Related
After seeing the leaked build of Windows Blue at http://www.theverge.com/2013/3/24/4...creenshots-leak-smaller-live-tiles-options-ui, it got me thinking about what I'd like to see. A video I saw had some good ideas but I know that us XDA members can do better. Said video:
http://www.youtube.com/watch?v=wdqUsTAWSnY
Personally, I would like to see:
A better default e-mail app
Ability to boot straight into the desktop
More gestures
More optimization
Even faster boot times
What features would you like to see in the next version of Windows?
faster boot times is just greedy as it is my windows 8 machine booting off of an HDD side by side with a mates more powerful win 7 machine booting from SSD, my machine reaches desktop about a second after his does, and I have to go through a boot select screen and click a tile on the start screen.
Blue isn't 9.
Mail app we need yeah. I would add the music and video apps while your at it.
I dont own a touchscreen so gesture wise I dont care.
Booting straight to desktop would be nice I guess, I really dont care as I actually like the new start screen but some people of course ask for that feature anyway.
What I want to see:
Improved music and video apps, frankly, they suck. Music wise I now use "I love music" which isnt too bad but is a little rough around the edges, certainly better than default though
improved mail app (as you already said)
ability to resize the split between sideloaded metro apps
being able to run my desktop on one monitor and metro on another
my running desktop applications should be listed in the running applications sidebar on the left of the screen, that only seems to show metro applications
in the store app being able to list applications from certain developers (for example being able to look at the angry birds space entry and being able to click rovio to show all rovio apps).
While they are at it with releasing windows blue. XNA replacement please
SixSixSevenSeven said:
faster boot times is...
Click to expand...
Click to collapse
There is always something faster regarding boot times. There are some Chrome books which boot in 8 seconds compared to my laptops 14. The ability to split metro apps has already been added if you check the link about the leak from the Verge. All your suggestions are very good, hopefully at least a few of then will be in Blue
Sent from my Galaxy Nexus
Reboot times are a total red herring. It's a waste of Microsoft's time to put a bunch of people to work shaving off another second or two. Why are people rebooting anyhow?? I never do except for updates. Sleep is faster to enter, faster to return from, doesn't require re-launching my apps, uses only trivial power, and is supported on all hardware I've seen this decade (although I did, about four years ago, encounter an NVidia driver whose preferred form of "screwing up your PC..." install process was to break sleep mode, which I fixed by rolling it back).
Now, if they want to make it so that reboots are needed less often, I'm all for that. More user-mode drivers, and/or modernize the kernel-mode driver stack to reduce how often KMDs require reboots (already much better than XP and below, but still too high). Make Windows Update better about not requiring reboot; I'm willing to close a program or even restart the desktop Explorer session (which takes moments) to avoid rebooting the whole machine.
Fix the <REDACTED> Start search. I don't understand why they took one of the best UI features of Vista, preserved it in Win7, and messed it up in Win8, but the whole segregation of "Apps", "Settings", and "Files" needs to stop, now! Launching programs is one of the very few core requirements of an OS, and the last two versions of Win8 were better at it than Win8 is (specifically, they required fewer clicks and showed more useful info at a glance). That's a travesty.
Metro apps and multi-monitor were already discussed. Instead of reiterating those, I'd like to see more capable Metro apps. Currently, they're locked down to nigh-uselessness from a get-stuff-done perspective. Consequently, I barely ever use them... but that's not good for the ecosystem, because it means that I (and people like myself) have much less incentive to develop them, too. One critical feature: the ability to launch other programs without the target being expressly designed for it.
As a Surface RT owner: remove the stupid prohibition against third-party desktop apps. Make it a hard-to-find setting if you must, but let me unlock it without needing kernel-mode hackery.
As a Surface RT owner: give me drivers! The USB port is already useful, but it could be a lot more useful.
As a Surface RT owner: add support for the low-power standby core of the Tegra 3. Battery life is good already but could be better.
Integrate something like OblyTile into the Start screen. Default desktop-app tiles are ugly.
Worth asking for: multiple (virtual) desktops? I mean, it's "just another app" now, right? I hate that in 2013 I still need to use third-party utiltiies to get this feature that all other common desktop environments have.
Please don't kill off the SUA (Subsustem for Unix Applications)! At the very least, open-source it when you drop official support, so the community can introduce some long-overdue fixes. But seriously, that thing is useful. Cygwin is a nasty hack by comparison.
A virtualization environment that supports high-end graphics would be nice. There's a lot of games that run like crap on NT6 but don't run on virtual XP machines using any of Microsoft's virtualization environments. That directly contributes to the market share of third-party virtualization software. MS used to be good at this VM thing for uses other than servers...
Lots more, but this post is long enough as is. That covers most of the gripes I have at least once a week using this OS.
Most of these are from the viewpoint of an RT user, unless noted.
Critical:
Allow unsigned desktop apps
Allow third-party Metro apps (sideloading)
An alarm clock on RT
Allow metro apps to run backgrounded without requiring them to be pinned to the lock screen
WinRT lacks some major features in the API set (from what I've experienced, lack of client-side cert support for SSL, lack of decent background capabilities, and lack of VPN, though they claim to be fixing the last one)
Go back to the idea that developers create the platform and stop trying to mimic Apple by closing the ecosystem down
Desired:
Allow a hotzone for corners, instead of just a hotspot (x86, mostly)
Better mail app
Allow start screen wallpaper customization without tedious hacks
Allow fine grained tuning of which settings are synced between computers (I don't want the same wallpaper on my tablet and desktop, for example, so I have to turn off syncing all customization settings)
Open up the ARM DDK
Documentation on what features are lacking/missing on ARM Vs. x86.
The current sideloading situation works fine for me, though I agree with the rest of those. I might care more if I found Metro less useless in general.
Hmm, my Lenovo Twist cold boots in about 3 seconds. Doesn't get much better than that.
Sent from my SGH-I777 using xda app-developers app
It really doesn't, actually. The default "shut down" behavior on Win8 is to reboot the machine, and then enter hibernation right before showing the login screen. This is one of the lowest-RAM-usage points in the operation of a PC, so both entering and leaving hibernation here is extremely fast. When you "cold boot" your system, all that is happening is the power-on self test (which is very fast on modern hardware), followed by the OS resuming from the minimal hibernation image (which could easily take three seconds or possibly less with an SSD but not a ton of RAM). Bam, you're at the login prompt in what seems like no time at all!
If you want to do a true cold boot, you'll need to either disable hibernation boot (one of the easiest ways to do this is to disable hibernation entirely using "powercfg /h off", probably must be run as Admin) or you'll need to remove power while the system is running (as in, remove the power cord and remove or drain the battery without allowing it to enter sleep or hibernate). You can get an idea of the true bootup time just by rebooting the machine, but a machine built for Win8 probably won't show you the point where the "shutdown" portion switches off with the "bootup" portion; using EFI, that whole thing can be hidden.
Wouldn't electricity bills go through the roof if all 5 PC's in my household were on hibernate 24/7 365?
Sent from my Nexus 7 using XDA Premium HD app
mmmcfc said:
Wouldn't electricity bills go through the roof if all 5 PC's in my household were on hibernate 24/7 365?
Sent from my Nexus 7 using XDA Premium HD app
Click to expand...
Click to collapse
They're off when they're in hibernate. Hibernate saves the state to disk then completely powers off the computer. You could literally unplug it for 5 years and it would still have the state.
Yep, hibernate's entire point is that it uses no power. However, maybe you meant sleep instead, also known as suspend-to-RAM and which does use a trickle of power. It's a small trickle, though; a PC in Sleep mode draws less than five watts (and most draw only one or two). Five PCs in sleep mode, assuming they're big, beefy, and incredibly inefficient, plus have every kind of wake-on-event (wake-on-LAN, wake-on-click, wake-on-timer, etc.) option enabled, will draw about 25W - non-trivial but less than half what a typical incadescent light bulb draws. Realistically, it would be closer to 5W, especially if some of them are laptops (which only use a portion of a watt).
Depending on the percentage of time that the PC is on anyhow and how efficient its sleep mode is, you may actually be wasting power by taking the time to turn it off, then on again (requiring restarting its programs) all the time. Entering and exiting sleep is effectively instant.
I for one would love to see custom backgrounds on the Start screen, as well as Google Talk support in the Messaging app. One of the main reasons I still have to keep a GMail tab open on Chrome, so I can receive IMs.
Also I would be pleased if they returned Google Calendar syncing after the updates a few days ago. I was very annoyed when all my Calendar events disappeared, but seems to have gotten better since I worked around that with the subscriptions feature in Outlook.
More functionality in the Metro/Modern part of the OS would also be good, but I have already seen that happening with the recent leaks.
Edit: And I also would love to see Aero Glass with Blur come back in the Desktop. Although there are a few hacks to get it working, most do not have similar functionality to Windows 8 or are buggy. The only good one imo doesn't support 32 bit.
How come my windows phone syncs with google fine. Yet windows doesnt.
Google have more sync options than EAS and contrary to MS's claim EAS is still active until june or july.
All they have done is made the mail and people apps worse not better.
Anyway. Supposedly in the blue leak IE11 now has stubs for WebGL support. If this is true then windows blue presumably has OpenGL support, possible for store apps too. OpenGL, even if it is just the ES subset, on RT has been an often demanded feature.
So many android and iOS apps are written with OpenGLES, if microsoft wanted an app rich store then it really would have made sense to support OpenGLES to allow porting of iOS and android apps to windows without having to be rewritten for DirectX11 (not a simple task in many cases).
Oh, overall they made Mail a lot better... but it pisses me off that for people who already had a working Google EAS connection, they went and disabled it. I'm holding off on updating my other devices for now. As for "more sync options than EAS", this is technically true (and the new version of Mail offers to set them up for you), but the others are not as well integrated (one protocol to provide contacts, email, calendars, and security policies).
WebGL support I'm actually kind of skeptical of; the web is a very hostile environment and video drivers are a frightening combination of high-value targets and shaky security. I'm concerned about the attack surface exposed by enabling WebGL. However, it's true that OpenGL, even just OGLES, would be a huge boon to the platform. Windows and DirectX may still rule the roost for PC games, but even there their lead is eroding. In the mobile space, OpenGL has left DirectX in the dirt.
1. If Im running windows 7 64bit, can I upgrade to a windows 8 64bit right from windows 7 without having to format hard drive?
2. If so, can I create a restore point in windows 7 in case I want to go back once windows 8 is installed?
Any other suggestions would be appreciated.
For question 1, yes, this is what I did.
For question 2 I don't know.
SysAdmNj said:
1. If Im running windows 7 64bit, can I upgrade to a windows 8 64bit right from windows 7 without having to format hard drive?
2. If so, can I create a restore point in windows 7 in case I want to go back once windows 8 is installed?
Any other suggestions would be appreciated.
Click to expand...
Click to collapse
yes you can. the installer will give you options on what you want to keep
no. you must create a restore image on an external hard drive if you want to return back to windows 7
In-place upgrades are possible and are technically a supported scenario, but they are a *terrible* idea. They are, at best, going to save you a bit of time reinstalling apps (even though the install process itself takes vastly longer when doing an in-place upgrade, so I'm not sure it's a net positive even there). At worst, you'll end up with an unbootable system due to an unexpected driver incompatibility or something silly like that, lose all your data, and need to reformat and do a clean install anyhow. The usual result is somewhere in between; your system will be less stable than it should be, will take longer to boot up, some programs won't work after the upgrade and will need to be reinstalled anyhow, and at some point in the near-ish future (six months to two years) your systme will develop odd misbehaviors that will require you to effectively reinstall WIndows anyhow (that's what the refresh and reset operations in Win8 basically do, with or without preserving your files, respectively).
Also, if you opt for a clean install, you'll know you have a backup of all your data. That's pretty valuable. You can (and should; the bit about the upgrade failing and you losing access to your data was not a joke) make such a backup anyhow, of course.
As for being able to revert to Win7, the only way that'll happen is if you back up the whole system drive. Restore points don't work between major versions; if you do an in-place upgrade, you won't be able to downgrade it again short of restoring a backup or wiping the system and instally Win7 cleanly.
I did it
SysAdmNj said:
1. If Im running windows 7 64bit, can I upgrade to a windows 8 64bit right from windows 7 without having to format hard drive?
2. If so, can I create a restore point in windows 7 in case I want to go back once windows 8 is installed?
Any other suggestions would be appreciated.
Click to expand...
Click to collapse
After doing an in place Upgrade on my box i hope my story will help you.
I simply couldn't resist the offer MS made 'til 28 Feb 2013 so i downloaded Windows 8 64 Bit to my Laptop and after the Upgrade Assistant gave me a green light and promised except for the ATI drivers everything should work out i started the upgrade. After roughly 4 h the Upgrade process was done and windows 8 ready. Even the mentioned ATI driver was not a big problem because after the initial upgrade windows 8 asked if i would care to update it and did so.
Windows 8 is creating a Backup of your current installation so there is a restore point you can use. I did not try it out and after 2 weeks i deleted the restore Point.
So far so good. The installation wasn't that complicated. Unfortunately after that i could no longer install any Program or update. The reason behind it was that the upgrade process is exchanging something in the users Registry and after that the security checks simply denied me access to the file System. Even booting in recovery mode did not help (just like my Android GBook tablet at the moment ) . Only way to cope this was to create a new User with Admin Rights as a replacement. Doing so one of my document Folders got lost in transition. I still have no Idea what happened but after moving a Folder from MyDocuments user old to MyDocouments user new the Move process suddenly died and the files where gone. I did have a Backup so luckily it was just annoying but still gave me a rough time figuring out what happened.
You will probably be bothered to reinstall some applications (MS Apps will work) and the new interface is something to get used to for a Lot of Developers.
My System turned quiet a bit slower because of the ever running index service etc. Indexing is even denying write access to newly created files quite regularly and you will have to wait for it to finish before file operations are possible. You definitively have to tune system services if you want a system that is not slowing you down.
My final advice after 2 Month using Win8?
Don't do an in place upgrade it if you don't have to. Windows 7 was working perfectly for me. After 15 years of IT Support under my belly (even thou most of it doing Back-office Servers) Win7 felt like an OS that wasn't in the way and did a great Job. Windows 8 will get in your way via slowing down your Box and making steps that were natural in win7 more cumbersome.
Especially System settings are more or less hidden (because the average "dummy" user needs to be protected from it :silly: ) and are hard to find. Turning every entry in your Start menu into an Metro Icon does not Help either. It's just messing up your start screen. Be Prepared to switch between metro and "normal Desktop" quite often if you are still using "older" programs. Even if you don't want to your Program will decide for you .
I think a fresh install helps in that category because it might make it easier to "switch your mind" to the new environment. It will also be a chance to clean your System of old and rarely used programs.
If you still want your Upgrade make sure your Backups are up to date and Working!
Hope this is helping you out.
Cheers
Lanman99
Thanks for enlightening us on the new screw-ups and mishaps of Win8 upgrades. The availability of the downgrade restore point is a new and welcome change, but the rest sounds about right for an upgrade.
Four hours to upgrade (when a clean install takes 15 minutes): check
Permissions messed up afterward: check
Performace actually decreased (even though a clean install of Win8 performs better than a clean install of Win7 on the same hardware): check
Data loss (your Documents folder): check
As for your points re: Win8 itself: first of all, if your only experience with it is based on that abomination of an in-place upgraded system, assume everything you "know" about the OS from that experience is wrong. I've been running Win8 for ~1.5 years now (counting betas) and have never had the problem with indexing service (which runs low-priority and doesn't take system resources that you're trying to use for anything else), data loss from library or folder movement, or any of the other problems you mention. I did try an upgrade install during the betas, but the result was trash - a bunch of features didn't work afterward, and the performance was worse than it should be - and the response when I reported the issues was "do a clean install". Upgrade installs are only *technically* supported; even MS thinks they're a bad idea.
Judging on OS based on an upgrade install is like judging a car model based on taking that car's interior and body, but replacing the engine, transmission, suspension, electronics, wheels, brakes, lights, and wipers with random junk you pulled out of a wrecking yard (without checking the original model) and beat into shape with a hammer and a hacksaw. Sure, it *looks* like it's easier (cheaper than making the needed money to buy the actual model) than buying a new car, and if you're really careful and moderately lucky, it will actually run pretty well and not strand you in the middle of nowhere or burst into flame or something awkward like that. It's going to be a complete pain in the ass to maintain though, you'll end up having spent a ton of time hacking it together in the first place and then keeping it running until you quickly pass the point where it would have been easier to just get the new car, and in the meantime it will never perform as well as it "should" have. Putting a bunch of junk car parts in a BMW body does not mean you're driving a BMW.
By the way, those problems that I didn't have? That even includes the "switching back and forth" thing, because I found it was a lot better to just not use Metro at all. I treat the Start screen the same way I treat the Start menu on older NT6.x versions: an irrelevant graphical thing that pops up for the half second where I type the name of a program I want, in between when I hit the Windows key and when I hit Enter. I pinned my most-used apps to the taskbar. My typical admin stuff is on the Win+X (or right-click the Start button - yes, there is one, it's just hidden until you hover over it) menu. Outlook is a better mail client than Mail, and better scheduling tool than Calendar. Pidgin is better than Messenger. If for some reason I want to log into Facebook, I have this thing called a "web browser" (which runs in a window, with all its features instead of a crippled subset of them, thank you very much).
Metro Skype is good enough I do use it sometimes, although I snap it to one edge of my (very wide) screen so it doesn't get in the way; I've considered going back to desktop Skype anyhow. Desktop SkyDrive is much better than the Metro one. Same for desktop OneNote vs. the Metro version. The only Metro apps I actually use much are games, and frankly I don't use Metro games that often on my main (desktop) Win8 box; why would I, when I could play Eve Online or Civilization / Alpha Centauri instead?
I only had the problem of a few games and visual studio needing a reinstall on my upgraded system. Not one of the other issues mentioned.
Oh, also had an issue where before the update it said my GPU drivers wouldn't work post upgrade, they did and as soon as I upgraded I was able to obtain native windows 8 drivers anyway. My integrated GPU was fine.
GoodDayToDie said:
Thanks for enlightening us on the new screw-ups and mishaps of Win8 upgrades. The availability of the downgrade restore point is a new and welcome change, but the rest sounds about right for an upgrade....
Click to expand...
Click to collapse
Abomination is probably a bit harsh (i'm still working on that monster )
Don't get me wrong. I don't wan't to bash windows 8 for the sake of it. I just don't see a urgent reason to advise SysAdmNj to upgrade. Especially not an in-place upgrade. And i definitely agree that a clean install is the first choice to move to any new OS.
BUT surprisingly i pulled the same stunt growing from Vista to win7 on my Dell Studio 17 which went great. I had 1 issue with the on-board camera but other than that my notebook was running better, faster and more stable afterward and that was the primary reason why i tried it again with win7 to win8 on my lenovo. Still i got it working and at least it gave me valuable support experience and it's a dirty job but somebody...
Reason to try Metro is also based on my Idea to stay ahead of my Users. I think Metrostyle systems will be heading in our direction if we want it or not. It is to tempting for the marketing branches of our major OS vendors so i keep tinkering with it.
That "Back and Forth" simply lies in the program designs. It will just take me some time to get used to it, sorry but i'm old ).
Some of my apps (namely Hotmail which became Outlook) are seamlessly integrated and as you already mentioned much better than before most others are still written for WinXP/Vista/7 and will bring you back to familiar havens. Internet is done by a heavily customized FF portable, so carefree covered.
My main critique boils down to System settings Metro style. A lot of settings, tools and tweaks which grew into supporters hands look castrated to fit the average users need. That really is annoying. It looks i have to brush up on system scripting skills to support my colleagues. Thought i could get away with less typing these days :crying:.
...and yes switching a self patched '74 Beetle engine in a 2013 Beamer won't make a Racing machine but it looks funny trying to get away with it .
Right click the start icon on the desktop and there is a control panel link. Just the same as win7
SixSixSevenSeven said:
Right click the start icon on the desktop and there is a control panel link. Just the same as win7
Click to expand...
Click to collapse
Yes if you are on your desktop. Starting up Metro won't give you that. You have to switch to your Desktop first. Or activate "All Apps" and sidescroll to Systemsettings. Besides it is not integrated which leads you again to your Desktop.
So System Settings = getting around Metro. The Settings Metro offers are still limited. Which IMHO is not a good way to do it. Yes it sounds nitpicking but if MS decides to get completely rid of our beloved Desktop, Metro is all you get.
But as i said, maybe just getting old...
On the metro start screen if you start typing it automatically fires up search. Type control and usually control panel is right there in front of you. Very quick and metro based.
But I agree, we could do with a native metro control panel.
SixSixSevenSeven said:
On the metro start screen if you start typing it automatically fires up search. Type control and usually control panel is right there in front of you. Very quick and metro based.
But I agree, we could do with a native metro control panel.
Click to expand...
Click to collapse
In windows 8.2, there is supposed to be the Pc settings with more options like power options in it. This will not get rid of the desktop control panel though
Sent from my Kindle Fire using Tapatalk 2
Maybe I should have created a poll. Should I stay on windows 7 or upgrade?
I dont know now. I'm not crazy about windows 8. I'm fine on windows 7. Thing is most laptops come with windows 8 so I thought I might as well start familiarizing myself more. Although to be honest I think even if I was to buy a new laptop with windows 8, I would just clone that image and just restore a windows 7 image with all my apps etc. That or just change the hdd with mines
But thanks for all the insights.
Win8 does perform better, and has some cool new features (built-in ISO mounting, for example, is long overdue). If you do what I do, and mostly treat it as Win7 that has one more slot on the Taskbar than normal, it's a great OS. There are some things that mildly bug me, like the removal of window border transparency, but that's hardly a big deal.
The Win+X menu (or right-click on Start) can be done from anywhere; you don't have to be on the Desktop already. Selecting the Control Panel from that menu will open up the Desktop-mode Control Panel whether you're in the Desktop, the Start screen, or some Metro app.
I actually prefer the lack of border transparency and the flat colours etc, guess that's just personal preference though.
If you have a spare box--techies should always have a spare box--pop Win8 onto it to play around. If you're happy with Win7, I'd stick with that for your production box(es).
It's OK to skip Win8 (and 8.1). It's a transition rev, and biz won't migrate to it. There'll be more changes when Win9 rolls out next year, so even if you're set on sticking with Win, you can save half the work by jumping on Win9 then, because sure as heck you won't stay with 8.x when 9 is out.
Basically, if it's fun, then do it. If it's work, then don't.
There hasn't even been so much as a hint from Microsoft that there will be a windows 9 any time soon. I think we're in for a few more years of updates yet, windows 8 can still be "fixed".
Microsft stated - over a year ago, I think - that Windows was moving to an annual, smaller-releases cycle. Win8 and WP8 were the first OSed released after that announcement, with "Blue" for Windows and Windows Phone expected later this year (about one year after the W*8 releases). WP9-related job postings, referencing that OS by name/number, have already been posted on LinkedIn as well.
It took us much longer than WP7 did, but the first Interop Unlock hack for WP8 is now available. It's currently limited to SAMSUNG phones, although we're trying to extend it to other phones, of course.
WARNING: Samsung is trying to break this hack! If you take the retail upgrade to GDR3 including the Samsung firmware update, it will not work!
A brief summary, for those unfamiliar with interop-lock: Windows Phone allows a number of high-privilege app capabilities, which can be used to make changes to the OS which are normally not possible for a third-party app. The limitation on whether we can use these capabilities or not is based on what "level" of developer unlock the phone has; standard "ISV" (Independent Software Vendor) dev unlock (max 10 apps or less) is what pretty much everybody gets; OEMs, however, get a special OEM Developer Unlock (300 apps or more) which gives them the ability to use much higher-privilege app capabilities than the standard ISV unlock permits. The name comes from ID_CAP_INTEROPSERVICES, the capability which was most important in WP7. In WP8, however, there are a great many interesting capabilities. Note that Interop-unlock by itself does not enable all of these. However, at least on Samsung phones, it is now possible to enable *all* the capabilities.
Guide for Samsung's ATIV phones:
The instructions are generally well-provided in @-W_O_L_F- 's app (direct link for updated XAP). You will also need the Diagnosis app, which is included (though hidden) on every Samsung WIndows phone.
The instructions are as follows:
Developer-unlock your phone. You will need the Windows Phone Developer Registration tool for this; it comes with the SDK.
Sideload the helper app using Application Deployment (included with SDK) or WPPT. It does not work to just copy the file to your phone, or similar.
Open the Phone dialer (the built-in one) and dial ##634# to install the Diagnosis app (if you hadn't already). You can exit it afterward.
Run the Interop Unlock Helper app and read the instructions, clicking Next until you get to Step 2.
Click the button to generate the toast notification for your phone's Diagnosis app, then tap on the toast to open the hidden registry editor.
Press-and-hold the Back button, and switch back to the helper app without closing the registry editor. Click Next to go to Step 3 in the helper app.
Copy the provided registry paths and values out of the helper app, use the Back-and-hold switcher to return to Diagnosis, paste the values into the registry editor, and write them.
Don't worry if the app says a write failed! Just hit Read afterward to verify the change.
Repeat the previous steps a few times, hitting Next after each set of instructions, until the Helper app says "Finish".
Once all the registry values are written, congratulations; you are interop-unlocked!
At this point, you probably want to run the EnableAllSideloading hack below.
If you want to enable sideloading even more high-privileged apps, you'll want the following:
Install the BootstrapSamsung app attached to this post. This requires having interop-unlock already, and will not work if you have Samsung's ships-with-GDR3 firmware update unless you unblock RPC.
Run the app once, and ensure it displays a success message. You may then exit and (optionally) remove the app.
Install the EnableAllSideloading app attached to this post. This requires the bootstrap step. However, it is not specific to Samsung (we just can't bootstrap anything else yet).
Run EnableAllSideloading once, and ensure it displays a success message. You may then exit and (optionally) remove the app.
At this point, you will be able to sideload any capability, even the ones used for built-in apps and services. However, there appear to still be restrictions, even with a capability such as ID_CAP_BUILTIN_TCB. Multiple XDA members, including @Heathcliff74 and myself, are working to overcome these restrictions.
It may be necessary to repeat these steps after a phone update.
Capabilities which will be enabled, without further modification, by using interop-unlock:
Note: This list is *just* the ones from Interop-unlock; it does not unclude the ones from EnableAllSideloading.
ID_CAP_CALLMESSAGING_FILTER
ID_CAP_CAMERA
ID_CAP_CELL_API_COMMON
ID_CAP_CELL_API_LOCATION
ID_CAP_CELL_API_OEM_PASSTHROUGH
ID_CAP_CELL_API_UICC
ID_CAP_CELL_API_UICC_LOWLEVEL
ID_CAP_CELL_WNF
ID_CAP_CSP_FOUNDATION
ID_CAP_CSP_MAIL
ID_CAP_CSP_OEM
ID_CAP_CSP_W4_APPLICATION
ID_CAP_CSP_WIFI_HOTSPOT
ID_CAP_DEVICE_MANAGEMENT
ID_CAP_DEVICE_MANAGEMENT_ADMIN
ID_CAP_DEVICE_MANAGEMENT_BOOTSTRAP
ID_CAP_DEVICE_MANAGEMENT_SECURITY_POLICIES
ID_CAP_DU_MIGRATOR_STATUS_OEM
ID_CAP_OEM_DEPLOYMENT
ID_CAP_INTERNET_EXPLORER_FAVORITES
ID_CAP_INTERNET_EXPLORER_SEARCH_PROVIDER_KEYS_HKCU
ID_CAP_INTEROPSERVICES
ID_CAP_KIDZONE_CUSTOMIZATION
ID_CAP_MAP_WRITE
ID_CAP_MEDIALIB_PHOTO_FULL
ID_CAP_NETWORKING_ADMIN
ID_CAP_OEM_ADC
ID_CAP_OEMPUBLICDIRECTORY
ID_CAP_PEOPLE_EXTENSION
ID_CAP_PEOPLE_EXTENSION_IM
ID_CAP_PEOPLE_EXTENSION_MOBILE
ID_CAP_PERSONAL_INFORMATION_IMPORT
ID_CAP_RUNTIME_CONFIG
ID_CAP_SMS_INTERCEPT_AGENT
ID_CAP_SMS_INTERCEPT_RECIPIENT
ID_CAP_SYNC_EXTENSION
ID_CAP_VOICEMAIL
ID_CAP_WALLET_SECUREELEMENT
ID_CAP_WIFI_BASIC
One of the goals of this thread will be to explore what we can do with interop-unlock, and look for ways to achieve full permissions. I think I've found one, but it requires the ability to write registry multi-string values. Basically, if we could add a "superuser" privilege, or enable the use of ID_CAP_BUILTIN_TCB, which already has it, this would allow the creation of "root" apps.
Aside from myself, credit for this hack goes to @cpuguy for the Native Toast Launcher tool which permits accessing otherwise-unreachable code, and @-W_O_L_F- for helping put the pieces together. I'm not actually certain which one of us achieved the interop-unlock first; we were both working on it. @Heathcliff74 continues to be a help on the quest for full-unlock.
The source code for the apps below is posted at http://forum.xda-developers.com/showpost.php?p=45606584&postcount=88
Questions and Answers
Can I install WP7 interop apps using this?
They will install, but there's no point. They almost certainly won't actually work. Interop-unlock enables access to parts of the OS which third-party developers were not intended to touch; consequently, there's no backward compatibility. Even the methods used for native code on WP7 (which is different from, but nearly essential to make use of, interop-unlock) won't work on WP8. However, it should be possible to port many of those applications to WP8.
Will this work on Lumia phones / How can I get this on my Lumia / Are you working on this for Lumia phones / What about HTC, or some other OEM?
The current hack relies on a Samsung-specific component. Adding support for other phones will require new hacks. We are looking into it, rest assured; at this time, however, there is no way to gain interop-unlock on any WP8 device other than a Samsung one.
EDIT: It looks like there should soon be a Huawei W1 custom ROM with interop-unlock included. I don't deal with custom ROMs, but you may be able to use homebrew apps on that phone too.
EDIT: Lumia phones *can* be interop-unlocked via JTAG. However, this requires some extra hardware and some phone disassembly. Not an online hack, and not for the faint of heart.
But what if we installed the Diagnosis app on a Lumia phone (using Fiddler proxy or similar) and then followed this guide?
I repeat, Samsung-specific component. Nokia doesn't put the required services/drivers for Samsung's Diagnosis app into their Lumia firmware, so the app would not work!
Can I upgrade my phone to GDR3 if I have this?
Yes. However, be aware: if you install Samsung's updates that come with the retail GDR3 update, it will break your ability to re-unlock, or to use some homebrew apps! (Developer preview updates are fine, as those are purely Microsoft code and don't mess with the Samsung components.)
EDIT: There's a way to unlock the Samsung services for full access again on GDR3. You still need to interop-unlock beforehand, though.
Can I re-lock my phone if I want to?
Yes, easily. The simplest method is to use the Windows Phone Developer Registration tool (the one that comes with the SDK) to de-register the phone (you can then re-register it if you want to get your normal dev-unlock back). This doesn't remove any changes that were made using the interop-unlock, though (for example, it won't undo the EnableAllSideloading hack, not will it set back the Full FS Access hack). Apps that require interop-unlock will still be installed, but may no longer run. To manually remove interop-unlock, you can reset all the registry values that were changed by the interop-unlock hack to their original values, and remove all the apps. There still may be a great many other changes that also need reverting, though, if you want to get back to stock settings. See next question.
Can I get my phone completely back to stock settings without knowing every little thing I changed?
Yes, a hard (factory) reset will undo all changes made by interop-unlock, or any apps (including ones that require interop-unlock), and will remove all apps. If you need to send your phone in for warranty servicing and are worried that they won't take it because you interop-unlocked it, this approach will fix that (they would probably tell you to hard-reset anyhow, if it's conceivably a software problem).
Will the interop-unlock survive a hard reset?
Not using this method! Read the question above. This unlock is purely in software, not firmware; it is reset along with everything else.
Can I upgrade my phone to WP8.1 if I have this?
Tentatively, yes! We're still working on figuring out exactly what WP8.1 means for the homebrew scene. The short version is that most apps and some (but not all) of the hacks they contain seem to still work, though. However, see next question...
Can I interop-unlock my phone on WP8.1?
At this time, I don't believe this is possible (unless you can use a custom ROM). One step of the process appears to have been "fixed" and we will need to find a different way. -W_O_L_F- has indicated that he has one, possibly coming soon...
Apps which use Interop Unlock
SamWP8 Tools Currently includes a basic registry editor and some tweaking tools, including an accent color editor.
Native Access Webserver that requires full capability unlock; still read-only at this time.
PDF to Office enables browsing and moving files.
WPH Tweaks allows easy access to a number of registry tweaks.
AppData Manager allows you to back up the data of an app so you can re-install it (possibly after a hard reset) and not lose its state.
Storage Cleanup allows you to list and delete space-wasting files on your phone.
Reserved for... whatever else is needed.
Awesome!
I suggest first app to the list: my SamWP8 Tools
Upd. I'm little bit late XD
well i ve got an ascend w1 bootloader unlocked if i can help let me know
It's awesome to have my phone Interop Unlocked. I hope to see something to clear my "Other Storage" soon. Its full with faulty Windows Store installation files.. But I guess even with this it will be a lost cause.
Sent from my GT-I8750 using Tapatalk
although the Samsung registry editor will install it will not run on my phone and I believe I was able to interop unlock any idea why it wont run?
@GoodDayToDie your wor is awesome and you are the man
Good luck buddy
@FricoRico: Actually, I'm pretty sure we can clear out those files. I've got a ton of stuff on my plate at the moment, but even if none of the capabilities that work with interop-unlock will natively allow access to the relevant folder (and I wouldn't be surprised if one does; what is the folder in question?) there's a function in the Samsung driver interface to move files; we can move them to a location where we have write access, and then delete them.
@noelito: No idea. If it installs, that means you're unlocked. Make sure your phone didn't re-lock, I guess - try deploying the app again, for example - and make sure you're using the official deployment tool (some of the unofficial ones for WP7 - which may or may not work on WP8 - strip interop capabilities) and then try again. If it still doesn't work, please give a more detailed error report.
I am using the official deployment tool, and I believe the interop unlock does work because I was able to side load operamini, Samsung photo studio, supreme shortcuts and couldn't before BUT that was it they're side loaded but do not work at all ? well actually supreme shortcuts does run but when I try to use a custom shortcut such as brightness it will crash
Sent from my SGH-T899M using XDA Windows Phone 7 App
Aha, an item for the FAQ...
WP7 INTEROP APPS WILL NOT WORK! Interop-unlock lets you develop high-privilege apps, but it's very OS-specific. This is all unofficial stuff; there's no reason for Microsoft to have maintained backward compatibility, and indeed they did not. New apps will need to be developed specific to WP8. That's why there isn't already a bunch of listed apps...
ohhh ok so this interop unlock
is paving the way for future wp8 homebrew apps?
Exactly. Things which I have in mind, beyond the obvious improvements to registry and file system browsing, include options such as sounds customizations, media library access, changing certain "restricted" file/URI associations (alter the default browser?), *possibly* better task management (not sure we have the permissions for that), cleaning up wasted storage space, and as much more as we can manage. There's also a lot of potential for future research which this enables: interop-unlocking more devices, getting even higher permissions, possibly even custom ROMs or at least custom kernel drivers (which is much the same, since once you've got that you can change anything).
Can you write anywhere on the file system?
I can write some places, certainly. We'll see. I've got a couple of ideas for exploits involving writing to System32, but if there's anywhere I *can't* write, it's probably there.
Maybe "test mode" from lumias work like diagnosis app from samsung, really don't know about WP8 because i went from android, but on my motorola some options in fastboot like "Factory Mode" are apk's. Maybe this is a dumb thing (because they are two diferent systems ) :silly: .
Really thank you for your work, u 're awesome.
Sry for my english
GoodDayToDie said:
I can write some places, certainly. We'll see. I've got a couple of ideas for exploits involving writing to System32, but if there's anywhere I *can't* write, it's probably there.
Click to expand...
Click to collapse
Might be able to port @Myriachan 's exploit.
Boss442 said:
Maybe "test mode" from lumias work like diagnosis app from samsung, really don't know about WP8 because i went from android, but on my motorola some options in fastboot like "Factory Mode" are apk's. Maybe this is a dumb thing (because they are two diferent systems ) :silly: .
Really thank you for your work, u 're awesome.
Sry for my english
Click to expand...
Click to collapse
Feature-wise, Test mode is heavily locked on Lumias. One has to authorize to use its the most sweet features.
What is the best PC Decrapifier? Something like Ccleaner, but better?
You already named it, at least for registry decrapifying.
In my opinion though the best decrapifier is not crapifying in the first place.
Or learning to do it manually. I've never met one such tool that I trusted, or that I was confident did enough good to be worth the risk of harming the system.
ericerk said:
What is the best PC Decrapifier? Something like Ccleaner, but better?
Click to expand...
Click to collapse
I have had good luck with System Mechanic. It has kept my xp machine usable - after 10 years! www.iolo.com
Sent from my HTC One using XDA Premium 4 mobile app
GoodDayToDie said:
Or learning to do it manually. I've never met one such tool that I trusted, or that I was confident did enough good to be worth the risk of harming the system.
Click to expand...
Click to collapse
Is there a tutorial on this?
ericerk said:
Is there a tutorial on this?
Click to expand...
Click to collapse
Yep
1) go to control panel>programs and features>uninstall a program
2) find the stuff you want to remove>uninstall, follow on screen instructions.
for trash files:
Right click partition>properties>general tab>disk clean up>use it to delete everything you want.
After you;ve done these
right click the partition from which you deleted the files>properties>tools>defrag/optimize and defrag the disk.
Do this every 1-2 months and you shall have a happy relationship with your PC.
There is also a good thing to keep all stuff downloaded from the internet in the downloads folder until you can make sure you actually need it, so you can delete it all at once.
There is really no magic stuff the "cleaner programs" do. And windows does it better than they do. So why not use the tools you have at your disposal?
as 6677 said, it is better to avoid getting craptose in the first place. Just be careful what you download and you shall be fine.
ericerk said:
Is there a tutorial on this?
Click to expand...
Click to collapse
Certainly one should keep the list of installed programs as minimal as is possible, but over time Windows builds up problems in the registry and elsewhere that simply slow down the system. In fact, uninstalling programs often leads to the registry values not being uninstalled as well, because of poor uninstallers by the programmers. Even if the values are uninstalled, that produces gaps in the registry unless it is compacted as well. That sort of thing simply isn't efficiently handled except by a program designed for the purpose. So one can improve the system by uninstalling - but the little stuff keeps building up.
Defragmenting the hard drive also helps, and should be done periodically.
It is a poor design by Microsoft. One simple solution is to simply reformat and reinstall windows every few years, thus clearing out the registry and all Windows problems. But that can be a hassle to reinstall and re-download all the updates.
My home XP machine, at about 10 years, is the longest I've ever maintained any Windows installation without reformatting. It boots a bit slowly, but once it is up and operational it is still usable. Before I ran system mechanic (and still use it periodically) it simply could not be used. I didn't reformat the machine because it has programs (mostly games) that my son still likes, and I don't have the disks and/or install codes for them any more.
I would suggest a reformat / complete reinstall as the best possible solution.
stevedebi said:
Certainly one should keep the list of installed programs as minimal as is possible, but over time Windows builds up problems in the registry and elsewhere that simply slow down the system. In fact, uninstalling programs often leads to the registry values not being uninstalled as well, because of poor uninstallers by the programmers. Even if the values are uninstalled, that produces gaps in the registry unless it is compacted as well. That sort of thing simply isn't efficiently handled except by a program designed for the purpose. So one can improve the system by uninstalling - but the little stuff keeps building up.
Defragmenting the hard drive also helps, and should be done periodically.
It is a poor design by Microsoft. One simple solution is to simply reformat and reinstall windows every few years, thus clearing out the registry and all Windows problems. But that can be a hassle to reinstall and re-download all the updates.
My home XP machine, at about 10 years, is the longest I've ever maintained any Windows installation without reformatting. It boots a bit slowly, but once it is up and operational it is still usable. Before I ran system mechanic (and still use it periodically) it simply could not be used. I didn't reformat the machine because it has programs (mostly games) that my son still likes, and I don't have the disks and/or install codes for them any more.
I would suggest a reformat / complete reinstall as the best possible solution.
Click to expand...
Click to collapse
CCleaner clears out the old registry keys in theory, otherwise one can do it manually as GoodDayToDie suggested.
Windows actually defrags as you go along now, you will generally find that manual defragging is entirely unecessary. Although if you do want to do it as piece of mind it at least wont take long (my desktop I upgraded to windows 8 on release and has still only just reached 0.1% fragmented).
SixSixSevenSeven said:
CCleaner clears out the old registry keys in theory, otherwise one can do it manually as GoodDayToDie suggested.
Windows actually defrags as you go along now, you will generally find that manual defragging is entirely unecessary. Although if you do want to do it as piece of mind it at least wont take long (my desktop I upgraded to windows 8 on release and has still only just reached 0.1% fragmented).
Click to expand...
Click to collapse
It is rather difficult to clean out registry values that have no clear naming convention, just a random string of hex codes - not all programs are logical in the directory entries. So manual cleaning has never seemed that good to me.
I'm presuming that the OP is not using windows 8, which really hasn't had time to get cluttered yet. For those older windows xp and win 7 installations, I have found System Mechanic Pro to be the best program, since it has programs for optimizing as well as cleaning out. I haven't yet installed it on any of my Windows 8 machines (no need yet so far as I can tell).
I've not heard of windows automatically defragmenting the disk, do you have a link?
EDIT: Nevermind, I just checked my Windows 8 and I see that microsoft has set up the defrag to run periodically. I'm not sure this was enabled in Win 7, but I had diskeeper on that installation so I would not have noticed.
stevedebi said:
It is rather difficult to clean out registry values that have no clear naming convention, just a random string of hex codes - not all programs are logical in the directory entries. So manual cleaning has never seemed that good to me.
I'm presuming that the OP is not using windows 8, which really hasn't had time to get cluttered yet. For those older windows xp and win 7 installations, I have found System Mechanic Pro to be the best program, since it has programs for optimizing as well as cleaning out. I haven't yet installed it on any of my Windows 8 machines (no need yet so far as I can tell).
I've not heard of windows automatically defragmenting the disk, do you have a link?
EDIT: Nevermind, I just checked my Windows 8 and I see that microsoft has set up the defrag to run periodically. I'm not sure this was enabled in Win 7, but I had diskeeper on that installation so I would not have noticed.
Click to expand...
Click to collapse
I'm using an HP ENVY 17 w/ 4th gen intel i7 (Running 8.1)
It just feels slower, than my win 7 platforms.
It's a refurb, It was on sale from staples for 50% off. This thing: http://www.staples.com/HP-ENVY-Touc...rbished-Laptop/product_12329?cmArea=home_box1
It just feels slow... Yes I got rid of bloat, yes I keep a good eye on installed apps. Yes I have anti viruses, there are no viruses.
If you're talking about pre installed crap that comes on every pre-built system, you've got to do it manually.
If you're talking about toolbars and trial ware and junk ware and ilk, I use a combination of ADW Cleaner, Ccleaner, Combofix and Super Anti Spyware. Gets the job done. Some stuff is still manual, though.
The only legitimate excuse for an OEM-installed OS image is to boot the thing up so you're sure you don't have a lemon. You can copy the "drivers" folder (which can come under a variety of silly names) off the machine if you want to, but they're all online anyhow and often the online ones are more up-to-date. Make sure you have the license keys for any installed software that comes with the machine (the OS license key, and the Office one if relevant, are typically on stickers somewhere on the machine, though they can be elsewhere).
Once you've completed the initial bootup, shut the machine down, boot off of a DVD or flashdrive or external HDD or netboot or however you want to do it, and wipe the disk. The Windows installer, in "custom" (clean install) mode can do this. Delete all of the partitions, and either re-create them in less-stupid layout, or just let Windows create a sane partition layout for you by telling the installer to install Windows on the now-empty system drive. Once the system is set up, you'll need to install updates and software you actually want to use, but you'd probably have to do all of that anyhow. Drivers should get pulled down automatically, and for those that aren't, it should be trivial to retrieve them (the obvious exception would be if you somehow don't have working network drivers, in which case grab them off the web on another PC and transfer via USB).
Those OEM system images are pure garbage. In my experience, the first bootup of such a thing can sometimes take longer than the entire OS re-installation, including *its* first bootup! A clean install will run faster, more securely, and more stably; you will have far more resources available including disk space and RAM; you can be sure there are no unexpected programs lurking in the background to "optimize your customer experience" or similar BS. Since you already have the license keys, it won't cost you anything. Best of all, those OEM turds masquerading as software (Norton anything, WildTangent, etc.) will be gone, far faster *and* more cleanly than if you'd tried removing them without taking the nuclear option. It's the only way to be sure.
GoodDayToDie said:
The only legitimate excuse for an OEM-installed OS image is to boot the thing up so you're sure you don't have a lemon. You can copy the "drivers" folder (which can come under a variety of silly names) off the machine if you want to, but they're all online anyhow and often the online ones are more up-to-date. Make sure you have the license keys for any installed software that comes with the machine (the OS license key, and the Office one if relevant, are typically on stickers somewhere on the machine, though they can be elsewhere).
Once you've completed the initial bootup, shut the machine down, boot off of a DVD or flashdrive or external HDD or netboot or however you want to do it, and wipe the disk. The Windows installer, in "custom" (clean install) mode can do this. Delete all of the partitions, and either re-create them in less-stupid layout, or just let Windows create a sane partition layout for you by telling the installer to install Windows on the now-empty system drive. Once the system is set up, you'll need to install updates and software you actually want to use, but you'd probably have to do all of that anyhow. Drivers should get pulled down automatically, and for those that aren't, it should be trivial to retrieve them (the obvious exception would be if you somehow don't have working network drivers, in which case grab them off the web on another PC and transfer via USB).
Those OEM system images are pure garbage. In my experience, the first bootup of such a thing can sometimes take longer than the entire OS re-installation, including *its* first bootup! A clean install will run faster, more securely, and more stably; you will have far more resources available including disk space and RAM; you can be sure there are no unexpected programs lurking in the background to "optimize your customer experience" or similar BS. Since you already have the license keys, it won't cost you anything. Best of all, those OEM turds masquerading as software (Norton anything, WildTangent, etc.) will be gone, far faster *and* more cleanly than if you'd tried removing them without taking the nuclear option. It's the only way to be sure.
Click to expand...
Click to collapse
Wait... So in theory If I can find a legit version of Windows 8.1 (some RTM or straight from Microsoft) I can just reinstall it, and use my current serial? I don't have very much installed so I there's nothing really i'd need to back up, other than some Touchscreen drivers.
Yep. That serial may not work on any *other* computer (or it might; I don't know how restrictive OEM licenses are on 8.x) but it should work (again) on that one.
Worth A try.
GoodDayToDie said:
Yep. That serial may not work on any *other* computer (or it might; I don't know how restrictive OEM licenses are on 8.x) but it should work (again) on that one.
Click to expand...
Click to collapse
It won't even work on my mine getting an error message:
(Same thing happens w/ 8.1)
Seriously?? Wow, lame. I've been doing that for years. I guess they don't allow the use of OEM licenses with retail copies at all anymore, even on the same hardware. I'm sure you could get them to activate it if you called them, but that's a bloody pain to need to do...
It's possible that the .WIM file (Windows IMage) in the recovery partition is a clean installer without the OEM crap (I'd be surprised, but not shocked; they could have it run a script to crapify the installation after re-installing) in which case you *should* be able to use that, but... meh. That's less convenient, for sure.
GoodDayToDie said:
Seriously?? Wow, lame. I've been doing that for years. I guess they don't allow the use of OEM licenses with retail copies at all anymore, even on the same hardware. I'm sure you could get them to activate it if you called them, but that's a bloody pain to need to do...
It's possible that the .WIM file (Windows IMage) in the recovery partition is a clean installer without the OEM crap (I'd be surprised, but not shocked; they could have it run a script to crapify the installation after re-installing) in which case you *should* be able to use that, but... meh. That's less convenient, for sure.
Click to expand...
Click to collapse
I did the windows 8 reset, which took about 6 hours and just loaded up the OEM bunch of software w/ all the bloat installed. I guess I'll call Microsoft soon... Do you know of a direct number?
ericerk said:
I did the windows 8 reset, which took about 6 hours and just loaded up the OEM bunch of software w/ all the bloat installed. I guess I'll call Microsoft soon... Do you know of a direct number?
Click to expand...
Click to collapse
Just go through the computer and remove the junk programs. The control panel will allow you to uninstall them. If you haven't done it yet, I'd install classic shell (or similar) to get your start menu back.
You can also use msconfig (type the WIN + R and type in the command) to remove startup programs from running.
I'm sorry, I thought you were dealing with an older machine, that is why I suggested system mechanic. A new machine can be easily cleaned up manually.
stevedebi said:
Just go through the computer and remove the junk programs. The control panel will allow you to uninstall them. If you haven't done it yet, I'd install classic shell (or similar) to get your start menu back.
You can also use msconfig (type the WIN + R and type in the command) to remove startup programs from running.
I'm sorry, I thought you were dealing with an older machine, that is why I suggested system mechanic. A new machine can be easily cleaned up manually.
Click to expand...
Click to collapse
It's all good, I did that the first day I got the comp!! It just feels like like its sluggishly running.
Is it possible to create an application that would hook all api calls to windows and be able to accept or deny the call? How trivial would this be?
All calls, for all apps? Very damn hard. You'd basically need to shim the entire standard libraries. The shims could probably be programmatically generated, but you'd need to write the program to create them. Then you'd need Admin access to install them, and then...
Why don't you explain what you're trying to do? This is a very complicated thing to attempt, and it might not be the right approach at all,
GoodDayToDie said:
All calls, for all apps? Very damn hard. You'd basically need to shim the entire standard libraries. The shims could probably be programmatically generated, but you'd need to write the program to create them. Then you'd need Admin access to install them, and then...
Why don't you explain what you're trying to do? This is a very complicated thing to attempt, and it might not be the right approach at all,
Click to expand...
Click to collapse
Due to recent program vulnerabilities *cough cough* IE exploit, I want to create a program to minimize and effectively stop the exploits, by blocking reading api calls from programs that have the vulnerability and determining if the call should be made or not.
There's already tools like EMET, which blocked that (and may other) exploits.
Have you ever looked at the output generated by procmon on a typical Windows application? Even for just the subset of system calls that it monitors, the log scrolls too fast to read, much less to make a decision about each call. Something as simple as opening a single static HTML page in IE would require an incredible number of clicks. Your typical modern page, which has dozens of separately-requested elements, generates considerable traffic to log files and cookies and so forth, and may contain rich content requiring a bunch of additional functions... Yeah, not practical at all.
GoodDayToDie said:
There's already tools like EMET, which blocked that (and may other) exploits.
Have you ever looked at the output generated by procmon on a typical Windows application? Even for just the subset of system calls that it monitors, the log scrolls too fast to read, much less to make a decision about each call. Something as simple as opening a single static HTML page in IE would require an incredible number of clicks. Your typical modern page, which has dozens of separately-requested elements, generates considerable traffic to log files and cookies and so forth, and may contain rich content requiring a bunch of additional functions... Yeah, not practical at all.
Click to expand...
Click to collapse
For educational purposes and further knowledge could you show me what I would have to do to hook one api call from a process? it does not have to be a global hook.
There's a handful of possible approaches.
If you *wanted* to do it globally, and didn't mind doing so only at the kernel syscall layer (meaning any purely user-space code wouldn't get caught, but since anything that can go between processes in any practical way involves the kernel anyhow...) you could create a driver that filters the relevant system calls. Filtering the entire system call interrupt at one place is possible if you can mess with the relevant interrupt service routine, but I believe that's protected by PatchGuard. There may be some all-in-one place anyhow, but it would be tricky. Anyhow, this is how tools such as Process Monitor (which only handles a relative handful of system calls) work.
If you want to modify the behavior of a bunch of programs, you could create modified versions of the system libraries, and put them where the programs would load them (usually the application directory would work, but sometimes you would need to replace the system copy). This approach is a lot of work, though not completely impractical; you simply need to shim all the exported functions (or at least, the ones you care about) with a version that filters the call before passing it through to the "real" version, but you would need to cover all the exported functions without breaking their ABI. Doable, but a lot of work.
If you only want to get one function, the easiest way would be to re-write all calls to that function in the process memory such that they go to your filter instead. This is how the Detours library (http://research.microsoft.com/en-us/projects/detours/) works; you can find code samples of using it online. I believe that is also how Microsoft's application compatibility shims work. There are registry keys which will cause a given program to be loaded in a debugger (which can be mostly non-interactive, and just make this change for you) or I *think* there's a way to specify an arbitrary DLL that a given program must load (and run its DllMain function) when it starts up too, which would also do the trick.
Bear in mind that the second and third methods can be bypassed by an attacker who knows what you're doing; the attacker just (re-)overwrites the function tables to point at the real versions of the APIs, or alternatively makes the relevant system calls directly (Win32 programs basically never do this, instead letting the Win32 subsystem translate their Win32 function calls in NT system calls and invoking the wrapped syscall, but there's nothing *stopping* them). The first approach can't be bypassed by an attacker with less than Admin privileges (assuming you did it right; I can think of a couple of potential gotchas you'd need to avoid) but you would need Admin yourself in order to install that driver in the first place, and if you want to *interactively* filter the API calls you would need the entire interaction path including the UI to protected against tampering by less-privileged processes.
With all that said, a real Mandatory Access Control that gives finer-grained control than Windows' Mandatory Integrity Control would be a really cool thing (something more like SELinux or AppArmor). It would probably be more effort on NT than on Linux though, due to NT not (so far as I know) having any equivalent of http://en.wikipedia.org/wiki/Linux_Security_Modules (a good place to start reading about the topic).
GoodDayToDie said:
There's a handful of possible approaches.
If you *wanted* to do it globally, and didn't mind doing so only at the kernel syscall layer (meaning any purely user-space code wouldn't get caught, but since anything that can go between processes in any practical way involves the kernel anyhow...) you could create a driver that filters the relevant system calls. Filtering the entire system call interrupt at one place is possible if you can mess with the relevant interrupt service routine, but I believe that's protected by PatchGuard. There may be some all-in-one place anyhow, but it would be tricky. Anyhow, this is how tools such as Process Monitor (which only handles a relative handful of system calls) work.
If you want to modify the behavior of a bunch of programs, you could create modified versions of the system libraries, and put them where the programs would load them (usually the application directory would work, but sometimes you would need to replace the system copy). This approach is a lot of work, though not completely impractical; you simply need to shim all the exported functions (or at least, the ones you care about) with a version that filters the call before passing it through to the "real" version, but you would need to cover all the exported functions without breaking their ABI. Doable, but a lot of work.
If you only want to get one function, the easiest way would be to re-write all calls to that function in the process memory such that they go to your filter instead. This is how the Detours library (http://research.microsoft.com/en-us/projects/detours/) works; you can find code samples of using it online. I believe that is also how Microsoft's application compatibility shims work. There are registry keys which will cause a given program to be loaded in a debugger (which can be mostly non-interactive, and just make this change for you) or I *think* there's a way to specify an arbitrary DLL that a given program must load (and run its DllMain function) when it starts up too, which would also do the trick.
Bear in mind that the second and third methods can be bypassed by an attacker who knows what you're doing; the attacker just (re-)overwrites the function tables to point at the real versions of the APIs, or alternatively makes the relevant system calls directly (Win32 programs basically never do this, instead letting the Win32 subsystem translate their Win32 function calls in NT system calls and invoking the wrapped syscall, but there's nothing *stopping* them). The first approach can't be bypassed by an attacker with less than Admin privileges (assuming you did it right; I can think of a couple of potential gotchas you'd need to avoid) but you would need Admin yourself in order to install that driver in the first place, and if you want to *interactively* filter the API calls you would need the entire interaction path including the UI to protected against tampering by less-privileged processes.
With all that said, a real Mandatory Access Control that gives finer-grained control than Windows' Mandatory Integrity Control would be a really cool thing (something more like SELinux or AppArmor). It would probably be more effort on NT than on Linux though, due to NT not (so far as I know) having any equivalent of http://en.wikipedia.org/wiki/Linux_Security_Modules (a good place to start reading about the topic).
Click to expand...
Click to collapse
I want to write open sourced code that will be like super user and permissions for windows so you can have the open feeling of windows but a secure feeling as well with little to no anti-virus's. This would not be like windows rt's locks, you can run any program you like.
You're not the first person to have this idea, but I don't think you understand the magnitude of what you're asking for. Even if such a system were created, it would be a lot of work to create all the rule sets for every program you want to protect. Besides, you'd still be vulnerable to malicious code that runs as Admin (i.e. most installers, etc.) since they could unload or modify your driver.