I'm interested in hooking some WM5 system APIs via IAT manipulation. I'm sorry if this topic has been covered elsewhere but I can't seem to find anything.
I've written a prototype app that hooks its own IAT but its not clear to me how to do the same to a remote process. In normal WIN32 I can create a remote thread and attach it to a running process, but I hear this won't work in WM. I've read about some techniques that involve MapPtrToProcess and CALLBACKs but I understand that these methods aren't exactly stable. What methods to people use / recommend? And pictures would be nice Thanks!
Related
Hi Everyone,
I'm fairly new to developing on pocket PC's but I've been developing applications for many years. I was wondering if anyone knew of a way to redirect another programs attempt to access certain files remotely?
What I'm looking at doing is creating a program that would allow me to specify what IP/domain I want to redirect, and where I want those requests to actually go. Doing what the hosts file does in a PC.
I've had a search online and on this forum and couldn't find anything related to what I'm after. If anyone has any ideas on how to do this, or any resources that might be useful/a good read then please post
Supposedly WM has a built in firewall. It might just be CE, but the SDK seems to suggest WM generally. Have a look on MSDN for port redirection and interception. I've written some posts on it way back on here... but on unrelated topics.
Apologies for brevity, have to run
V
vijay555 said:
Supposedly WM has a built in firewall. It might just be CE, but the SDK seems to suggest WM generally. Have a look on MSDN for port redirection and interception. I've written some posts on it way back on here... but on unrelated topics.
Apologies for brevity, have to run
V
Click to expand...
Click to collapse
Thanks for the tips I'll have a read in a bit and see what I can come up with.
From the sounds of it, you want to make a DNS proxy. To do this, you need to intercept all dns requests and process them accordingly.
--Edit--
Now that I think about it, if you hook the look up function, gethostbyname()
An article in multiple parts, that descriebes some techniques that can be used to extend the control one has over the system interfaces and also over some foreign applications.
Part 1: Control over the system windows
The second part of the "A short guide to a better understanding of (the) windows", this one is about Subclassing.
I have also prepared a sample, that can be compiled with VS2005 for pocket pc 2003/2005.
Part2: The Article / The Sample
teksoftco.com/forum is opened for your suggestion or this topic is also a good place to post your thoughts / questions.
Bests,
Raul Tinca
niiiiiccceee. Probably you should include a guide for others to start writing programs for PPC without forking out tons of $$ for Visual Studio
The sample can be compiled with eVC4 with SP4 also.
Cheers,
Raul Tinca
Not sure if I have worded this properly as I'm at the edge of my knowledge but I wish to call a function that I am assuming is in a DLL which is contained in ROM. I know the name of the DLL but how can I get a list of functions available from it when I cannot copy it onto my PC?
Many Thanks
Hi Tailor.
First, what function exactly are you looking for? There may be some documentation on it somewhere.
To browse a ROM dll you need to get a ROM dump. The simplest way for your purpose, provided you have a WM5 device is to search for TESTWM5.exe by mamiac on this forum. It will dump all files to your SD. They won't be workable for coding purposes, but still good enough to use dependency walker to get exported functions from DLLs.
Unfortunately that still won't tell you the parameters the function expects. only its name.
Hi Levenum and thanks for your reply.
Its a Sony Sat Nav Windows CE 4.2 device so unforunately theres not much chance of a ROM dump or documentation. Then unit is sold as a finished product and not intended for further developement.
I have installed TomTom instead of the poor app already installed and was trying to get access to the hardware buttons and Light sensor on the unit and then intended to use the TomTom SDK to recreate their functions.
The keys don't not trigger a key press event but their are DLL's called something like powerbutton.dll and navbutton.dll and so it's a fair guess that they could be used to trigger these events.
Obviously without knowing their exported functions I'm not going to get much further.
Any further thoughts ?
Many Thanks
How exactly are you trying to catch the key events?
For what you describe, you don't just need to know function names, you need to know with what parameters to call them so this is definitely not the way to go.
If you are coding with C++ search for info on SetWindowsHook. I am not sure of its implementation on CE, but this might be what you need.
I'm using VB.Net 2005
I'll have a look at SetWindowsHook, Thanks.
Any ideas for the light sensor, there's a test app that Sony have left on the device, it gives a reading from 0 to 100?
How are they likely to be reading this value?
Hey everyone; it wouldn't let me post in the development subforum due to the fact that I just joined, but I figured my topic would be just as relevant here.
I'm a sophomore CompSci major. Java is my strong point, but I'm far from a master. I know syntax, I know how to follow what's going on in more advanced programs, but writing them is the tough part. Anyway, I would like to create my first app; something simple. I was thinking a calculator with a small clipboard on the side (hold the button to store the number displayed in the window, hit it to place that value). It would be insanely helpful for my physics class.
So a few questions for you guys:
-Is there anything I should know beforehand? Anything to be careful of?
-Can I use Eclipse? I tried with App Inventor, and it's too limited.
-How do I obtain examples of more complex apps? Can I unpackage the apk files into java classes?
-Is there a site similar to the sun library, where it lists the available classes/objects/imports?
I'm sorry if I don't know the lingo just yet (of Droid or Java). Picking this all up is a little difficult for me, but I'm trying
Thank you in advance for even taking the time to read this. I understand rookies must aggravate you guys, but from what I've seen, the community has been nothing but welcoming!
You can definitely use Android SDK with Eclipse.
This guide will help you with install and set up process
http://developer.android.com/sdk/installing.html
SDK also contains sample projects that you can use for learning.
I don't remember about unpackaging apk files, but I'm pretty sure they contain already compiled .class files, which will be of no use to you.
And here's Android's reference page:
http://developer.android.com/reference/packages.html
Also the dev guide is very useful for learning the basics:
http://developer.android.com/guide/index.html
Resources section has useful tutorials as well!
Hope that helps. Good luck with your app!
Thank you, meshdub! And all branching from the same site; sure made me look bad...but on the upside, you've introduced me to a source I will be able to use throughout my software development lifetime.
If there's any more you or anyone else could give me as far as what to expect or look out for, please let me know! I'm honestly a little intimidated by this; I'm not too familiar with forums, and I've heard how difficult app developing can be.
But this should keep me occupied for a while, and again, thank you very much
Hi,
I'm interested to know which debugging/logging tools are available.
I'd like to get more information about the processes at startup, and specially logs of the CPU usage by each application over a period of time.
I've been searching for some time and the only I've found are the old Htc Test applications, but can't get what I want.
Noted that HTC devices have a builtin debug tool (debuglog.dll). Anyone knows how to use it?
Also found the following the following post describing the HTCDiagDriver and the possibility to analyze the device using QUALCOMM eXtensible Diagnostic Monitor.
http://forum.xda-developers.com/showpost.php?p=12624471&postcount=2
Anyone uses it?
Global debuglog can be enabled via DebugTool.exe (available in Htc Test Applications). It depends on debuglog.dll, yeah. Read manual, it works quite well.
Then, if you want to get log for selected app, launch it via IDA.
Also we have CeLog available, I will post needed launchers soon. I can hardly call it useful as we have retail/ship SYS builds. The only useful purpose for us is page faults chart.
EDIT: CeLog attached.
Some of the builds come with the Perfman package. That s.o.b. will really slow down your device, though, and it creates a massive log file, which I could never find the tools to analyze. I think celog does it, though, which is pretty sweet.
The htc debugger works better. You just change one of the debug flags and reset, and the device starts writing the log file. It doesn't slow down the device nearly as much as perfman. I think celog may work on that log file, too. You can royally eff up your device with that tool, though, if you mess with the radio flags. It's pretty cool how it writes to flash memory. Too bad you can't change other things with it like the page pool size.
ultrashot said:
Also we have CeLog available, I will post needed launchers soon. I can hardly call it useful as we have retail/ship SYS builds. The only useful purpose for us is page faults chart.
EDIT: CeLog attached.
Click to expand...
Click to collapse
I have been playing with the tool on my Tornado and observed the following (usage related):
Use it while the device is disconnected from PC. The overhead of repllog.exe (connected to ActiveSync on XP PC) and syncing is just filling your log. For my installation (no further MS Mobile development tools on the PC) kerneltracker.exe does not connect to the device anyway.
Though obvious, the files CeLog*.exe have to run on the device, so copy them to a convenient place there.
The CeLogAttach.exe seems to start the kernel logging and it slows down the device (kind of obvious). There is no way to stop this logging. Something like CeLogDetach would be needed, if it exists, to restore the state before CeLogAttach.exe was run.
The CeLogFlush.exe will flush the existing log but also immediately start the logging again.
The CeLogStopFlush.exe does just what the name tells - it stops the flush to file of the (still ongoing) logging.
After transfering the celog.clg file (from \Release\ directory of the device) it can be opened in kerneltracker.exe. Then you see all the kernelactivities logged and aligned per process/thread on a zoom-able timeline (10ms - 10s) including the labels of the logged primitives. With event filtering you can sort out what you are not interested in. Here you may need advice on what to look after when you want to hunt down a certain device behaviour.
I have checked for page-faults, Virtual Memory related actions (Allocate, Copy, Free) and also Module actions (load, free) to get a clue if and how modules and paging (or better said: the use of the Page-Pool) is correlated. Nothing eye-striking coming up here, but it may just be for the unknowing observer like myself.
@ultrashot: I could not find anything I would call a "page faults chart" - where is that - or what is that?
Looking further: If I change certain device properties (like increase the pagepool or playing with OSB advanced options) I fear that the logged information here is just far too detailed for a useful compare. For that you would have to create identical conditions for the action under scrutiny - something that cannot be done with a disconnected device.
So I have to admit that all objective compare of such tuning and tweaking is far above my head and I just have to join the many that make more or less clever assumptions trusting on their model of actions in their heads. I hope that the better knowing heads continue to spread their wisdom without only telling RTFM or guide with LMGTFY (which can help if the results really point to right places).
tobbbie said:
@ultrashot: I could not find anything I would call a "page faults chart" - where is that - or what is that?
Click to expand...
Click to collapse
Use Event filter->Miscellaneous->Page fault.
I am not too advanced user of this tool. If we had builds with extra celog instrumentation, we could have take much more from this tool. However, there are some articles in the internets about celog, so anyone who wants to be get more info may just try to google it. I don't want
ultrashot said:
Use Event filter->Miscellaneous->Page fault.
Click to expand...
Click to collapse
That is what I did already when telling about the items I cared below. Page faults are however part of generic virtual memory management and they do also apply for any normal loaded executables. As you know I seek for traces of module related paging and the use of the page-pool.
So it will stay with the trial and error and side-by-side compare with two devices having different settings. Not a big thing doing that...
Some interesting articles on MSDN regarding the paging pool (aka "pagepool"):
Kernel Blog article explaining the fundamentals (highly recommended): http://blogs.msdn.com/b/ce_base/archive/2008/01/19/paging-and-the-windows-ce-paging-pool.aspx
Pagepool Variable explained and simple methods to measure impact: http://msdn.microsoft.com/en-us/library/aa451041.aspx
-> this is what kitchentools are patching in the kernel
Then some more backup on virtual memory - just to complete on that:
http://blogs.msdn.com/b/ce_base/archive/2006/10/30/what-is-virtual-memory.aspx
http://blogs.msdn.com/b/hegenderfer/archive/2007/08/31/slaying-the-virtual-memory-monster.aspx
http://blogs.msdn.com/b/hegenderfer...aying-the-virtual-memory-monster-part-ii.aspx
And to get back to the debug tools topic of this thread, linked form the first article an introduction to the Remote Kernel Tracker to explain what you can actually see there (and why you cannot see certain things as we have shipped ROM builds and not profiling builds to deal with): http://blogs.msdn.com/b/sloh/archive/2005/05/17/introduction-to-remote-kernel-tracker.aspx
Great insight if you want to get a glimpse of how Windows CE operates under the hood.
...reading a little deeper in the MSDN articles, Sue Loh mentions there when talking about the paging pool size determination:
The best tool I know is that readlog.exe will print you a page fault report if you turn on the “verbose” and “summary” options. If you get multiple faults on the same pages, your pool may be too small (you may also be unloading and re-loading the same module, ejecting its pages from memory, so look for module load events in the log too). If you don’t get many repeats, your pool may be bigger than you need.
Click to expand...
Click to collapse
To avoid dealing with a full setup of the Mobile Development toolsets, could any one (ultrashot - you have been so helpful - could you??) post that mentioned "readlog" tool? If there is something like "CeLogDetach.exe", please add it too.
BTW: you may notice that the paging pool is a central part of the Windows CE memory management when it comes to running executable code from "memory mapped files" (as Sue Loh calls them). In my understanding these are simply what we know as "modules".
A lot of tweaking strategies go around that when building ROMs with OSBuilder. There are several ways how to avoid or optimize the use of the paging pool for certain or all modules in OSB. I think these options deserve an own thread and I am not sure if the one OSB thread we have should be cluttered with discussing this.
don't have any of those.