Help With API WM5 - Windows Mobile Development and Hacking General

Hi
i begin in level of system of WM5.
I have make some software in language C for WM5/WM6.
I search help for recover system information (network GPRS or WIFI, enumerate Available Access Points ,signalStrength,...),
if you know api for that thank you
Sorry for my english i say it is little poor

Hi
I have find solution i used i post solution if you are interessted:
pQueryOid = (PNDISUIO_QUERY_OID) Buffer;
pQueryOid->Oid = OID_802_11_BSSID_LIST;
pQueryOid->ptcDeviceName = /* your AdapterName*/
//-------------------------------------------------------------------------------------------------------------------------------------------------------
//creates, opens, or truncates a file, COM port, device, service, or console. It returns a handle that you can use to access the object.
handleDevice = CreateFile(NDISUIO_DEVICE_NAME,
GENERIC_READ|GENERIC_WRITE, 0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
(HANDLE) INVALID_HANDLE_VALUE);
if (handleDevice == INVALID_HANDLE_VALUE)
return NULL;
//sends a control code directly to a specified device driver, causing the corresponding device to perform the corresponding operation.
if (DeviceIoControl(handleDevice,
IOCTL_NDISUIO_QUERY_OID_VALUE,
(LPVOID) pQueryOid,
8192,
(LPVOID) pQueryOid,
8192,
&bytesWritten,
NULL))

Related

Get Device Information

Does anybody know how to get Device Information on XDA(Wallaby, Himalaya and Blue Angel) from within C++?
I would like to get the RomVersions(ROM,Radio etc.) and Dates.
And also Modell Number, IMEI.
Nearly the same as you can see under Start->Settings>System: Device Information.
I read somethimg about a "disk on chip" document, but it is linked under wiki, and it seems to me that everything und wiki(sourceodes, documents etc.) is dead.
Ok, i have some of these things.
I get the Model-Nr, Platform String, IMEI, and the OS Version.
With this Information i can say what XDA Device i´m running on.
But i don´t know how to get the ROM Informations.
Does anybody know where to find them? On XDA3 i found Versiosn in Registry, but they are not avaible on XDA1, and not all avaible on XDA2.
Maybe i have to Get the FileVersions and Dates...
Device Information
Hi I'm new in PDA and I'm looking for c++ code to reed information about device serial number or IMEI (for MDA 2 or MDA 3). Could You help me.
Thanks for any information
Tom.
To retrieve the IMEI:
//Function GetIMEI
CString GetIMEI()
{
CString strTemp;
WCHAR szString[MAX_PATH] = L"\0";
LINEGENERALINFO *LPLineGeneralInfo = NULL;
LPLineGeneralInfo = (LINEGENERALINFO*)malloc(sizeof (LINEGENERALINFO));
LPLineGeneralInfo->dwTotalSize = sizeof(LINEGENERALINFO);
LONG lTapiReturn;
DWORD NewSize;
DWORD dwNumDevs;
DWORD dwAPIVersion = TAPI_API_HIGH_VERSION;
LINEINITIALIZEEXPARAMS liep;
HLINEAPP hLineApp = 0;
HLINE hLine = 0;
DWORD dwExtVersion;
BOOL bRetVal = FALSE;
LPBYTE pLineGeneralInfoBytes = NULL;
DWORD dwTAPILineDeviceID;
const DWORD dwMediaMode = LINEMEDIAMODE_DATAMODEM | LINEMEDIAMODE_INTERACTIVEVOICE;
// Initialisiern
liep.dwTotalSize = sizeof(liep);
liep.dwOptions = LINEINITIALIZEEXOPTION_USEEVENT;
lineInitializeEx(&hLineApp, 0, 0, L"MDAC", &dwNumDevs, &dwAPIVersion, &liep);
// Device ID holen
dwTAPILineDeviceID = GetTSPLineDeviceID(hLineApp, dwNumDevs, TAPI_API_LOW_VERSION, TAPI_API_HIGH_VERSION, CELLTSP_LINENAME_STRING);
// Line öffnen
lineOpen(hLineApp, dwTAPILineDeviceID, &hLine, dwAPIVersion, 0, 0, LINECALLPRIVILEGE_OWNER, dwMediaMode, 0);
// ExTAPI Version aushandeln
lineNegotiateExtVersion(hLineApp, dwTAPILineDeviceID, dwAPIVersion, EXT_API_LOW_VERSION, EXT_API_HIGH_VERSION, &dwExtVersion);
lTapiReturn = lineGetGeneralInfo(hLine, LPLineGeneralInfo);
//If the LineGeneralInfo buffer was too small then make it bigger and ask again
if ((lTapiReturn == 0) && (LPLineGeneralInfo->dwNeededSize > LPLineGeneralInfo->dwTotalSize))
{
NewSize = LPLineGeneralInfo->dwNeededSize;
LPLineGeneralInfo = (LINEGENERALINFO*)realloc(LPLineGeneralInfo, LPLineGeneralInfo->dwNeededSize);
LPLineGeneralInfo->dwTotalSize = NewSize;
lTapiReturn = lineGetGeneralInfo(hLine, LPLineGeneralInfo);
}
if (lTapiReturn != 0)
{
//wcscpy(szString, TEXT("Error, unable to read phone\n\rinformation with the phone\n\rswitched off.\n\n\rPlease Exit program and try again."));
}
else
{
//Copy Result over to this functions reply
// wcscpy(szString , TEXT("Manufacturer and Model:\n\r "));
// wcscat(szString, (TCHAR*)((char*)LPLineGeneralInfo + LPLineGeneralInfo->dwManufacturerOffset));
// wcscat(szString, TEXT("\n\r "));
// wcscat(szString, (TCHAR*)((char*)LPLineGeneralInfo + LPLineGeneralInfo->dwModelOffset ));
// wcscat(szString, TEXT("\n\n\r"));
// wcscat(szString , TEXT("Revision :\n\r "));
// wcscat(szString, (TCHAR*)((char*)LPLineGeneralInfo + LPLineGeneralInfo->dwRevisionOffset));
// wcscat(szString, TEXT("\n\n\r"));
// wcscat(szString , TEXT("Serial Number :\n\r "));
wcscpy(szString, (TCHAR*)((char*)LPLineGeneralInfo + LPLineGeneralInfo->dwSerialNumberOffset));
// wcscat(szString, TEXT("\n\n\r"));
// wcscat(szString , TEXT("Subscriber Number :\n\r "));
// wcscat(szString, (TCHAR*)((char*)LPLineGeneralInfo + LPLineGeneralInfo->dwSubscriberNumberOffset));
// wcscat(szString, TEXT("\n\r"));
}
strTemp = szString;
//Free up resources used
if (hLineApp != NULL)
lineShutdown(hLineApp);
if (LPLineGeneralInfo != NULL)
free(LPLineGeneralInfo);
if(strTemp.GetLength() == 17)
{
return strTemp.Left(15);
}
return strTemp;
}
//FUNCTION GetTSPLineDeviceID
DWORD GetTSPLineDeviceID(const HLINEAPP hLineApp, const DWORD dwNumberDevices, const DWORD dwAPIVersionLow, const DWORD dwAPIVersionHigh, const TCHAR *const psTSPLineName)
{
DWORD dwReturn = 0xffffffff;
for(DWORD dwCurrentDevID = 0 ; dwCurrentDevID < dwNumberDevices ; dwCurrentDevID++)
{
DWORD dwAPIVersion;
LINEEXTENSIONID LineExtensionID;
if(0 == lineNegotiateAPIVersion(hLineApp, dwCurrentDevID,
dwAPIVersionLow, dwAPIVersionHigh,
&dwAPIVersion, &LineExtensionID))
{
LINEDEVCAPS LineDevCaps;
LineDevCaps.dwTotalSize = sizeof(LineDevCaps);
if(0 == lineGetDevCaps(hLineApp, dwCurrentDevID,
dwAPIVersion, 0, &LineDevCaps))
{
BYTE* pLineDevCapsBytes = new BYTE[LineDevCaps.dwNeededSize];
if(0 != pLineDevCapsBytes)
{
LINEDEVCAPS* pLineDevCaps = (LINEDEVCAPS*)pLineDevCapsBytes;
pLineDevCaps->dwTotalSize = LineDevCaps.dwNeededSize;
if(0 == lineGetDevCaps(hLineApp, dwCurrentDevID,
dwAPIVersion, 0, pLineDevCaps))
{
if(0 == _tcscmp((TCHAR*)((BYTE*)pLineDevCaps+pLineDevCaps->dwLineNameOffset),
psTSPLineName))
{
dwReturn = dwCurrentDevID;
}
}
delete[] pLineDevCapsBytes;
}
}
}
}
return dwReturn;
}
Thanks for your code but I cand compile it error like:
error C2065: 'TAPI_API_HIGH_VERSION' : undeclared identifier
error C2065: 'TAPI_API_LOW_VERSION' : undeclared identifier
error C2065: 'CELLTSP_LINENAME_STRING' : undeclared identifier
error C2065: 'EXT_API_LOW_VERSION' : undeclared identifier
error C2065: 'EXT_API_HIGH_VERSION' : undeclared identifier
what should I include ?
#define TAPI_API_LOW_VERSION 0x00020000
#define TAPI_API_HIGH_VERSION 0x00020000
#define EXT_API_LOW_VERSION 0x00010000
#define EXT_API_HIGH_VERSION 0x00010000
OK but what with this one:
error C2065: 'CELLTSP_LINENAME_STRING' : undeclared identifier
thanks
#include <tapi.h>
#include <tsp.h>
#include "extapi.h"
#define TAPI_API_LOW_VERSION 0x00020000
#define TAPI_API_HIGH_VERSION 0x00020000
#define EXT_API_LOW_VERSION 0x00010000
#define EXT_API_HIGH_VERSION 0x00010000
Now is OK
.. but I have one question whay it dsn't work without SIM card ? Is it possible to get IMEI or device serial number if there aren't sim inside ?
Yes, it does work without simcard. It runs on my MDA 1/2/3 without SIMCard.
Maybe you phone decivce is completely turned off...
Yes you right phone device was turned off now is goood
Thanks
hmmm - are you writing this app in eVC++ 3.0 or eVC++ 4.0 ?? I dont seem to get it working in eVC++ 4.0. I'm getting an external link error for lineGetGeneralInfo().
Could you be kind enough to send me the full app ??? or help me solve this ?? i'm trying to write my program as a MFC pocket pc 2003 exe and dialog based!!
thanks
problem solved , thanks for the source code
has anybody used this as a utility to craete an output fie containing the IMEI number? I have'nt got Visual Studio for pocket PC but would like to be able to do this
Patrick said:
Yes, it does work without simcard. It runs on my MDA 1/2/3 without SIMCard.
Maybe you phone decivce is completely turned off...
Click to expand...
Click to collapse
My phone device is completelty turned off.
Do you have any idea how to find IMEI number when the device is in this state ?
It's possible because system info in control panel could display the IMEI in this state.
Hi everybody!
I know this is a bit off topic but if you want to get a serial number instead of IMEI you can use the following code:
Code:
#define IOCTL_HAL_GET_DEVICEID CTL_CODE(FILE_DEVICE_HAL, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
extern "C" BOOL KernelIoControl(
DWORD dwIoControlCode,
LPVOID lpInBuf,
DWORD nInBufSize,
LPVOID lpOutBuf,
DWORD nOutBufSize,
LPDWORD lpBytesReturned);
BYTE outBuff[16];
*(DWORD*)outBuff = 16;
KernelIoControl(IOCTL_HAL_GET_DEVICEID, 0, 0, outBuff, 16, &outBytes);
Should work on all devices regardless of what is turned on.
Thanks.
With the DEVICEID information, IMEI could be found with phone device turned off on QTEK 9090
Code:
void GetIMEIFromQtek9090(char *serial)
{
BYTE outBuff[16];
DWORD outBytes;
*(DWORD*)outBuff = 16;
KernelIoControl(IOCTL_HAL_GET_DEVICEID, 0, 0, outBuff, 16, &outBytes);
sprintf(serial,"35%02X%02X%02X%02X%02X%02X%02X", outBuff[6], outBuff[5], outBuff[4], outBuff[3], outBuff[2], outBuff[1], outBuff[0]);
}
Thanks again.
Any luck obtaining the device ROM version? It's the only item in your list that I seem to be stuck on...
Can someone send me a compiled version of the code to get the IMEI etc?

RIL_GetEquipmentInfo Problems

Trying to understand RIL and how to pass all the handles and various parameters. In my code i try to initialize RIL and then use the RIL_GetEquipmentInfo function to try and get some results from it. However when i try my application out , i get something like each time i press the command button ....
406
408
40B
411
....
it seems to increment and i thought i was ment to get something like HIMALAYAS back ... Where am i wrong ???
*********************************************
bool CTerminalDlg::RIL_Initialize(DWORD dwIndex)
{
TCHAR szString[256];
CEdit* pEditShow = (CEdit*)GetDlgItem(IDC_EDIT3);
result = ::RIL_Initialize(1, OnResultCallback, OnNotifyCallback, dwNotificationClasses, g_dwParam, &g_hRil);
HRESULT test = RIL_GetEquipmentInfo(g_hRil);
::wsprintf(szString, L" %X", test);
pEditShow->SetWindowText(szString);
return g_hRil != NULL;
}
the result is returned asyncronously via the OnResultCallback function.
alright i get ya ......... so that means the answer i should get ( HTC ) will be passed to a parameter inside the OnResultCallback function ? How would i display it in a message box though ?
thanks for your help i'm struggling here.
1)http://forum.xda-developers.com/viewtopic.php?t=28835
2)there is bad idea to show message box from callback
i think this callback execute in internal RIL thread
get data that you needed from RILEQUIPMENTINFO struct and put to temp buffer
show data from temp buffer in your main thread
for example:
in main thread
1)reset Event
2)call Ril_GetEquipmentInfo
3)wait Event
4)show MessgeBox
in callback
1)store data from RILEQUIPMENTINFO to temp buffer
2)set Event
3)return

Win32 Mode Failure to set text in static control

I have a problem in setting controls in a Win32 application.
When I use SendMessage to set a text string in a static control I get error number 120 which translated means: "This function is only valid in Win32 mode."
Here's the background:
I'm using Visual Studio 2005, I've installed the Windows Mobile 5 SDK.
The project was created using the New Project Wizard, with the following settings:
Visual C++/Smart Device
Win32 Smart Device Project
Platform SDK is: Windows Mobile 5.0 Pocket PC SDK
Windows application
I've added a dialog template resource and can bring up a dialog based on that resource. It contains a static control that I can read the text from, but attempting to set the text gives me the above error.
The relevent code (within the WM_INITDIALOG message handler) is:
Code:
char buffer[100];
HWND hCtrl = ::GetDlgItem(hDlg, IDC_TITLE);
LRESULT result = ::SendMessage(hCtrl, WM_GETTEXT, (WPARAM)80, (LPARAM)buffer);
This works, I get the correct text (ie the text I have placed into the static control using the dialog template editor) copied into the buffer. What follows is:
Code:
buffer[0] = 'A'; // Just to set up a different string
result = ::SendMessage(hCtrl, WM_SETTEXT, (WPARAM)0, (LPARAM)buffer);
if (result == 0)
{
LPVOID lpMsgBuf;
DWORD error = ::GetLastError();
::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, error, 0, (LPTSTR)&lpMsgBuf, 0, NULL);
::MessageBox(NULL, (LPCTSTR)lpMsgBuf, (LPCWSTR)"LError", MB_OK | MB_ICONINFORMATION);
::LocalFree(lpMsgBuf);
}
The attempt to set the changed text string fails (ie result == 0), and the last error is 120, which is translated to the error message above.
This works the same in both the Windows Mobile 5 emulator, and if I run it on my Atom.
What does this mean? How could it be anything other than Win32 mode?
Is there a function or something I have to call to put it into Win32 mode?
Or is it a project setting in VS2005 that I haven't been able to find?
I'd very much appreciate any help on this.
Peter
Your build target was a PPC 2003 variant for this project, correct? If so (and I'm assuming that it is so because you mention trying this on the PPC emulator), then you are most certainly not in Win32 mode, rather you are targeting WinCE. To target win32, you need to go into configuration manager and change your target at which point your program will no longer run on PPC.
More to your problem: I don't believe that you can dynamically change dialog static control properties through messaging on WinCE. I may be wrong on this here though too....

How to execute arbitrary code...

Dear all,
I want to publish here one very very simple method how you can execute arbitrary code in your applications.
This method can be used to protect your software with runtime decryption\encryption mechanisms.
For example, your license checking function can be stored in the exe-file somehow encrypted and you'll be able to decrypt it in runtime end execute.
Using this method you can even encrypt all your application and decrypt only necessary functions just before you want to execute them.
Of course you should understand that any security mechanisms sooner or later will be cracked, but our goal is not to create non-breakable security, but to make cracking process more expensive then buying a license.
So, the idea is simple: we can prepare some buffer in the application and in the runtime copy there code we want to execute.
Here is source code:
Code:
/*
After compilation it is necessary to change flags of .mysec
from 60000020 (Code Execute Read) на E0000020 (Code Execute Read Write)
Just open exe-file, search for 0x20 0x00 0x00 0x60 after text ".mysec"
and change it to 0x20 0x00 0x00 0xE0
*/
#include <windows.h>
// turn off optimiztions
#pragma optimize("", off)
// define our code segment
#pragma code_seg(".mysec")
// let's allocate some place in our new segment
__declspec(allocate(".mysec")) BYTE pBUF[100];
// put functions to the new segment (not necessary!)
int func1(int i)
{
return i*2;
}
int func2(void) // just fake function. we'll need it to find size of func1
{
return 5;
}
// turn on optimizations
#pragma optimize("", on)
// switch back to .text segment
#pragma code_seg()
// define pointer to function
typedef int (*pfn_t)(int i);
int _tmain(int argc, TCHAR* argv[])
{
func2(); // not so necessary, but linker might remove unused functions... :-\
// here we're copying code of func1 into the buffer :)
// in fact, here should be some procedure decrypting necessary
// code into our buffer, but to simplify the example, I'll
// just copy one of existing functions int the buffer
// and then execute it
memcpy(pBUF, &func1, (int)&func2 - (int)&func1);
int a = ((pfn_t)(void*)pBUF)(4); // execute
// show result
wchar_t pBuf[20] = {0};
wsprintf(pBuf, L"a = %d", a);
::MessageBoxW(0, pBuf, L"tst1", MB_OK);
return 0;
}
I'll also attach the compiled application for those who think it won't work.
Thank you!
Best regards,
efrost

CeMountDBVolEx on mxip_swmgmt.vol results in ERROR_SHARING_VIOLATION

Due to some recent changes in WM 6.1, when I uninstall my cab via 'Remove Programs' and then later install it again, it says 'The current version will be removed before the new one is installed'. I am using the WM 6.1 emulator
The reason for this prompt to throw up is because the app name still exists in the \mxip_swmgmt.vol. I have verified this by opening the .vol with MemMaid. I was able to get around the prompt by deleting the respective record from mxip_swmgmt.vol using MemMaid.
Now I intend to achieve the same programatically. These are the API's used.
Code:
CEGUID ceGUID;
HANDLE hSession, hDatabase;
DWORD dwErr = 0;
DWORD dwErr1 = 0;
::CeFlushDBVol(0);
// Mount the vol
//
if (!::CeMountDBVolEx (&ceGUID, TEXT ("\mxip_swmgmt.vol"), NULL, OPEN_EXISTING))
{
dwErr = ::GetLastError();
return;
}
At this point it returns and the value in dwErr is 32 i.e. 'The process cannot access the file because it is being used by another process.'
I went one step ahead and stopped the SWMGMTSERVICE which I strongly believe is holding onto the mxip_swmgmt.vol.
The code now looks like
Code:
CEGUID ceGUID;
DWORD dwErr = 0;
DWORD dwErr1 = 0;
// Bring down the SWMGMTSERVICE so that we get a handle to pszVol
//
HANDLE hService = ::GetServiceHandle (TEXT ("SWM0:"), NULL, NULL);
if (hService != INVALID_HANDLE_VALUE)
{
if (!::DeregisterService (hService))
{
dwErr = ::GetLastError();
return;
}
}
::CeFlushDBVol(0);
// Mount the vol
//
if (!::CeMountDBVolEx (&ceGUID, TEXT ("\mxip_swmgmt.vol"), NULL, OPEN_EXISTING))
{
dwErr1 = ::GetLastError();
// restart the service and return
//
::RegisterService (TEXT ("SWM"), 0, TEXT ("swmgmtservice.dll"), 0);
return;
}
Now at this point dwErr1 contains the error code 1358 i.e. 'Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk.'
Any idea how I can get a handle to mxip_swmgmt.vol either by stopping or without stopping the relevant services ?
Thanks.
A gentle bump.
Any clues will certainly help.
have u got any workable solution? I am facing same problem.

Categories

Resources