92f3-fc517345a3c0[/B][/COLOR]/[COLOR="Orange"][B]_default[/B][/COLOR]#/[COLOR="Green"][B]Launcher[/B][/COLOR];component/[COLOR="DarkRed"][B]MainPage.xaml[/B][/COLOR]
In this example, I launch the Nokia extras+info app (2377fe1b-c10f-47da-92f3-fc517345a3c0) with the default entry point (_default) which, as @compu829 stated, can found in the app's manifest. Following that, you can add "#/" (not sure if either the hash-tag or slash can be taken out or both are required to work but I know with both, it does work) to the URI to specify a particular XAML file you'd like to open. Following the "#/", you get to specify the assembly (i.e. the .DLL in the XAP file) in which the XAML file is located (Launcher). And finally, you add ";component/" followed by the full path to the XAML as defined in the embedded resource file (MainPage.xaml).
-W_O_L_F- said:
Why does this launcher not work with "normal" toasts: {YOUR-APP-GUID} and "/Page1.xaml"? Only with empty GUID and full path.
Click to expand...
Click to collapse
I presume your reference to the "empty GUID" is for the first parameter of my static Launcher.LaunchToast method? That first parameter is, as far as I can see, ignored for the actual toast launch. If I'd have the signature of the "Shell_PostMessageToast" method, I could perhaps understand what it does but, without it, I just knew it wanted a GUID (passed to it as a string) and that that GUID could be an empty one. I reversed engineered the signature from that native method (found in ShellChromeAPI.dll) by taking a look at another native assembly calling it. Naturally, this only tells shows me how that method is being called but doesn't return the name of the parameters. If I remember correctly, the assembly calling that method was passing its own application GUID... I could have done the same but, I didn't see what use it had so I decided to keep passing it an empty GUID.
The format of the toast is different most likely because that's the raw toast launching method. The other format you're used to is the more developer friendly one that's sanitized prior to launching it (so you can't launch another app directly).
Success!
@GoodDayToDie , this is exactly what I'm trying to do! And here is result:

Categories

Resources