problem with injection DLL to specified process - Windows Mobile Development and Hacking General

Save me from madness!!!
I have a several smartphone devices with windows CE
CE 6.0 - hp IPAQ 500 series
CE 5.0 - Samsung i600
I need to inject DLL into the process "home.exe". I use method with performcallback4 function. This method works successfully for all processes ("device.exe", "service.exe", etc.) except process "home.exe". In what a problem?
source code : InjectDLL.exe link with toolhelp.lib
#include <windows.h>
#include <Tlhelp32.h>
typedef struct _CALLBACKINFO {
HANDLE hProc;
FARPROC pfn;
PVOID pvArg0;
} CALLBACKINFO;
extern "C"
{
DWORD PerformCallBack4(CALLBACKINFO *pcbi,...);
LPVOID MapPtrToProcess(LPVOID lpv, HANDLE hProc);
BOOL SetKMode(BOOL fMode);
DWORD SetProcPermissions(DWORD newperms);
};
DWORD GetProcessId(WCHAR *wszProcessName)
{
HANDLE hTH= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pe;
pe.dwSize= sizeof(PROCESSENTRY32);
DWORD PID=0;
if (Process32First(hTH, &pe))
{
do {
if (wcsicmp(wszProcessName, pe.szExeFile)==0)
{
PID=pe.th32ProcessID;
}
} while (Process32Next(hTH, &pe));
}
CloseToolhelp32Snapshot(hTH);
return PID;
}
HMODULE GetDllHandle(DWORD ProcessId,WCHAR* ModuleName)
{
HANDLE ToolHelp=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,ProcessId);
if (ToolHelp!=INVALID_HANDLE_VALUE)
{
MODULEENTRY32 ModuleEntry={sizeof MODULEENTRY32};
if (Module32First(ToolHelp,&ModuleEntry))
do
{
if (wcsicmp(ModuleEntry.szModule, ModuleName)==0)
return ModuleEntry.hModule;
}
while(Module32Next(ToolHelp,&ModuleEntry));
CloseToolhelp32Snapshot(ToolHelp);
}
return NULL;
}
BOOL InjectDll(WCHAR* ProcessName,WCHAR* ModuleName)
{
DWORD ProcessId=GetProcessId(ProcessName);
HMODULE ModuleHandle=GetDllHandle(ProcessId,ModuleName);
if (ModuleHandle!=NULL)
return TRUE;
HANDLE Process=OpenProcess(0,0,ProcessId);
if (Process==NULL)
return FALSE;
void* ModuleNamePtr=MapPtrToProcess(ModuleName,GetCurrentProcess());
if (ModuleNamePtr==NULL)
return FALSE;
CALLBACKINFO ci;
ci.hProc=Process;
void* LoadLibraryPtr=MapPtrToProcess(GetProcAddress(GetModuleHandle(L"coredll.dll"),L"LoadLibraryW"),Process);
if (LoadLibraryPtr==NULL)
return FALSE;
ci.pfn=(FARPROC)LoadLibraryPtr;
ci.pvArg0=ModuleNamePtr;
PerformCallBack4(&ci); in this place process exit. visual studio output message : "process exit with code 0xc0000030"
Sleep(500);
CloseHandle(Process);
return GetDllHandle(ProcessId,ModuleName)!=NULL;
}
extern "C"
{
BOOL SetKMode(BOOL fMode);
DWORD SetProcPermissions(DWORD newperms);
};
#define DLLNAME L"MyDll.dll"
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPWSTR lpCmdLine,int nShowCmd)
{
WCHAR Path[MAX_PATH];
GetModuleFileName(NULL,Path,MAX_PATH);
wcscpy(wcsrchr(Path,L'\\')+1,DLLNAME);
WCHAR NewPath[MAX_PATH]=L"\\Windows\\";
wcscat(NewPath,DLLNAME);
CopyFile(Path,NewPath,FALSE);
BOOL Res=InjectDll(L"home.exe",L"MyDll.dll");
return 0;
}

the error code is
#define STATUS_INVALID_PARAMETER_MIX 0xC0000030
(maybe too fast for getting the thread infos?)
try to make the "Sleep(500);" before "PerformCallBack4(&ci);"

I have tried, a problem not in it. Any ideas?

I have not found the reason.... I Use other method without performcallback4

Problem with injection dll to cprog.exe process?
I want to inject dll to cprog.exe process. but it doesn't work.
source code.
Code:
VOID
InjectDllToCprog()
{
WCHAR DllPath[MAX_PATH] = L"";
CallbackInfo ci;
GetModuleFileName(NULL, DllPath, MAX_PATH);
PWCHAR p = wcsrchr(DllPath, L'\\');
DllPath[p - DllPath] = '\0';
wcscat(DllPath, L"\\CprogInject.dll");
ZeroMemory(&ci, sizeof(ci));
g_hCprog = FindCprogProcess(L"Cprog.exe"); // the handle is right.
if(g_hCprog != NULL)
{
DWORD dwMode = SetKMode(TRUE);
DWORD dwPerm = SetProcPermissions(0xFFFFFFFF);
FARPROC pFunc = GetProcAddress(GetModuleHandle(L"Coredll.dll"), L"LoadLibraryW");
ci.ProcId = (HANDLE)g_hCprog;
ci.pFunc = (FARPROC)MapPtrToProcess(pFunc, g_hCprog);
ci.pvArg0 = MapPtrToProcess(DllPath, GetCurrentProcess());
g_InjectCprog = (HINSTANCE)PerformCallBack4(&ci, 0, 0, 0);
if(GetLastError() != 0) // GetLastError() = 5
DbgError(L"PerformCallBack 执行失败", GetLastError());
SetKMode(dwMode);
SetProcPermissions(dwPerm);
}
}
GetLastError() return 0x00000005(Access is denied)
Anyone can help me? Sorry for my poor english.

Related

CreateDispatch error $800700C1 - evc4.0 Automation sample ?

Hi !
I testing make Out of procces server on XDA II (MDA II) in eVc++4. I have problems
with this. If i called in client this :
IComMDA m_ComMda;
COleException m_Error;
if (m_ComMda.CreateDispatch(_T("ComMDA.Document"),&m_Error))
{
AfxMessageBox(_T("CreateDispatch - TRUE"),MB_OK,0);
return TRUE;
}
else
{
AfxMessageBox(_T("CreateDispatch - FALSE"),MB_OK,0);
return FALSE;
}
the error occur
==> CreateDispatch returning scode = severity: SEVERITY_ERROR, facility:
FACILITY_WIN32 ($800700C1).
IComMDA is class created from typelibrary :
class IComMDA : public COleDispatchDriver
{
public:
IComMDA() {} // Calls COleDispatchDriver default constructor
IComMDA(LPDISPATCH pDispatch) : COleDispatchDriver(pDispatch) {}
IComMDA(const IComMDA& dispatchSrc) : COleDispatchDriver(dispatchSrc) {}
// Attributes
public:
// Operations
public:
BOOL InitInterface();
};
interface is declared :
[ uuid(713B5595-EF1F-4961-A179-E374E0C82903), version(1.0) ]
library ComMDA
{
importlib("stdole32.tlb");
importlib("stdole2.tlb");
// Primary dispatch interface for CComMDADoc
[ uuid(901AD61B-9974-448a-9E79-7898E0C80FFE) ]
dispinterface IComMDA
{
properties:
// NOTE - ClassWizard will maintain property information here.
// Use extreme caution when editing this section.
//{{AFX_ODL_PROP(CComMDADoc)
//}}AFX_ODL_PROP
methods:
// NOTE - ClassWizard will maintain method information here.
// Use extreme caution when editing this section.
//{{AFX_ODL_METHOD(CComMDADoc)
[id(1)] boolean InitInterface();
//}}AFX_ODL_METHOD
};
// Class information for CComMDADoc
[ uuid(E523187A-FFB7-46e9-AA64-A6CB1BEAF9BB) ]
coclass Document
{
[default] dispinterface IComMDA;
};
//{{AFX_APPEND_ODL}}
//}}AFX_APPEND_ODL}}
};
Class is registered as :
CString strServerName;
CString strLocalServerName;
CString strLocalShortName;
CString strLocalFilterName;
CString strLocalFilterExt;
if (!m_pDocTemplate->GetDocString(strServerName,
CDocTemplate::regFileTypeId) || strServerName.IsEmpty())
{
return;
}
if (!m_pDocTemplate->GetDocString(strLocalServerName,
CDocTemplate::regFileTypeName))
strLocalServerName = strServerName; // use non-localized name
if (!m_pDocTemplate->GetDocString(strLocalShortName,
CDocTemplate::fileNewName))
strLocalShortName = strLocalServerName; // use long name
if (!m_pDocTemplate->GetDocString(strLocalFilterName,
CDocTemplate::filterName))
ASSERT(nAppType != OAT_DOC_OBJECT_SERVER);
if (!m_pDocTemplate->GetDocString(strLocalFilterExt,
CDocTemplate::filterExt))
ASSERT(nAppType != OAT_DOC_OBJECT_SERVER);
ASSERT(strServerName.Find(' ') == -1); // no spaces allowed
int nIconIndex = 0;
POSITION pos = AfxGetApp()->GetFirstDocTemplatePosition();
for (int nIndex = 1; pos != NULL; nIndex++)
{
CDocTemplate* pTemplate = AfxGetApp()->GetNextDocTemplate(pos);
if (pTemplate == m_pDocTemplate)
{
nIconIndex = nIndex;
pos = NULL; // set exit condition
}
}
BOOL bResult = FALSE;
if (TRUE)
{
// call global helper to modify system registry
// progid, shortname, and long name are all equal in this case
if (!(bResult = AfxOleRegisterServerClass(m_clsid, strServerName,
strLocalShortName, strLocalServerName, nAppType,
rglpszRegister, rglpszOverwrite, nIconIndex,
strLocalFilterName, strLocalFilterExt)))
{
// not fatal (don't fail just warn)
AfxMessageBox(AFX_IDP_FAILED_TO_AUTO_REGISTER);
}
}
else
{
bResult = AfxOleUnregisterServerClass(m_clsid, m_lpszProgID, m_lpszProgID,
m_lpszProgID, OAT_DISPATCH_OBJECT);
}
return;
------------------------------------------------
type library is registered as AfxOleRegisterTypeLib(AfxGetInstanceHandle(),
clsid);
where >// {713B5595-EF1F-4961-A179-E374E0C82903}
static const GUID clsid =
{ 0x713b5595, 0xef1f, 0x4961, { 0xa1, 0x79, 0xe3, 0x74, 0xe0, 0xc8, 0x29,
0x3 } };
Thanks for your help.

iTask development need help with dll files

Hi! I'm pretty stuck with developing more useful things for iTask so I'm entering the dark and dangerous world of c++.
I don't know anything about eMbedded VisualC++, so I hope someone here can help me get some more information out of the ppc, like free memory, storage, signal, etc, if it is easy and possible.
The flash command to read this is "GetPowerStatus". So that must be changed to something new in the script.
Hopeful for any answer!
This is the sample file that comes with bryht flashapp for importing battery percent info. It works.
if you need the evc files as well please post.
Here's the script:
#include "stdafx.h"
#include "plugin.h"
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
const char *g_command[] = {
"GetPowerStatus",
NULL,
};
SETVARIABLE SetVariable = NULL;
FLASHAPPPLUGIN_API const char** WINAPI RegisterCommand(SETVARIABLE pSetVariable)
{
SetVariable = pSetVariable;
return g_command;
}
FLASHAPPPLUGIN_API int DoCommand(HWND hWnd, const char*cmd, const char*params, int argc, char* argv[])
{
if( _stricmp( cmd, "GetPowerStatus" ) == 0 )
{
#ifdef _WIN32_WCE
SYSTEM_POWER_STATUS_EX sp;
memset( &sp, 0, sizeof(sp));
GetSystemPowerStatusEx( &sp, TRUE );
#else //for windows desktop version
SYSTEM_POWER_STATUS sp;
memset( &sp, 0, sizeof(sp));
GetSystemPowerStatus( &sp, TRUE );
#endif
//send the value to Flash
char value[32];
sprintf( value, "%d", sp.BackupBatteryLifePercent );
if( argc>0 && argv[0]!= 0 )
SetVariable( argv[0], value );
}
return FLASHAPP_OK;
}

VOIP: Switching between Speaker and Earpiece During Active Call

Hi All,
I am developing a VOIP application for Windows Mobile. I want the user to switch the between the Speaker and Earpiece of the Mobile Phone. I have searched the Forum and found the following link
http://teksoftco.com/forum/viewtopic.php?p=1909
As you know we have to use LoadLibrary and GetProcAddress to access the RIL APIs in Windows Mobile. I have written following piece of code for this i.e.
Code:
HRIL hRIL;
bool speakerphone = true; // false;
HRESULT result = RIL_Initialize(1, ResultCallback, NotifyCallback, RIL_NCLASS_MISC, 0, &hRIL);
if (result != S_OK) {
wchar_t buffer[200];
wsprintf(buffer, L"Could not open RIL, error=0x%x", result);
AfxMessageBox(buffer);
return;
}
RILAUDIODEVICEINFO info;
info.cbSize = sizeof(info);
info.dwParams = RIL_PARAM_ADI_ALL; // RIL_PARAM_ADI_TXDEVICE;
info.dwRxDevice = RIL_AUDIO_HANDSET;
info.dwTxDevice = speakerphone ? RIL_AUDIO_NONE : RIL_AUDIO_HANDSET;
result = RIL_SetAudioDevices(hRIL, &info);
if (result != S_OK) {
wchar_t buffer[200];
wsprintf(buffer, L"Could not open RIL, error=0x%x", result);
AfxMessageBox(buffer);
}
RIL_Deinitialize(hRIL);
But this doesn't seems to work, i.e. some time it causes both the audio input and output to halt, sometime audio input is halted (i.e. no voice is heard on the other end).
I have also tried another techniques to accomplish this task, like:
Technique 2
--------------
Code:
#define MM_WOM_FORCESPEAKER (WM_USER+2)
static void SetSpeakerMode(bool speakerphone)
{
MMRESULT result = waveOutMessage((HWAVEOUT)0, MM_WOM_FORCESPEAKER, speakerphone, 0);
if (result != MMSYSERR_NOERROR) {
wchar_t buffer[200];
wsprintf(buffer, L"Could not do speakerphone switch, error=%u", result);
AfxMessageBox(buffer);
}
}
Technique 3
--------------
Code:
/* Stuff from Wavedev.h */
#define IOCTL_WAV_MESSAGE 0x001d000c
typedef struct {
UINT uDeviceId;
UINT uMsg;
DWORD dwUser;
DWORD dwParam1;
DWORD dwParam2;
} MMDRV_MESSAGE_PARAMS;
/* End of Wavedev.h extract */
class WavDevice
{
private:
HANDLE hWavDev;
public:
WavDevice()
{
hWavDev = CreateFile(TEXT("WAV1:"), GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
if (hWavDev == INVALID_HANDLE_VALUE) {
wchar_t buffer[200];
wsprintf(buffer, L"Could not open device, error=%u", GetLastError());
AfxMessageBox(buffer);
}
}
~WavDevice()
{
if (hWavDev != INVALID_HANDLE_VALUE)
CloseHandle(hWavDev);
}
bool SendMessage(UINT uMsg, DWORD dwParam1 = 0, DWORD dwParam2 = 0)
{
if (hWavDev == INVALID_HANDLE_VALUE)
return false;
DWORD dwRet = 0, dwOut;
MMDRV_MESSAGE_PARAMS mp;
memset(&mp,0,sizeof(mp));
mp.uMsg = uMsg;
mp.dwParam1 = dwParam1;
mp.dwParam2 = dwParam2;
if (DeviceIoControl(hWavDev, IOCTL_WAV_MESSAGE, &mp, sizeof(mp), &dwOut, sizeof(dwOut), &dwRet, 0))
return true;
wchar_t buffer[200];
wsprintf(buffer, L"Could not do speakerphone switch, error=%u", GetLastError());
AfxMessageBox(buffer);
return false;
}
};
static void SetSpeakerMode(bool speakerphone)
{
WavDevice wd;
if (!wd.SendMessage(1002, speakerphone ? 0 : 2))
return;
if (!wd.SendMessage(1012, speakerphone ? 0 : 1))
return;
if (speakerphone && !wd.SendMessage(1013))
return;
wd.SendMessage(1000, speakerphone ? 2 : 4, speakerphone ? 0 : 7);
}
Technique 4
--------------
Code:
class OsSvcsDll
{
private:
HMODULE hDLL;
typedef HRESULT (* SetSpeakerModeFn)(DWORD mode);
SetSpeakerModeFn pfnSetSpeakerMode;
public:
OsSvcsDll()
{
hDLL = LoadLibrary(L"\\windows\\ossvcs.dll");
if (hDLL == NULL) {
wchar_t buffer[200];
wsprintf(buffer, L"Could not open DLL, error=%u", GetLastError());
AfxMessageBox(buffer);
}
pfnSetSpeakerMode = (SetSpeakerModeFn)GetProcAddress(hDLL, (LPCTSTR)218);
if (pfnSetSpeakerMode == NULL) {
wchar_t buffer[200];
wsprintf(buffer, L"Could not open DLL, error=%u", GetLastError());
AfxMessageBox(buffer);
}
}
~OsSvcsDll()
{
if (hDLL != NULL)
FreeLibrary(hDLL);
}
bool SetSpeakerMode(DWORD speakerphone)
{
if (pfnSetSpeakerMode == NULL)
return false;
HRESULT result = pfnSetSpeakerMode(speakerphone);
if (result == 0)
return true;
wchar_t buffer[200];
wsprintf(buffer, L"Could not do speakerphone switch, error=0x%x", result);
AfxMessageBox(buffer);
return false;
}
};
static void SetSpeakerMode(bool speakerphone)
{
OsSvcsDll dll;
dll.SetSpeakerMode(speakerphone ? 1 : 0);
}
But no procedure seems to work properly.
Can you please guide me where i am going wrong or some other way of achieving this.
I am using
Visual C++ MFC Dialog based Application
Visual Studio 2008
Windows Mobile 6 SDK For PocketPC
I have tested the above mentioned sample on
HTC Touch
Sony Erricsson XPeria
Waiting for response.
Regards,
Ghazanfar Ali
Regards,
Ghazanfar Ali

AT Command to gsm module in WM6

Hello everyone,
This topic is not new however i never see any thread that has the solution for WM6. In my case, i want to create an smartphone app send AT Command to the gsm modem of my HTC HD.
Apparently there's no port COM2 or COM9 open in the device (everytime i tried CreateFile there's error 55, i also checked in the active device registry, no COM2 or COM9), so i use RIL_Initialize and RIL_GetSerialPortHandle to get the port. The openning and writing steps works very well, however there's no data in return, seems that the modem doesn't respond.
Below is the code:
Code:
RIL_Initialize(1,
ResultCallback,
NotifyCallback,
dwNotifications,
dwParam,
&RilHandle);
HANDLE hCom = NULL;
char * xpos;
char rsltstr[5];
DWORD returnValue;
DWORD LAC;
DWORD CellId;
int bufpos;
DCB dcb;
COMMTIMEOUTS to;
DWORD nWritten;
DWORD event1;
DWORD nRead;
char outbuf[20], buf[256];
BYTE comdevcmd[2]= {0x84, 0x00};
GetSerialPortHandleResult = RIL_GetSerialPortHandle(RilHandle,&hCom);
if (FAILED(GetSerialPortHandleResult))
{
TCHAR szString[256];
wsprintf(szString, L"Error GetSerialPortHandle, result= %d",GetSerialPortHandleResult);
MessageBox(NULL, szString, L"Error", MB_OK | MB_ICONERROR);
return 0;
}
if (hCom==NULL || hCom==INVALID_HANDLE_VALUE)
{
TCHAR szBuf[80];
DWORD dw = GetLastError();
// get the most uptodate cells
_stprintf(szBuf, TEXT("CreateFile failed with error %d."), dw);
MessageBox(0, szBuf, TEXT("Error"), MB_OK);
hCom= NULL;
return -1;
}
if (!GetCommState(hCom, &dcb))
{
return -2;
}
dcb.BaudRate= CBR_115200;
dcb.ByteSize= 8;
dcb.fParity= false;
dcb.StopBits= ONESTOPBIT;
if (!SetCommState(hCom, &dcb))
{
return -3;
}
if (!EscapeCommFunction(hCom, SETDTR))
{
return -4;
}
if (!GetCommTimeouts(hCom, &to))
{
return -6;
}
to.ReadIntervalTimeout= 0;
to.ReadTotalTimeoutConstant= 200;
to.ReadTotalTimeoutMultiplier= 0;
to.WriteTotalTimeoutConstant= 20000;
to.WriteTotalTimeoutMultiplier= 0;
if (!SetCommTimeouts(hCom, &to))
{
return -7;
}
if (!SetCommMask(hCom, EV_RXCHAR))
{
return -8;
}
if (!DeviceIoControl (hCom,0xAAAA5679L, comdevcmd,sizeof(comdevcmd),0,0,0,0))
{
TCHAR szBuf[80];
DWORD dw = GetLastError();
// get the most uptodate cells
_stprintf(szBuf, TEXT("DeviceIoControl failed with error %d."), dw);
MessageBox(NULL,szBuf, TEXT("Error"), MB_OK);
return -9;
}
bufpos = 0;
strcpy(outbuf,"AT+creg=2\r");
if (!WriteFile(hCom, outbuf, strlen(outbuf), &nWritten, NULL))
{
return -10;
}
if (nWritten != strlen(outbuf))
{
return -11;
}
/*if (!WaitCommEvent(hCom, &event1, NULL)) // ALWAYS BLOCKED !!!
{
return -12;
}*/Sleep(500);
while(1)
{
if (!ReadFile(hCom, buf+bufpos, 256 - bufpos, &nRead, NULL))
{
return -13;
}
if (nRead == 0) // ALWAYS BREAKS !!!
break;
bufpos += nRead;
if (bufpos >= 256)
break;
}
strcpy(outbuf,"AT+creg?\r");
... // Continue to write and read
As i said above, there's no return error, just that the buffer read is empty...
Any ideas ?
Thanks!
I don't know why it always gets nRead = 0, all the other steps work very well, no error return ...
I saw several discussions about this, so i do believe that someone have tried once this dev in WM5 or 6...
Therefore could anyone please share some point ?
no one has an idea ?
There's something a little bit interesting that i found out directly in the memory.
There's a sequence of responses to AT Command writing in ASCII:
@HTCCSQ:3
@HTCCSQ:4
@HTCCSQ:2
+CREG: 1,"000C","9F60" (here we has current LAC + Cell ID)
+CREG: 1,"000C","9BC7" (another LAC + Cell ID, i think it's the previous one)
+COPS: 0,2,"20820",3 (inside the "" are MCC MNC)
@HTCCSQ:3 .... (there's plenty of @HTCCSQ: coming next )
Look like some kind of log of the querries of RIL driver to the modem (i'm not sure)
So i think the gsm modem is available for answering to the commands, just haven't figured out how to make a stream connection to it (in WM6).
Any ideas ?
Thanks.
TAPI
I heard somewhere that we can use TAPI to send some AT Command, my question is to know if we can send a custom command (for example AT+CCED) by using TAPI ?
hi,I met the same problem.Do you find the answer?
Thanks.

[Q] Why does this code not work in CE 6.0?

I want to add to HKLM\init an all purpose application launcher (CE 6.0 device has persistent registry):
Code:
[HKEY_LOCAL_MACHINE\Init]
"Depend199"=hex:00,14,00,1e,00,60
[HKEY_LOCAL_MACHINE\Init]
"Launch199"="\NandFlash\CeLaunchAppsAtBootTime.exe"
[HKEY_CURRENT_USER\Startup]
"Process1"="\NandFlash\SetBackLight.exe"
"Process1Delay"=dword:0
The launcher's code is
Code:
#include <Windows.h>
#if defined(OutputDebugString)
#undef OutputDebugString
void OutputDebugString(LPTSTR lpText)
{}
#endif
BOOL IsAPIReady(DWORD hAPI);
void WalkStartupKeys(void);
DWORD WINAPI ProcessThread(LPVOID lpParameter);
#define MAX_APPSTART_KEYNAME 256
typedef struct _ProcessStruct {
WCHAR szName[MAX_APPSTART_KEYNAME];
DWORD dwDelay;
} PROCESS_STRUCT,*LPPROCESS_STRUCT;
int WINAPI _tWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow)
{
int nLaunchCode = -1;
// Quick check to see whether we were called from within HKLM\init -> by default HKLM\init passes the lauch code
if(lpCmdLine && *lpCmdLine)
{
// MessageBox(NULL, lpCmdLine ,NULL,MB_OK);
nLaunchCode = _ttoi( (const TCHAR *) lpCmdLine);
}
else
{
// MessageBox(NULL, _T("No argumets passed"),NULL,MB_OK);
}
//Wait for system has completely initialized
BOOL success = FALSE;
int i = 0;
while((!IsAPIReady(SH_FILESYS_APIS)) && (i++ < 50))
{
Sleep(200);
}
success = (i < 50);
if(success)
{
i = 0;
while((!IsAPIReady(SH_DEVMGR_APIS))&& (i++ < 50))
{
Sleep(200);
}
success = (i < 50);
if(success)
{
i = 0;
while((!IsAPIReady(SH_SHELL))&& (i++ < 50))
{
Sleep(200);
}
success = (i < 50);
if(success)
{
i = 0;
while((!IsAPIReady(SH_WMGR))&& (i++ < 50))
{
Sleep(200);
}
success = (i < 50);
if(success)
{
i = 0;
while((!IsAPIReady(SH_GDI))&& (i++ < 50))
{
Sleep(200);
}
success = (i < 50);
}
}
}
}
if(nLaunchCode != -1)
{
// Since this is application is launched through the registry HKLM\Init we need to call SignalStarted passing in the command line parameter
SignalStarted((DWORD) nLaunchCode);
}
//If system has completely initialized
if( success)
{
WalkStartupKeys();
}
return (0);
}
void WalkStartupKeys(void)
{
HKEY hKey;
WCHAR szName[MAX_APPSTART_KEYNAME];
WCHAR szVal[MAX_APPSTART_KEYNAME];
WCHAR szDelay[MAX_APPSTART_KEYNAME];
DWORD dwType, dwNameSize, dwValSize, i,dwDelay;
DWORD dwMaxTimeout=0;
HANDLE hWaitThread=NULL;
HANDLE ThreadHandles[100];
int iThreadCount=0;
if (RegOpenKeyEx(HKEY_CURRENT_USER, TEXT("Startup"), 0, KEY_READ, &hKey) != ERROR_SUCCESS) {
return;
}
dwNameSize = MAX_APPSTART_KEYNAME;
dwValSize = MAX_APPSTART_KEYNAME * sizeof(WCHAR);
i = 0;
while (RegEnumValue(hKey, i, szName, &dwNameSize, 0, &dwType,(LPBYTE)szVal, &dwValSize) == ERROR_SUCCESS) {
if ((dwType == REG_SZ) && !wcsncmp(szName, TEXT("Process"), 7)) { // 7 for "Process"
// szval
wsprintf(szDelay,L"%sDelay",szName);
dwValSize=sizeof(dwDelay);
if (ERROR_SUCCESS == RegQueryValueEx(hKey,szDelay,0,&dwType,(LPBYTE)&dwDelay,&dwValSize)) {
// we now have the process name and the process delay - spawn a thread to "Sleep" and then create the process.
LPPROCESS_STRUCT ps=(LPPROCESS_STRUCT) LocalAlloc( LMEM_FIXED , sizeof( PROCESS_STRUCT));
ps->dwDelay=dwDelay;
wcscpy(ps->szName,szVal);
DWORD dwThreadID;
OutputDebugString(L"Creating Thread...\n");
HANDLE hThread=CreateThread(NULL,0,ProcessThread,(LPVOID)ps,0,&dwThreadID);
ThreadHandles[iThreadCount++]=hThread;
if (dwDelay > dwMaxTimeout) {
hWaitThread=hThread;
dwMaxTimeout=dwDelay;
}
LocalFree((HLOCAL) ps);
}
}
dwNameSize = MAX_APPSTART_KEYNAME;
dwValSize = MAX_APPSTART_KEYNAME * sizeof(WCHAR);
i++;
}
// wait on the thread with the longest delay.
DWORD dwWait=WaitForSingleObject(hWaitThread,INFINITE);
if (WAIT_FAILED == dwWait) {
OutputDebugString(L"Wait Failed!\n");
}
for(int x=0;x < iThreadCount;x++) {
CloseHandle(ThreadHandles[x]);
}
RegCloseKey(hKey);
}
DWORD WINAPI ProcessThread(LPVOID lpParameter)
{
TCHAR tcModuleName[MAX_APPSTART_KEYNAME];
OutputDebugString(L"Thread Created... Sleeping\n");
LPPROCESS_STRUCT ps=(LPPROCESS_STRUCT)lpParameter;
Sleep(ps->dwDelay); // Wait for delay period
OutputDebugString(L"Done Sleeping...\n");
PROCESS_INFORMATION pi;
STARTUPINFO si;
si.cb=sizeof(si);
OutputDebugString(L"Creating Process ");
OutputDebugString(ps->szName);
OutputDebugString(L"\n");
wcscpy(tcModuleName,ps->szName);
TCHAR *tcPtrSpace=wcsrchr(ps->szName,L' '); // Launch command has a space, assume command line.
if (NULL != tcPtrSpace) {
tcModuleName[lstrlen(ps->szName)-lstrlen(tcPtrSpace)]=0x00; // overwrite the space with null, break the app and cmd line.
tcPtrSpace++; // move past space character.
}
CreateProcess( tcModuleName, // Module Name
tcPtrSpace, // Command line -- NULL or PTR to command line
NULL, // Process handle not inheritable
NULL, // Thread handle not inheritable
FALSE, // Set handle inheritance to FALSE
0, // No creation flags
NULL, // Use parent's environment block
NULL, // Use parent's starting directory
&si, // Pointer to STARTUPINFO structure
&pi ); // Pointer to PROCESS_INFORMATION structure
OutputDebugString(L"Thread Exiting...\n");
return 0;
}
which compiled errorfree
Added the registry entries as shown above, copied the launcher's exe in default location, rebootet device. Nothing happened, means executable defined as
Code:
[HKEY_CURRENT_USER\Startup]
"Process1"="\NandFlash\SetBackLight.exe"
wasn't run at all.
Does anybody have an idea, where the error is? Any help appreciated. Thanks for reading.

Categories

Resources