dumprom usage - Windows Mobile Development and Hacking General

Hello,
I am working on modifing a settop-box.. it is running WinCE5.0 on a MIPS based CPU.
I successfully extracted the NK.bin from flash and converted it into NK.nb0 with cvrtbin.exe from wince sdk.
dumprom works fine on the NK.nb0, but now when I try to open any of the extracted DLLs (modules) my IDA Pro reports them as ARM executable.
now I wonder if this is hardcoded in dumprom or am I missing something ?

Related

Where to find dumprom.exe

Where can I found dumprom.exe? Why do I have to use Windows to extract files from rom? As I found I can use linux dumprom executable included in kitchen. It works with 4.00.10, but I can't get it work with 4.00.11, 4.00.16 and 3.17. The extracted file default.fdf is corrupted. :x
the linux version does not link to the compression library. that is why files seem corrupted.
Ok thanks,
I found it allready at http://www.xs4all.nl/~itsme/projects/xda/

Build Cab File of an app

Hey Guys!
How can i Build a cab for my programs in vs2005 or have i to use another tool to do this?
thanks SciLor
WinCe cab manager does the job.
its not free though.
but its worth it
isnt there another tool i can use?
look in the Visual studio's help file on making an installer..i cant remember now but i did create a cab once..btw which version of VS do u use
This is from My VS 2008 Pro Documentation
This section describes creating CAB files for distributing ATL and MFC controls over the Internet. If you need more information about CAB files, see the Cabinet File Reference in the Windows SDK documentation (in MSDN Library/Setup and System Administration/Setup/Setup API/Overview/Cabinet Files).
To create a CAB file:
Create an INF file.
Run the CABARC utility.
Creating an INF File
The INF file is a text file that specifies the files (such as DLLs or other OCXs) that need to be present or downloaded for your control to run. An INF file allows you to bundle all the needed files in one compressed CAB file. By default, files with the same version numbers as existing files on the user's hard disk will not be downloaded. For more information about INF files and their options, including how to create platform-independent INF files, see About INF Files and Using INF Files in the Windows SDK documentation (in MSDN Library/Setup and System Administration/Setup/Setup API/Overview/Setup Applications).
As an example, the following INF will be used to create a CAB file for the ATL Polygon control. You can build POLYGON.DLL by downloading the ATL POLYGON sample files from the Visual C++ CD and building a MinSize version. If you build a MinSize version of the Polygon control, you need one additional DLL, ATL.DLL. Since ATL.DLL needs to be registered before POLYGON.DLL, put the ATL.DLL first in the INF file:
Copy Code
; Sample INF file for POLYGON.DLL
[version]
; version signature (same for both NT and Win95) do not remove
signature="$CHICAGO$"
AdvancedINF=2.0
[Add.Code]
polygon.dll=polygon.dll
atl.dll=atl.dll
; needed DLL
[atl.dll]
file-win32-x86=thiscab
FileVersion=2,00,0,7024
DestDir=11
RegisterServer=yes
[polygon.dll]
file-win32-x86=thiscab
clsid={4CBBC676-507F-11D0-B98B-000000000000}
FileVersion=1,0,0,1
RegisterServer=yes
; end of INF file
This INF specifies that ATL.DLL with the given version needs to be installed on the system. If ATL.DLL doesn't exist already on the system, it will be downloaded from the CAB file created with this INF. "thiscab" is a keyword meaning the CAB containing this INF. You can also download a needed DLL from an HTTP location by specifying an absolute or relative path, for example:
Copy Code
file-win32-x86=http://example.microsoft.com/mydir/NEEDED.DLL
The keyword "file-win32-x86" identifies the platform as x86 specific.
You can get the version number of a file by clicking the right mouse button on the file in Windows Explorer. Select Properties from the list that appears, then select the Version tab on the dialog box that appears. You will sometimes need to insert an extra 0 in the file version. For example, the version number for the ATL.DLL is shown as 2.00.7024 in the dialog box. This becomes 2, 00, 0, 7024 in the INF file.
The "DestDir" is where the directory where the file will be loaded: 11 specifies the system directory WINDOWS/SYSTEM or WINNT/SYSTEM32; 10 specifies the windows directory, WINDOWS or WINNT. If no DestDir is specified (typical case), code is installed in the fixed OCCACHE directory.
The "clsid" is the CLSID of the control to be installed.
Once you have created an INF file, run the CABARC utility (available in the Mssdk\Bin directory) to create the CAB file. You should run CABARC in the directory that contains your source files. On the command line, put the source files in the order they appear in the INF and the INF file last. For example, to make a CAB file for the Polygon control from the INF above, use the following command:
Copy Code
C:\MSSDK\BIN\CABARC -s 6144 POLYGON.CAB ATL.DLL POLYGON.DLL POLYGON.INF
The POLYGON.CAB file contains a compressed version of ATL.DLL and POLYGON.DLL along with the information needed to extract them in the POLYGON.INF file.
For an example of how to parse and extract component files from CAB files, see the CabView sample in the MSDN Online Code Center at http://msdn.microsoft.com/visualc/downloads/samples.asp (select the CabView link).
The DLL files you need to include with an MFC control are MSVCRT.DLL, MFC42.DLL, and OLEPRO32.DLL.
Running the CABARC Utility
The CABARC utility is available in the Mssdk\Bin directory. For example:
Copy Code
C:\MSSDK\BIN\CABARC -s 6144 n MYCTL.CAB NEEDED1.DLL NEEDED2.DLL MYCTL.OCX MYCTL.INF
CABARC creates a CAB file called MYCTL.CAB.
You should run CABARC in the directory that contains your source files (the INF, OCX, and DLL files). The files to be archived in the CAB file should be listed on the command line in the same order they are listed in the INF file. In the example above, the INF file should list NEEDED1.DLL first, then NEEDED2.DLL, and then MYCTL.OCX.
The -s option reserves space in the cabinet for code signing. The n command specifies that you want to create a CAB file. For a list of CABARC commands and options, type CABARC alone on the command line:
Copy Code
C:\MSSDK\BIN\CABARC
Click to expand...
Click to collapse
I found an older version of this online:
http://www.aperitto.com/content/view/14/159/
I have version 2.0 and it works great without registering the copy. Look into it
I can't find the original setup I used... sorry, I will keep looking... but I've heard good things about SPB's installatation creator
http://www.spbsoftwarehouse.com/products/ezsetup/index.html?en
It is easy with VS 2008 there you can create a CAB Builder

nk.bin and dumprom

Hello,
I tried to extract nk.bin with dumprom util and it was extracted well.
But, dumprom have any bug.
After dumprom util extract files from nk.nb0, it change arm files to mips files.
I extracted files as the following steps;
First, download nk.bin from attached files.
One is arm nk.bin file for wince 5.0 and the other is arm nk.bin file for wince 6.0.
And, download nkbintools files to extract bin image files.
nkbintools also have dumprom util.
1. to dump the content of a nk.bin:
viewbin.exe nk.bin
(write down start and length)
2. cvrtbin -r -a START -w 32 -l LENGTH nk.bin
this command converts the nk.bin to a nk.nb0 (START and LENGTH from the command bevor)
3. dumprom.exe -d dump -v -5 nk.nb0
the content of the nk.bin will be written in the directory "dump". It must exists, otherwise an error occurs.
4. now, see files that is extracted and you will know that they are changed to MIPS files.
Anybody who know why they are changed MIPS files?
oh, thank you so very much... ive been trying for days to extract some nk.bin for some crypton nav...
It worked!!! THANK YOU!!!
Hi wong7942,
thank you very much for providing the images!
I wanted to extract the WinCE6 image to take some files out. My Navigon 2510 explorer is missing important core parts for modding (explorer.exe, control panel,...).
After extracting and copying to Device, the system says "not a valid exe". But at least on my Windows the dll looks right (Processor architecture ARM).
Any idea how to use the extracted files on PNA?
Thanks
Morpheus
HOw to make wince NK.bin file from dump files
CAn anybody tell me HOw to make wince NK.bin file from dump files .
////////////////////////////////////////////////////////////////////////////////////
wong7942 said:
Hello,
I tried to extract nk.bin with dumprom util and it was extracted well.
But, dumprom have any bug.
After dumprom util extract files from nk.nb0, it change arm files to mips files.
I extracted files as the following steps;
First, download nk.bin from attached files.
One is arm nk.bin file for wince 5.0 and the other is arm nk.bin file for wince 6.0.
And, download nkbintools files to extract bin image files.
nkbintools also have dumprom util.
1. to dump the content of a nk.bin:
viewbin.exe nk.bin
(write down start and length)
2. cvrtbin -r -a START -w 32 -l LENGTH nk.bin
this command converts the nk.bin to a nk.nb0 (START and LENGTH from the command bevor)
3. dumprom.exe -d dump -v -5 nk.nb0
the content of the nk.bin will be written in the directory "dump". It must exists, otherwise an error occurs.
4. now, see files that is extracted and you will know that they are changed to MIPS files.
Anybody who know why they are changed MIPS files?
Click to expand...
Click to collapse
kumar08 said:
CAn anybody tell me HOw to make wince NK.bin file from dump files .
////////////////////////////////////////////////////////////////////////////////////
Click to expand...
Click to collapse
i need to know too
please somebody help us

Disassemble or Reverse Engineer WM 6.5 dll

Can anyone suggest tools/utilities that would allow me to disassemble a WM 6.5 dll to reveal it's methods and parameters? In .net desktop world I can use tools like Reflector to do this, but I seem to be having difficulty doing this on WM apps.
Unregister dll - EDiT - Register dll
Here two threads discussing Developer tools & Kitchen Utilities for (ROM) Chef's;
Kitchen Utensils
60 Universal Tutorials for Customizing any Device and Cooking
Have fun, develop something nice for free and please do it here on xda-developers
There are a lot of ifs and buts to this but here goes:
If the dll was created as a .NET app, then reflector should be able to list the code within it, as it will contain the MSIL code within it. If it has been run through an obfuscator when it was built, this can mangle some of the internals and give Reflector a bit of a hard time.
Otherwise it will be a Win32/MFC/ATL object containing ARM object code. A DLL file is the same format as an exe file i.e. Microsoft's PE (Portable Executable) format. Microsoft's DUMPBIN, part of Visual Studio, (run it from the VS Command Prompt), is able to dump out the EXPORT table which lists the public functions visible in it.
There is a freeware ARM dissassembler , CHARMED, which can run on your device which can display the ARM assembly code, but to make any sense out of it, you will require a pretty good knowledge of the ARM instruction set and basic knowledge of how compilers work. If you don't know what a stack frame is, you'll struggle.
Providing a link to chARMed and C/P from that page
stephj said:
There is a freeware ARM dissassembler , CHARMED, which can run on your device which can display the ARM assembly code, but to make any sense out of it, you will require a pretty good knowledge of the ARM instruction set and basic knowledge of how compilers work. If you don't know what a stack frame is, you'll struggle.
Click to expand...
Click to collapse
Here is the link for this nice freeware ARM dissassembler;
http://sites.google.com/site/naphos/software
Requirements: Windows 98,Me,2000,XP Size: 246kb Description: ABOUT ChARMeD:
ChARMeD is a Windows Mobile / Pocket PC / Win CE (for ARM CPUs) Disassembler and Assembler
The name ChARMeD stands for:
Carolo's Hexadecimal ARM Editor and Disassembler
FEATURES:
· Disassemble a Windows CE Executable for ARM CPUs.
· Assemble instructions in ARM Assembler.
· Upload modified file to Windows CE Device.
· View MZ and PE Headers of executable.
· View Import Table of executable.
ASSEMBLER:
· Added NOP instruction 0x90909090, which is not part of the ARM instruction set, but nevertheless works because it is an undefined instruction.
· Supports all no operand instructions, Branches (Jumps) and instructions with two registers as operands.
DISASSEMBLER:
· Recognises 0x90909090 as NOP (see ASSEMBLER above)
· Supports all no operand instructions, Branches (Jumps) and double operand instructions.
ARM Classic Processors
ARM Infocenter
I think IDA is standard for this kinda reversing. If you can find a location where the DLL is called from in another app, you should be able to quickly identify at least the number and format of the parameters. Obviously you can also refer to the import/export tables for this.
V
Awsome bits of info to get me started ... thanks!!
Is a DLL signed?
And if it is, how does one know it? I use a tool from sysinternals called Sigcheck
Sigcheck
Verify that images are digitally signed and dump version information with this simple command-line utility.
One way to use the tool is to check for unsigned files in your \Windows\System32 directories with this command:
Code:
sigcheck -u -e c:\windows\system32
Though there are way more options than the example above.
As all reverse engineers/hackers or cooks you too should investigate the purpose of any files that are not signed.
Besides some nice sysinternals standard utilities, there's also;
SystemInternals_Suite
For obvious reasons I'm using not a direct link to the Suite. Therefore you need to click on it (on the left) yourself. There's a load of useful utilities there waiting to be downloaded by (would be) developers, power users and system / network administrators (are we not all).
If it is signed with a signature; you need to unsign it before editing it!
It's dead easy.
1) Copy your DLL from your phone to your PC. You may need to use ROMExtractor to do this if you have problems.
2) Unsign it using Unsigner. To do this download Unsigner and the Unsigner batch file here. Copy Unsigner, the Batch file and the dll from the phone to one directory and run the .bat file. It should tell you that the certificate has been removed.
3) Download Reshack
4) Open the dll from the phone using Reshack or the better not free PE Explorer
5) Do your editing.
6) Click Compile String at the top and then save the file.
7) Download Ssigner. Launch it and use Select File to select the DLL file you've just modified. Click Start Sign Process! When it's done check the text file that's created to make sure it signed properly.
8) Copy the file back to the Windows directory on the device using for PPC/handheld/CE free Total Commander. If necessary Reboot.
Kitchen Utils Reviewed gives links to programs a developer / cook needs!
Have fun edtinig, vewinig ,bwroisng, assilimating, copamirng and itengaritng your files,
o/~

modify nk.bin on a wince device

maybe this is off topic because this is about a wince device not a mobile device.
but may someone can help me to modify a nk.bin rom so a can flash the my device with those modifiecation.
to spacify it more; I would like just to replace explorer.exe with my program - shell.exe.
I extracted the nk.bin with dumprom - with help of Nkbintools.zip . but I cannot find any info about te create dumprom back again.
I tried binmod.exe from platform builder but it cannot find any explorer.exe while it exists. there are some threads about a patched binmod.exe but I cannot find any builded download link nor I can find any sources of it in my platform builder.

Categories

Resources