How to Patch ARM Executable? - Windows Mobile Development and Hacking General

Hi everybody,
I must to patch an ARM executable. I use HTC with Windows Mobile 6.5.
Actually I installed IDA Pro. It is dissassembling my arm executable file but it doesnt let me to patch (assemble) it. When I click "Edit>Patch Program>Assemble" , It gives an error. (Sorry, This processor module doesnt support the assembler).
So , is there any dissassembler for ARM executables which let me to patch/edit binary like Ollydbg???
Or is there any way to patch it via IDA Pro??

Patching and assembling are two different things. In my experience, IDA even does not produce good enough 386 assembler source code for reassembling. But often you can patch exe's with a hex editor succesfully if you don't need extra code. You look up the location in IDA and patch it correspondingly in a hex editor.

Hi zzxq,
thanks for your reply.. I need to add extra code? So changing opcodes via Hex editor is not enough for me ... What can I do?

Depending on how the .text segment is aligned, you could possibly add some code there or overwrite functions you don't need and branch to them. If you have room in the .data segment you could mark it as executable. Extending the total code size would require more work; you'd certainly need tot adjust the .text segment size in the PE header and the start of the segments following the .text segment. Just some suggestions that may not work; I only have experience with in-place hacks that involve a few bytes.


[RELEASE] Web based ARM Assembler

As I am sure there are quite a few ppl around who can write ARM ASM application, I thought it might be fun/useful for them to have a look at my project which is a purely web-based ARM assembler. This is my university project, so I'd appreciate any feedback on it.
It's written entirely in PHP5 and it supports all instructions of ARM9. THUMB mode is not yet supported, but that's just a matter of encoding those instructions. Right now the assembler produces a single executable, but it's capable of producing DLLs and BINary ROM files too. It accepts both file-upload input and simple text. If there are no problems compiling your code, you'll get a link to executable, simple error reporting is available too. Compiled binaries are stored for 24h and then deleted.
It supports DLL linkage by .INCLUDE/.IMPORT directives, for instance:
.import MessageBoxW
Right now it only has COREDLL header prepared, but I can make it for any other DLL you want, just let me know.
The assembler is available here: - There is an example application "hello world!" included

WM6 kitchen help! ERROR building default.hv and user.hv

hi what does it mean when i get this message?
"ERROR building default.hv and user.hv"
ho do i solve this issue..?
all response are greatly appriciated...
Go to the temp/dump directory,there'll be a log.txt look at it toward the end, it'll tell you what RGU file errored out on what line.
Okay.. here is the log.txt
I dont know what to look for or how to interpret what I see..
Please take a look and explain how to solve this...
Microsoft (R) RGUComp Version 1.0.000
Registry file processor and hive builder.
Copyright (C) 2004 Microsoft Corporation All Rights Reserved.
built: Nov 19 2004 15:17:13
importing registry file ".\boot.rgu"...
(RGUComp) done!
Microsoft (R) Cabinet Tool - Version 5.00.2134.1
Copyright (C) Microsoft Corp. 1981-1999.
Creating new cabinet 'Packages\' with compression 'MSZIP':
-- adding packages\034e7cf6-8a37-40ad-85bd-6851b921866a.dsm
-- adding packages\039fec56-be2a-4756-af7c-a5d6c1c0dcd1.dsm
-- adding packages\074cb6af-3a60-414e-b574-dc3d6e10f728.dsm
-- adding packages\ff46409f-ed26-4a0a-a3a3-5e9af96a1748.dsm
-- adding packages\ff46409f-ed26-4a0a-a3a3-5e9af96a1748.rgu
-- adding packages\ffffffff-0009-49d9-a5a8-8abdf1b7936f.dsm
-- adding packages\ffffffff-0009-49d9-a5a8-8abdf1b7936f.rgu
Completed successfully
Microsoft (R) RGUComp Version 1.0.000
Registry file processor and hive builder.
Copyright (C) 2004 Microsoft Corporation All Rights Reserved.
built: Nov 19 2004 15:17:13
importing registry file ".\boot.rgu"...
importing registry file ".\Registry\8cb4ac12-6bc5-4bda-ab45-539988c36a95.rgu"...
importing registry file ".\Registry\29356830-10de-437d-ad6a-6c7d60a7dea4.rgu"...
package "DRM" does not contain .rgu file "29306538-2ad1-42a5-8414-502a65277eb5.rgu"
importing registry file ".\Registry\ae879543-c73e-4888-812b-d8177c404612.rgu"...
importing registry file ".\Registry\e658c544-26bf-45ac-a458-2044a5d1e698.rgu"...
importing registry file ".\Registry\23ba5346-78b8-4436-b7d2-f30712c3cef4.rgu"...
importing registry file ".\Registry\1026cf4d-a304-4c1c-8953-c4d43bfb6961.rgu"...
importing registry file ".\Registry\1138cea3-8c39-43ca-b5ac-f83d1f1fbb81.rgu"...
package "OEM_PhoneInfo" does not contain .rgu file "142251b8-84ac-406f-86b2-6ba2c378d741.rgu"
importing registry file ".\Registry\1911ed01-5dbf-4b5b-94e8-cb4c3df6ac01.rgu"...
importing registry file ".\Registry\193feaf3-e7b9-4bd2-a4c9-045b173239a8.rgu"...
importing registry file ".\Registry\25865771-b284-11db-abbd-0800200c9a66.rgu"...
package "OEM_Cert9" does not contain .rgu file "25b75993-5b5b-4aca-a24a-dc892d433bb8.rgu"
importing registry file ".\Registry\25d7c6b7-6429-4af7-915c-db7387417df8.rgu"...
importing registry file ".\Registry\26316bc7-c258-11db-8314-0800200c9a66.rgu"...
importing registry file ".\Registry\2649e262-7cab-4487-8c5e-25ca0ecaf7ed.rgu"...
importing registry file ".\Registry\2dbdf3b4-d684-4a18-affd-de995e0415a9.rgu"...
package "OEM_ExtDLL" does not contain .rgu file "2ee3e52c-c919-46fa-9ba1-fba96139437a.rgu"
importing registry file ".\Registry\2f9c257e-cd05-41bb-bb39-232aac902d6f.rgu"...
importing registry file ".\Registry\2fcd7939-1a42-4d8a-adf4-c4604fe44d29.rgu"...
importing registry file ".\Registry\30b7e1f7-4612-469a-8b50-edcb445a670e.rgu"...
importing registry file ".\Registry\30d57824-1462-4dbd-a910-45fafff473cf.rgu"...
importing registry file ".\Registry\362f0472-1b51-437b-8da9-09532ec2b9b7.rgu"...
importing registry file ".\Registry\397f1061-1c74-4744-bd3c-7855c43e801e.rgu"...
importing registry file ".\Registry\3a63ca0b-1a5b-4124-8de4-1f0eb745d3cc.rgu"...
Failed to parse value name HKEY_CURRENT_USER\Software\pocketMax\Spacer2!!!
InitRegistry FAILED in file ".\Registry\3a63ca0b-1a5b-4124-8de4-1f0eb745d3cc.rgu" within a few lines of line 4.
ImportFromPackageListStrict: (RGUComp) !ERROR failed importing ".\Registry\3a63ca0b-1a5b-4124-8de4-1f0eb745d3cc.rgu"
wmain: (RGUComp) !ERROR failed building DEFAULT hives
try to check if "3a63ca0b-1a5b-4124-8de4-1f0eb745d3cc.rgu" is a saved as unicode and if it has empty line at the very end of file. Send me that RGU file po my mail: [email protected]
file sent.. check your email
Okay.. I've figured out that I have this "ERROR" problem when including the following OEMs in the kitchen for flashing..
"Divx mobile".." Claunch 12.04" and "Spacer2" for use with the LG Plugin.. I made these OEMs with the Package Creator 5.4 by Ervius..
I've made other OEMs as well.. and they seem to be loading fine.. except these.. I can live without the other two but really want to get the Claunch 12.04 to work for future flashing..
if someone can make me that OEM .. that would be great..
i made them yesterday..check the posts or check them from my signature
Its line 4 of this rgu: 3a63ca0b-1a5b-4124-8de4-1f0eb745d3cc.rgu
Probably dealing with this entry or what follows:
Just post what you have there.
b16daddy sent me ......rgu here it is:
Click to expand...
Click to collapse
i already sent him fixed version:
Click to expand...
Click to collapse
That might choke as well. First you will need to change "dwors" to "dword" . But, I believe you are limited to 8 characters following a dword. Not 100% sure on this, but I have had hive builders choke when I have accidentally put in a DEC value that was 9 digits or longer instead of the 8 digit HEX value.
for now.. I've excluded the OEMs that gives me the .hv problem from the kitchen..
but I still installed the LG today Plugin, Today Agenda 1.1 and PocketCM Keyboard 0.13..
No porblem in loading and flashing..
but afterward when I tried to navigate to it on my phone.. Setting/Home/Items (to select items for Home Screen).. Its not in the list.. none of it.. I can find it in /Program Files (Where it was installed) and launch it.. but cant put it on the home screen..
Secondly.. I noticed that all the programs installed from the OEM Package that was released on 12-17-07.. everything was installed into /windows.. and only used up 6.xx mb of the storage memory and only a little of Program memory...
but with these User OEMs I added.. it ended up using more memory after flashing.. was it something i die (or failed to do) while making theses OEMs?
Please help...
If you are not seeing them in the Today Items menu, you are probably missing the regs that designate the apps as Today plugins. Something similar to this:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Today\Items\Today Agenda]
As far as your memory. Everything built into a rom goes to \Windows. So, if your OEM is moving files elsewhere, you are copying them and not really moving them. I do not know which OEMs you are using, but you might want to check to see where the files are being placed.
Well.. I used the Package creator 5.4 by Ervius to create these OEMs from Cab files..
I only followed the steps that were provided in the download...
How do I configure it to make the registry that designates the apps as Today plugins?
and can you tell me how to get Claunch12.04 to work with the kitchen? I really want to include that app ..
there might be a problem with Package creator (or better said, there is a prob) - some appz uses setup.dll to create some Reg.Keys an PackCreator only extract keys from provisioning xml (provxml) unfortunately it doesnt analyze setup.dll (one way - install WM6 emulator, export registries, install app. extract regs. and compare regs - or u can do it on Ur device - not recomended)
wow.. this all seems too complex for me to handle.. I am no software genius .. just someone who likes tweaking with his toys...
maybe i should just wait for the new package to be released.. or wait til the new BuildOS.. I hear it has a function that downloads new and updated versions of OEMs...
i wonder though.. where will it download from?
will there be a ftp server designated for OEM Uploads?
well.. I guess I'm just gonna have to install those apps manually for now...
Colonel00, Phsnake..
since you guys seem to know what you are talking about.. will one of you please make those OEMs for me?
I really like the LG Today Plugin, Claunch 12.04 and the Today Agenda Plugin.. can you make it so that it would install into directory: My Device/windows.. and have it show up in the Today items menu?
there might be a prob (same as SCLPC - it has some hardcoded paths), but in general all u need to do is edit cab file with WinCE CAB manager and edit %InstallDIR%. but registries.....

Existing dll modification in WM6/6.1

I'm starting this because (so far) I have been unable to locate enough information to allow me to try modding dll's that exist (either compiled or decompiled modules) in WM6.
I've known some users have tweaked dll's (such as the phcanoverbmp.dll as an already built or the keybddr.dll as a decompiled) and would like to gain this knowledge and have a better understanding of the steps needed to get "into" the files.
I'd like to learn more about customizing them to either add embedded images, change image paths, touch screen mapping, etc.
I've tried reverse compilers and such, but so far have been unsuccessful in my attempts.
I'm running Visual Studio 2k8 Team Suite with the Mobile 6 Pro SDK on XP SP2.
use RESHACK (freeware) to open up any exe or dll file

Sous-Chef's Kitchen Utensils & Appliances Review

Welcome; I wanted to offer a little "something" back to the XDA community in the hopes that it will benefit others and to show my appreciation to the folks that make XDA the great community that it is.
If you've gotten excited about the idea of cooking your own ROM's, you've probably had to spend several weeks of reading, asking questions, getting acquainted with your facility, and figuring out where you're going to plug your utensils and/or appliances. Now comes the easy part, cooking quality ROM's ... right? It's gotta be simple after that, I mean that was all the hard stuff ... right? Well ...
As any seasoned chef will tell you, the quality of a meal greatly depends on quality ingredients, utensils, and appliances. Ingredients are a personal preference and some chefs can make Macaroni & Cheese taste like the best meal in the world; and how do they accomplish this? In many cases, they use quality utensils and appliances and understand the limitations of them.
Equipping your kitchen with the right tools ensures that you're able to provide quality meals to your patrons - resulting in return visits.
The goal of this thread is encourage seasoned chefs to share their knowledge of quality tools that they use in their day-to-day activities of ROM cooking.
Some of these tools are free, others have a trial version, and others must be purchased. The goal isn't to promote any one specific tool, it is to provide objective (and hopefully unbiased) reviews of these tools. Lastly, a moderator or senior chef may periodically review and cleanup this thread/post to ensure that it remains on-topic and consistent in format ... so don't take offense; you'll always be credited for your contribution.
Format For Each Post
Take a moment to review existing tool reviews; the goal is to share your experiences in using the tool. The review should contain the following information:
Name of the tool (same as in Title of post)
Link to tool
Cost (Free, Adware, Trialware, Purchase)
Reviewed by [your XDA member name]; in case the post is moved near the top of the thread at a later date.
Summary of what the tool does (uses) and any example you can think of.
Tips on how to use the tool; things you discovered when using the tool.
Potential pitfall (gotcha's) when using the tool; things you discovered when using the tool.
Reference threads (optional); links that might offer some additional usage information.
No attachments please. Post them in the original thread for the tool.
List Of Tools To Review
List Of Tools To Review
Here's a list of tools that I'd like to review and add to this thread. The goal is to review the various tools that chefs will often use while preparing their ROMS; any seasoned chefs (aka volunteers)? If so, post your review in the thread.
CABARC: MS Cabinet SDK in self executing zip
DSM Assembler Manifest: DSM Editor
EmEditor: advanced string search & editor
HEX Workshop: Intermediate HEX editor
ini2reg : Preformatted ini file for customized Registry extraction
IDA Pro: assembler/disassembler (extremlely advanced)
NBHextract: .NBH Extraction
NBHUtil: .NBH Generation
Notepad2: intermediate multi-editor (lua, xml, cmd, etc.)
Paint.NET: graphics editor
ProvXMLCreator: Autoconfiguration for WiFi, Certificates and email
PE Explorer: resource editor
PHM Registry Editor
PreKitchen Tool: import SYS to kitchen
RECMOD: recode/decode modules
REG2XML: convert .reg and .rgu files to xml
RegLogger: registry logging
ROM Extractor (Link 2)
TrayGUID PC: generate unique GUID to clipboard by clicking it
UAE Debugging Tool (UAEDT = Unrecoverable Application Error Debugging Tool)
WinCE CAB Analyzer (MSCEInf): .CAB extraction
WinCE CAB Manager: .CAB creation
XVI32: basic HEX editor
Resource Builder
Windows Mobile Developer Power Toys
Any others? Feel free to post a request in the thread or send me a PM.
Quick Post Index
Quick Post Index
Sorted alphabetically; at least I hope it is.
CAB/OEM Package Converters
CAB to OEM to EXT GUI Suite
Package Creator
Device Side Manifest (.DSM) Editors
DSM Analyzer
DSM Builder
DSM Dependency Dumper
DSM Editor
Syn Text Editor
XML Notepad
Graphics (.BMP, .JPG, .PNG, etc.)
GNU Image Manipulation Program (GIMP)
Kitchen Porting Tools (SYS, OEM, etc.)
Initflashfiles Hex2Text
SYS Porting Tool For Ervius Kitchen
Process, Registry
FDC Task Manager (aka DotFRED)
Registry Workshop
Resource (.DLL, .EXE, etc.)
Dependency Walker
File Editor Suite
Resource Hacker
ROM Squeezer
Search/Comparison/File Managers
Beyond Compare
Compare It
Directory Opus
Senax's Library Of Links
Senax's Library Of Links
There are links to SDK's, developer tools, power toys and more. More links are better than less, so we say in Holland Don't you agree??
Have a nice day folks,
How could I forget to mention;
System Center Mobile Device Manager Resource Kit Tools
That was my left sleeve of links...
Q: Are you going to make it any easier for us?
A: That's a good question! No, (not for the Moderator(s) ) I've no intention of that just yet. First more power links, while thoroughly reviewing stuff, then searching for new links (references) and so on. Then a new review
Have a nice day / night while clicking all them links in ...,
Here some links to SDK's to inform others and get them reviewed:
Windows Mobile 5.0 SDK for Pocket PC
Windows Mobile 5.0 SDK Documentation
Windows Mobile 6 Documentation
Windows Mobile 6 SDK Refresh
Windows Mobile 6 SDK Documentation
Windows Mobile 6.5 Developer Tool Kit
Windows Mobile 6.5 Documentation
Windows Mobile 6.5.3 DTK
.NET XML PowerToys:
Generating XML Documents from XML Schemas
The XML Diff and Patch GUI Tool
Using the XML Diff and Patch Tool in Your Applications
Using the XSD Inference Utility
XML Tools Update
Power Toys for .NET Compact Framework 3.5
& ; exception messages
Windows CE CAB Installer SDK (though named SDK its more a CDK (Commercial DK), because you've got to pay $5 for it).
Awesome for UC (User Customization).
Microsoft SDKs (every and all SDKs from MS) for;
Azure Services Platform
Windows Desktop
Windows Live Services
Server Technologies
Web Development
Developer Tools:
Installing Developer Tools on Windows Mobile
Development Tools and Resources for Windows Mobile
Development Resources for WM on
What Microsoft does not tell is that when they shot themselves in the foot with 'Vista', they were forced to introduce Win7 earlier as planned. Thus VS2008 (read WM) all its links have been moved to > :NULL
Well maybe not, though I've a hard time finding them .. and I do know how to tweak-search. We (the users) are forced into using VS2010 now! It's all 'embedded' now (cq sort of virtual). Ah, well.. it's not that bad
Windows Mobile 6 Localized Emulator Images
Brief Description
This package includes localized Windows Mobile 6 emulator images that can be used with Visual Studio to test applications on different localizations or simply as standalone emulators without Visual Studio 2005!
Microsoft Power Toys:
Windows Mobile Network Analyzer PowerToy (Released with WM5 though usable with WM6)
Windows Mobile Device Security Manager PowerToy(Released with WM5 though usable with WM6)
General (Embedded) WM 6.x CE PowerToys link
Nowadays there 'll be no more Power Toys from Microsoft, instead we get:
Not (all) Windows Mobile specific: Microsoft Solution Accelerators & ~ A-Z technet :Free power(toys);
MSDN Code Galery third party resources
Windows Phone Developer Tools Beta
XML Notepad 2007 References:
Since this nice free editor is on CodePlex it is nice to mention this link;
I also found this link in my BookmarX_Manager; (their MORE button is the best TUTORiAL I've seen online about XML Notepad!!)
There's a 'new' Hopper (device stress tester included In WM Developer Power Toys) for WM6> (not WP7). Hopper its two versions WM5 WM6;
[PC] works for device too if its cradled.
Q: Is a file signed with a signature?
A: Let us check that using SystemInternals_Suite (click on the left of that page) its CLI SigCheck.exe
SigCheck; Verify that images are digitally signed and dump version information with this simple command-line utility.
These links are NOT for a review, these are to inform people about ARM processors used in WM and WP:
ARM Classic Processors
ARM Infocenter
Phoenix SDK
Phoenix is the code name for a software optimization and analysis framework that is the basis for all future Microsoft compiler technologies. The Phoenix framework is an extensible system that can be adapted to read and write binaries and MSIL assemblies and represent the input files in an IR, which can be analyzed and manipulated by applications by using the Phoenix API. The code can then be written in binary or JITable form for execution.
It enables teaching and collaborative research in code generation, optimization, program analysis, binary transformation, and software correctness. Phoenix is used as a research platform by Microsoft Research and will be the universal compiler backend for upcoming Microsoft languages and development tools.
Phoenix SDK April 2008
How to install Phoenix SDK
Senax's Library of Links ... continued
AT Commander
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
[PC] ATCommander;
The above link does not provide us with much information/links thus I searched some more
and came up with; Same page though not reachable via the first link. Anyway here you can download the latest .zip or .exe.
Note: My anti virus started to whine as soon as I unpacked the zip, though when I ran it in a VMware workstation everything worked smoothly.
Also do not forget to check this link;
Here some AT Commands reference links provided in two pdf files;
[WM5/6] ATCommander;
Senax's Library of Links ... continued
Reserved for future expansion.
Resource Hacker
Name: Resource Hacker
Version: 3.5.2 beta
Author: Angus Johnson
Cost: Free
Reviewed By: Sous-Chef
Resource Hacker is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). Cursor, Icon, Bitmap, GIF, AVI, and JPG resource images can be viewed and WAV, MIDI audio resources can be played. Menus, Dialogs, MessageTables, StringTables, Accelerators, Delphi Forms, and VersionInfo resources can be viewed as decompiled resource scripts. Menus and Dialogs can also be viewed as they would appear in a running application.
Resources can be saved as image files (*.ico, *.bmp etc), as script files (*.rc), as binary resource files (*.res), or as untyped binary files (*.bin). Resources can be modified by replacing the resource with a resource located in another file (*.ico, *.bmp, *.res). Dialog controls can also be visually moved and/or resized by clicking and dragging the respective dialog controls prior to recompiling with the internal compiler. Additionally, resources can be added to an application by copying them from external resource files (*.res).
Always keep a copy of the unaltered file as a backup.
Even though it is possible to alter the resources, some applications automatically resize controls and dialogs during operation.
Some applications may cease to function when the resource file is altered.
Reference Links:
Beyond Compare
Name: Beyond Compare
Version: 3.1.10
Author: Scooter Software, Inc.
Cost: Trialware, Purchase
Reviewed By: aruppenthal, Sous-Chef
Beyond Compare allows you to quickly and easily compare your files and folders. By using simple, powerful commands you can focus on the differences you're interested in and ignore those you're not. You can then merge the changes, synchronize your files, and generate reports for your records. You can compare entire drives and folders at high speed, checking just sizes and modified times. Or, thoroughly verify every file with byte-by-byte comparisons.
Once you've found specific files you're interested in, Beyond Compare can intelligently pick the best way to compare and display them. Text files can be viewed and edited with syntax highlighting and comparison rules tweaked specifically for documents, source code, and HTML. Data files, executables, binary data, and images all have dedicated viewers as well, so you always have a clear view of the changes. Beyond Compare is a "must have" tool; it will save hours of time. There is no better way to compare new builds and look for what has changed. When properly configured, it can display file versions which make integration of multiple sets of OEMdrivers a breeze. Swapping SYS files is never easier; you get to see dates of creation and can easily move files from one set to the other with a few clicks.
Here are some examples of how comparison can be used:
Compare one .\SYS folder version (ex: 23541) against an updated .\SYS folder version (ex: 23549) so as to determine what changes have occurred in registry files.
Compare one version of a ROM package (ex: Manila_2.1) against a newer version of the package (ex: Manila_2.1.1).
Compare a device ROM (ex: Mega_HTC_Europe_1.28.401.4) against another ROM (ex: Mega_TMO_UK_1.33.110.2) of the device to see what the HTC changed.
Compare specific files such as .XML, .PROVXML, etc.
You can copy the installation folder from your system to an external drive. You can then launch the .EXE from the external drive on another system - no need for installation.
Enable the "Send Files To The Recycle Bin" option to avoid having a file permanently deleted when it is removed from the list.
Editing INITFLASHFILES.DAT with the built-in editor is not recommended as it may cause corruption resulting in ROM issues.
Reference Links:
Name: IcoFX
Version: 1.6.4
Author: Attila Kovrig
Cost: Free
Reviewed By: Sous-Chef
IcoFX is an all-in-one freeware icon editor solution for icon creation, extraction and editing. It is designed to work with Windows XP, Windows Vista, Windows 7, Windows CE and Macintosh icons supporting transparency.
Easily convert your favorite images into icons, or icons into images. IcoFX gives you the possibility to create icon libraries or change icons inside EXE files. You can extract icons from other files, including Windows Vista, Windows 7 and Macintosh files. You can easily work with multiple files using the batch processing capability of IcoFX.
Always keep a copy of the unaltered file as a backup.
Choose free images to avoid potential copyright pitfalls.
None discovered.
Reference Links:
Dependency Walker
Name: Dependency Walker
Version: 2.2
Author: Steve P. Miller
Cost: Free
Reviewed By: Sous-Chef
Dependency Walker is a utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Another view displays the minimum set of required files, along with detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.
Dependency Walker is very useful for troubleshooting system errors related to loading and executing modules. Dependency Walker detects many common application problems such as missing modules, invalid modules, import/export mismatches, circular dependency errors, mismatched machine types of modules, and module initialization failures. It handles all types of module dependencies, including implicit, explicit (dynamic / runtime), forwarded, delay-loaded, and injected. For example, a quick way to determine what additional packages may be required for an application:
Open each .DLL/.EXE file in the package (ex: YouTube)
Note the files that are flagged as missing.
Search the source (usually an extracted ROM) for those files; odds are you'll need the entire package contents where the file is found.
Repeat the process until all of the necessary files are found.
Dependency Walker runs on Windows 95, 98, Me, NT, 2000, XP, 2003, and Vista. It can process any 32-bit or 64-bit Windows module, including ones designed for Windows CE. Windows CE modules use the same module format (known as the "Portable Executable" format) that is used for modules written for Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista, and beyond. There is no version of Dependency Walker that actually runs on Windows CE, but you can open Windows CE modules with Dependency Walker on a standard Windows computer.
Create a folder with all of the common WinCE files in it and set a custom search order that includes this path and save it to a file.
Use RECMOD to recode modules that may be required.
Use the "/d:your_file.dwp" command line option to pass a custom search order file to Dependency Walker.
Dependency Walker automatically tries to locate dependent modules using the default Windows module search path. For Windows CE modules, this can cause errors since non-CE modules may be found in the default search path. To fix this, you can use Dependency Walker's "Configure Module Search Order" dialog to remove all standard paths and then add a private folder of your own that contains only CE modules.
Reference Links:
FdcSoft Task Manager (aka dotFRED Task Manager)
Name: FdcSoft Task Manager (aka dotFRED Task Manager)
Version: 3.3
Author: FdcSoft (aka dotFred)
Cost: Free
Reviewed By: Sous-Chef
The Task manager application is a bunch of several useful tools in just one tool. It includes a Process manager, CPU usage, Application Manager, Service Manager, Device Manager (only WM2005 and above), Windows Manager, Notification Manager, IP Config utility, Ping utility, Net Stats utility, Registry Editor, and Run program utility.
Although, the application is intended to run on a Mobile Device, it is an excellent tool to use during the preparation of OEM packages. For example, the following procedure speeds up the process of converting from .CAB to OEM:
Copy the files from extract .CAB to the device
Import the registy settings
Process the .PROVXML files.
Reboot the device
Test application
The application can run from an SD card.
.RGU files can be renamed to .REG; make sure to remove the hidden, system file attributes.
.PROVXML files require a minor adjustment; see reference link below.
Reference Links:
Directory Opus
Name: Directory Opus
Version: 9.5.3
Author: GP Software
Cost: Trialware, Purchase
Reviewed By: ceesheim
Directory Opus 9 is a Windows File Manager & Explorer replacement that includes, user-definable file display views, User-definable toolbars, menus, file types, powerful image and file viewers, built-in ZIP and Secure SSL/SSH FTP, easily synchronize files & find duplicates, quick or advanced search and rename functions.
The file manager is extremely useful for moving files between folders, making backup copies of files, viewing pictures and playing sounds, running other utility programs on lists of files, deleting unwanted files and many other "housekeeping" tasks. If you are working with a lot of files in kitchens or Manila, this is a must have.
Take a few moments to get familiar with the options.
Can view .XML , HEX , .TXT , .DOC , .CPR , .PROVXML , .MSCR , .DSM , .RGU And many more
In view mode it can tell you if a manila file is a lua or a QTC1 file (in HEX)
Download lot of Plugins & Media Capabilities (RTF-Viewer , CSV-Viewer , Source Code Viewer , Postscript-Viewer , RVF File , EXE/DLL Metadata)
None discovered.
Reference Links:
XML Notepad 2007
Name: XML Notepad 2007
Version: 2.5
Author: Microsoft
Cost: Free
Reviewed By: Sous-Chef
XML Notepad 2007 provides a simple intuitive user interface for browsing and editing XML documents. XML Notepad provide synchronized Tree View with Node Text View for quick editing of node names and values, incremental search (Ctrl+I) in both tree and text views, so as you type it navigates to matching nodes, Cut/copy/paste with full namespace support, drag/drop support for easy manipulation of the tree, even across different instances of XML Notepad and from the file system.
Additionally, XML schema are instantly validate while you edit with errors and warnings shown in the task list window. It includes intellisense on expected elements and attributes and enumerated simple type values, inplace HTML viewer for processing xml-stylesheet processing instructions, built-in XML Diff tool, support for XInclude, dynamic help from XSD annotations, and goto definition to navigate includes and XSD schema information.
It's a must have when working with .XML and .PROVXML files.
Ensure that .NET Framework v2.0 (or higher) is installed
None discovered.
Reference Links:
Field Notes: Beyond Compare
Name: Beyond Compare
Version: 3.1.10
Click to expand...
Click to collapse
Hi Hilaireg Long time no talk
I want to emphasize the usage of Beyond Compare. This is the MOST important tool a chef can own. It will save hours of time. There is no better way to compare new builds and look for what has changed. When properly set up it shows file versions making integration of multiple sets of OEMdrivers a breeze. Swapping sys files is never easier as you get to see dates of creation and can easily move files from one set to the other with two clicks.
There is one thing not mentioned as far as cons. Using it on initflashfiles.dat is not recommended. Every time I have done so major issues followed by a restore of the original files.
Also when using beyond compare be SURE to set it to send files to the recycle bin. If not it will permanently delete them
Name: EditPad
Version: Lite
Author: Just Great Software Co. Ltd.
Cost: Free (Lite), Purchase (Pro)
Reviewed By: Laurentius26
EditPad Lite is a general-purpose text editor, designed to be small and compact, yet offer all the functionality you expect from a basic text editor. EditPad Lite works with Windows 98, ME, NT4, 2000, XP, Vista, and 7.
Additionally, You can open as many files in EditPad at a time as you want and change between the open files by clicking on their tabs without the hassle of overlapping windows. EditPad reads and writes UNIX (LF only) and Mac (CR only) text files (in addition to DOS/Windows CR+LF files, of course). EditPad natively supports Unicode text files and text files encoded in a variety of legacy code pages. EditPad supports all Windows and ISO-8859 code pages, plus a wide selection of DOS, KOI8 and EBCDIC code pages.
This means EditPad can edit any text file, whether it was saved on a Windows or Linux computer, an old DOS PC or an IBM mainframe. EditPad fully supports double byte character systems (DBCS) so you can edit texts written in Far East languages, such as Chinese, Japanese or Korean, as easily as those written in European languages.
EditPad is a very handy editor for viewing/editing .rgu, .dat, .xml, .html, and multiple formats - a must have for your kitchen.
If you run EditPad again when there is already an instance running, the file(s) you wish to edit will be opened by the existing EditPad window. This means there will be at most one EditPad window open, which will save you from a lot of task switching. Of course, if you do need more instances, simply pick View|New editor from the menu.
EditPad puts an icon in the system tray that remains visible, even if EditPad is closed. This way you have easy and fast access to EditPad, without the need to keep it running all the time.
None discovered.
Reference Links:
DSM Editor
Name: DSM Editor
Version: 1.7
Author: ervius
Cost: Free
Reviewed By: Sous-Chef
In early kitchen and ROM cooking, chefs used to delete Device Side Manifest (.DSM) files from OEM packages that resided in the .\PACKAGES and/or .\EXT folder. Other chefs would delete the .DSM file and create an empty version of a .DSM file as a placeholder. As we learned more about the Windows Mobile, we discovered that .DSM files contained pertinent information that was used during the compilation of a ROM and should be properly managed. DSM Editor is a utility to view and modify components of a .DSM file .DSM such as certificates, dependencies, shadow order, and list of modules/files.
A Device Side Manifest file (.DSM) describes the contents of a package and has the name <GUID>.DSM. Each package has its own .DSM file. The .DSM file is a binary file and the format may change at any time. The .DSM file is created by parsing a package definition file, package shadow file, and a build manifest file. Each item specified within a build manifest file is used to determine the item's file type.
The .DSM file contains the following information:
Public key certificate data used for signature validation.
Version information which includes the previous version of a package so as to create a delta package between an older or baseline package and a new package.
Package GUID
Dependency GUID information
File names and file information in the form of raw file size and original VBase for MODULES so they can be re-based and differentiated during an update.
Always keep a copy of the unaltered file as a backup.
A .DSM file should contain a complete (exact) list of all modules/files found in the package folder.
The .RGU file should be excluded from the .DSM file.
Kitchen-specific files should be excluded from the .DSM file.
Hidden (H) and/or System (S) attributes may need to be cleared (ATTRIB -s -h -r) from .DSM files before they can be edited.
Requires .NET Framework.
Reference Links:
Name: DSMBuilder
Version: 2008-08-08
Author: anmendes
Cost: Free
Reviewed By: Sous-Chef
In early kitchen and ROM cooking, chefs used to delete Device Side Manifest file (.DSM) files from OEM packages that resided in the .\PACKAGES and/or .\EXT folder. Other chefs would delete the .DSM file and create an empty version of a .DSM file as a placeholder. As we learned more about the Windows Mobile, we discovered that .DSM files contained pertinent information that was used during the compilation of a ROM and should be properly managed. DSMBuilder is a utility to view and modify components of a .DSM such as certificates, dependencies, shadow order, and list of modules/files.
A Device Side Manifest file (.DSM) describes the contents of a package and has the name <GUID>.DSM. Each package has its own .DSM file. The .DSM file is a binary file and the format may change at any time. The .DSM file is created by parsing a package definition file, package shadow file, and a build manifest file. Each item specified within a build manifest file is used to determine the item's file type.
The .DSM file contains the following information:
Public key certificate data used for signature validation.
Version information which includes the previous version of a package so as to create a delta package between an older or baseline package and a new package.
Package GUID
Dependency GUID information
File names and file information in the form of raw file size and original VBase for MODULES so they can be re-based and differentiated during an update.
Always keep a copy of the unaltered file as a backup.
A .DSM file should contain a complete (exact) list of all modules/files found in the package folder.
The .RGU file should be excluded from the .DSM file.
Kitchen-specific files should be excluded from the .DSM file.
Hidden (H) and/or System (S) attributes may need to be cleared (ATTRIB -s -h -r) from .DSM files before they can be edited.
Dumping a custom ROM where a .DSM file was altered with DSMBuilder may result in the package being placed in the SYS folder.
Reference Links:
DSM Dependency Dumper
Name: DSM Dependency Dumper
Version: 2009-06-19
Author: dj13241
Cost: Free
Reviewed By: Sous-Chef
DSM Dependency Dumper is a handy tool to extract the list of dependency packages for a single Device Side Manifest file (.DSM) or an entire ROM. The DSM Dependency Dumper will produce a Comma Separated Values (.CSV) output file detailing all of the required dependencies for a package.
A Device Side Manifest file (.DSM) describes the contents of a package and has the name <GUID>.DSM. Each package has its own .DSM file. The .DSM file is a binary file and the format may change at any time. The .DSM file is created by parsing a package definition file, package shadow file, and a build manifest file. Each item specified within a build manifest file is used to determine the item's file type.
The .DSM file contains the following information:
Public key certificate data used for signature validation.
Version information which includes the previous version of a package so as to create a delta package between an older or baseline package and a new package.
Package GUID
Dependency GUID information
File names and file information in the form of raw file size and original VBase for MODULES so they can be re-based and differentiated during an update.
Most ROM's are shipped with missing package dependencies.
None Discovered.
Reference Links:
Registry Workshop
Name: Registry Workshop
Version: 4.2.4
Author: Torchsoft
Cost: Trialware, Purchase
Reviewed By: Laurentius26
Registry Workshop is an advanced registry editor for Windows 2000 (Service Pack 4), Windows XP (32/64-bit), Windows 2003 (32/64-bit), Windows Vista (32/64-bit), Windows 2008 (32-bit and 64-bit), and Windows 7 (32/64-bit). It is a perfect replacement for RegEdit and RegEdt32 which shipped with Windows. In addition to all the standard features, Registry Workshop adds a variety of powerful features that allow you to work faster and more efficiently with registry related tasks. With Registry Workshop, registry editing becomes more safe than ever before. All changes except changing key permissions can be safely reversed (even registry replacing and importing), using multiple levels of Undo. You don't need to worry about making mistakes when editing registry.
Registry Workshop includes many useful features: multiple undo and redo, the undo history can be saved to disk and reloaded at startup, search and replace registry keys, values and data with super fast search algorithm, compare registry between computers and/or .REG files with super fast speed, connect mobile device (Pocket PC, SmartPhone, etc.) registry via ActiveSync, cut, copy and paste registry keys and values, drag and drop to move or copy registry keys and values, edit .REG files and .POL files in the same way as editing system registry, backup and restore registry, defragment registry with preview, easy and flexible favorites management, quickly browse registry with address bar, bookmarks and visitation history, context menus to navigate to referenced key: open containing folder or open URL if the key or value contains a ProgID, ClassID, folder, file path or URL, jump to the same key in HKLM or HKCU by context menu, open multiple local registry windows, allow to open secure registry keys when running under the administrator privilege, and edit binary data in BYTE, WORD or DWORD format.
Excellent for editing/viewing/export/import registry keys on your device from your desktop using ActiveSync.
None discovered.
Reference Links:
DSM Analyzer
Name: DSM Analyzer
Version: 1.5
Author: michyprima
Cost: Free
Reviewed By: Sous-Chef
In early kitchen and ROM cooking, chefs used to delete Device Side Manifest file (.DSM) files from OEM packages that resided in the .\PACKAGES and/or .\EXT folder. Other chefs would delete the .DSM file and create an empty version of a .DSM file as a placeholder. As we learned more about the Windows Mobile, we discovered that .DSM files contained pertinent information that was used during the compilation of a ROM and should be properly managed. DSM Analyzer is a utility to view and modify components of a .DSM file such as certificates and list of modules/files.
A Device Side Manifest file (.DSM) describes the contents of a package and has the name <GUID>.DSM. Each package has its own .DSM file. The .DSM file is a binary file and the format may change at any time. The .DSM file is created by parsing a package definition file, package shadow file, and a build manifest file. Each item specified within a build manifest file is used to determine the item's file type.
The .DSM file contains the following information:
Public key certificate data used for signature validation.
Version information which includes the previous version of a package so as to create a delta package between an older or baseline package and a new package.
Package GUID
Dependency GUID information
File names and file information in the form of raw file size and original VBase for MODULES so they can be re-based and differentiated during an update.
Most ROM's are shipped with missing package dependencies.
Does not provide dependencies or shadow order information.
Changes only appear after reloading the .DSM or .DSM(s) in a folder.
Reference Links:

Disassemble or Reverse Engineer WM 6.5 dll

Can anyone suggest tools/utilities that would allow me to disassemble a WM 6.5 dll to reveal it's methods and parameters? In .net desktop world I can use tools like Reflector to do this, but I seem to be having difficulty doing this on WM apps.
Unregister dll - EDiT - Register dll
Here two threads discussing Developer tools & Kitchen Utilities for (ROM) Chef's;
Kitchen Utensils
60 Universal Tutorials for Customizing any Device and Cooking
Have fun, develop something nice for free and please do it here on xda-developers
There are a lot of ifs and buts to this but here goes:
If the dll was created as a .NET app, then reflector should be able to list the code within it, as it will contain the MSIL code within it. If it has been run through an obfuscator when it was built, this can mangle some of the internals and give Reflector a bit of a hard time.
Otherwise it will be a Win32/MFC/ATL object containing ARM object code. A DLL file is the same format as an exe file i.e. Microsoft's PE (Portable Executable) format. Microsoft's DUMPBIN, part of Visual Studio, (run it from the VS Command Prompt), is able to dump out the EXPORT table which lists the public functions visible in it.
There is a freeware ARM dissassembler , CHARMED, which can run on your device which can display the ARM assembly code, but to make any sense out of it, you will require a pretty good knowledge of the ARM instruction set and basic knowledge of how compilers work. If you don't know what a stack frame is, you'll struggle.
Providing a link to chARMed and C/P from that page
stephj said:
There is a freeware ARM dissassembler , CHARMED, which can run on your device which can display the ARM assembly code, but to make any sense out of it, you will require a pretty good knowledge of the ARM instruction set and basic knowledge of how compilers work. If you don't know what a stack frame is, you'll struggle.
Click to expand...
Click to collapse
Here is the link for this nice freeware ARM dissassembler;
Requirements: Windows 98,Me,2000,XP Size: 246kb Description: ABOUT ChARMeD:
ChARMeD is a Windows Mobile / Pocket PC / Win CE (for ARM CPUs) Disassembler and Assembler
The name ChARMeD stands for:
Carolo's Hexadecimal ARM Editor and Disassembler
· Disassemble a Windows CE Executable for ARM CPUs.
· Assemble instructions in ARM Assembler.
· Upload modified file to Windows CE Device.
· View MZ and PE Headers of executable.
· View Import Table of executable.
· Added NOP instruction 0x90909090, which is not part of the ARM instruction set, but nevertheless works because it is an undefined instruction.
· Supports all no operand instructions, Branches (Jumps) and instructions with two registers as operands.
· Recognises 0x90909090 as NOP (see ASSEMBLER above)
· Supports all no operand instructions, Branches (Jumps) and double operand instructions.
ARM Classic Processors
ARM Infocenter
I think IDA is standard for this kinda reversing. If you can find a location where the DLL is called from in another app, you should be able to quickly identify at least the number and format of the parameters. Obviously you can also refer to the import/export tables for this.
Awsome bits of info to get me started ... thanks!!
Is a DLL signed?
And if it is, how does one know it? I use a tool from sysinternals called Sigcheck
Verify that images are digitally signed and dump version information with this simple command-line utility.
One way to use the tool is to check for unsigned files in your \Windows\System32 directories with this command:
sigcheck -u -e c:\windows\system32
Though there are way more options than the example above.
As all reverse engineers/hackers or cooks you too should investigate the purpose of any files that are not signed.
Besides some nice sysinternals standard utilities, there's also;
For obvious reasons I'm using not a direct link to the Suite. Therefore you need to click on it (on the left) yourself. There's a load of useful utilities there waiting to be downloaded by (would be) developers, power users and system / network administrators (are we not all).
If it is signed with a signature; you need to unsign it before editing it!
It's dead easy.
1) Copy your DLL from your phone to your PC. You may need to use ROMExtractor to do this if you have problems.
2) Unsign it using Unsigner. To do this download Unsigner and the Unsigner batch file here. Copy Unsigner, the Batch file and the dll from the phone to one directory and run the .bat file. It should tell you that the certificate has been removed.
3) Download Reshack
4) Open the dll from the phone using Reshack or the better not free PE Explorer
5) Do your editing.
6) Click Compile String at the top and then save the file.
7) Download Ssigner. Launch it and use Select File to select the DLL file you've just modified. Click Start Sign Process! When it's done check the text file that's created to make sure it signed properly.
8) Copy the file back to the Windows directory on the device using for PPC/handheld/CE free Total Commander. If necessary Reboot.
Kitchen Utils Reviewed gives links to programs a developer / cook needs!
Have fun edtinig, vewinig ,bwroisng, assilimating, copamirng and itengaritng your files,

