problem with injection dll to cprog.exe process - Windows Mobile Software Development

Call PerformCallback4 failed. Error Number = 6. (The handle is invalid.)
But the handle of the cprog.exe process is right.
source code:
Code:
VOID
InjectDllToCprog()
{
WCHAR DllPath[MAX_PATH] = L"";
CallbackInfo ci;
GetModuleFileName(NULL, DllPath, MAX_PATH);
PWCHAR p = wcsrchr(DllPath, L'\\');
DllPath[p - DllPath] = '\0';
wcscat(DllPath, L"\\CprogInject.dll");
ZeroMemory(&ci, sizeof(ci));
g_hCprog = FindCprogProcess(L"Cprog.exe");
if(g_hCprog != NULL)
{
DWORD dwMode = SetKMode(TRUE);
DWORD dwPerm = SetProcPermissions(0xFFFFFFFF);
FARPROC pFunc = GetProcAddress(GetModuleHandle(L"Coredll.dll"), L"LoadLibraryW");
ci.ProcId = (HANDLE)g_hCprog;
ci.pFunc = (FARPROC)MapPtrToProcess(pFunc, g_hCprog);
ci.pvArg0 = MapPtrToProcess(DllPath, GetCurrentProcess());
g_InjectCprog = (HINSTANCE)PerformCallBack4(&ci, 0, 0, 0);
if(GetLastError() != 0)
DbgError(L"PerformCallBack 执行失败", GetLastError());
SetKMode(dwMode);
SetProcPermissions(dwPerm);
}
}
Anyone can help me?

Related

Writing a Today Plugin

I am trying to write a today plugin. I've used most of the same code from the sample but it doesn't work. The plugin displays for a few seconds then disappears.
Code:
// HelloToday2.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include "todaycmn.h"
#define HELLOTODAY TEXT("HelloToday")
HINSTANCE hInst;
//HWND hWnd;
void OnPaint(HWND);
BOOL OnQueryRefreshCache(HWND, TODAYLISTITEM*);
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
hInst = (HINSTANCE)hModule;
//RegisterClass(hInst);
break;
}
case DLL_PROCESS_DETACH:
{
UnregisterClass(HELLOTODAY, hInst);
break;
}
}
return TRUE;
}
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
switch(message)
{
case WM_PAINT:
OnPaint(hWnd);
break;
case WM_TODAYCUSTOM_CLEARCACHE:
break;
case WM_TODAYCUSTOM_QUERYREFRESHCACHE:
OnQueryRefreshCache(hWnd, (TODAYLISTITEM*)wParam);
break;
case WM_LBUTTONUP:
// ButtonProc();
break;
}
return 0;
}
void OnPaint(HWND hWnd)
{
PAINTSTRUCT ps;
HDC hDC;
COLORREF crText = (COLORREF)SendMessage(GetParent(hWnd), TODAYM_GETCOLOR, (WPARAM)TODAYCOLOR_TEXT, 0);
COLORREF crHighlight = (COLORREF)SendMessage(GetParent(hWnd), TODAYM_GETCOLOR, (WPARAM)TODAYCOLOR_HIGHLIGHT, 0);
TODAYDRAWWATERMARKINFO dwi;
RECT rc;
GetClientRect(hWnd, &rc);
dwi.rc = rc;
dwi.hwnd = hWnd;
dwi.hdc = hDC;
hDC = BeginPaint(hWnd, &ps);
SetTextColor(hDC, crText);
int nBkMode = SetBkMode(hDC, OPAQUE);
SetBkColor(hDC, crHighlight);
DrawText(hDC, TEXT("Hello World!"), -1, &rc, DT_CENTER | DT_VCENTER | DT_SINGLELINE);
SetBkMode(hDC, nBkMode);
EndPaint(hWnd, &ps);
}
BOOL OnQueryRefreshCache(HWND hWnd, TODAYLISTITEM* pItem)
{
if(!pItem)
return FALSE;
pItem->cyp = DRA::SCALEY(20);
return TRUE;
}
HWND APIENTRY InitializeCustomItem(TODAYLISTITEM *pItem, HWND hWndParent)
{
if(!pItem->fEnabled)
return NULL;
WNDCLASS wc;
memset(&wc, 0, sizeof(wc));
wc.style = 0;
wc.lpfnWndProc = (WNDPROC)WndProc;
//wc.cbClsExtra = 0;
//wc.cbWndExtra = 0;
wc.hInstance = hInst;
wc.hIcon = 0;
wc.hCursor = 0;
wc.lpszClassName = TEXT("HelloToday");
wc.hbrBackground = NULL;
RegisterClass(&wc);
HWND hWnd = CreateWindow(TEXT("HelloToday"), NULL, WS_VISIBLE | WS_CHILD, 0, 0, 240, 20, hWndParent, NULL, hInst, 0);
if(pItem->fEnabled = TRUE)
ShowWindow(hWnd, SW_SHOW);
return hWnd;
}

HTC Compass

Hello experts,
I am using : vs 2008 – MFC – Smart Device – dlg (Windows Mobile)
I tried to write c++ codes to have access to hardware compass parameters on the bases of sample codes I saw in this forum , but I had no success. My codes are :
.h file
public:
struct compass_data
{
short x;
short y;
short z;
short angle;
short d;
short dummy[10]; //just to make sure nothing get overwritten
};
struct compass
{
compass_data* data;
HANDLE h;
HANDLE service;
int init();
short update();
int deinit();
};
.cpp file
struct Crotate1Dlg::compass cmps;
cmps.init();
for(int iii=0; iii<5; iii++)
{
cmps.update();
char buffer1[65];_itoa_s(myangle, buffer1, 65, 10);//myangle is integer and initializes 9999
SetDlgItemText(IDC_mySTATIC1, (CString)buffer1);
}
cmps.deinit();
}
int Crotate1Dlg::compass::init()
{
Crotate1Dlg::compass::h = CreateFile( TEXT( "SEN0:" ), 0, 0, 0, OPEN_EXISTING, 0x80, 0 );
if( Crotate1Dlg::compass::h == INVALID_HANDLE_VALUE || Crotate1Dlg::compass::h == 0 )
{
Crotate1Dlg::compass::h = 0;
Crotate1Dlg::compass::service = RegisterService( TEXT( "SEN" ), 0, TEXT( "HTCSensorService.dll" ), 1 );
if( Crotate1Dlg::compass::service == 0 )
{
return 0;
}
Crotate1Dlg::compass::h = CreateFile( TEXT( "SEN0:" ), 0, 0, 0, OPEN_EXISTING, 0x80, 0 );
if( Crotate1Dlg::compass::h == INVALID_HANDLE_VALUE || Crotate1Dlg::compass::h == 0 )
{
Crotate1Dlg::compass::h = 0;
return 0;
}
}
if( 0 == DeviceIoControl( Crotate1Dlg::compass::h, DIO_INIT, 0, 0, 0, 0, 0, 0 ))
{
CloseHandle( Crotate1Dlg::compass::h );
Crotate1Dlg::compass::h = 0;
return 0;
}
return true;
}
short Crotate1Dlg::compass::update()
{
if( !Crotate1Dlg::compass::h )
{
return 0;
}
DWORD read = 0;
if( 0 == DeviceIoControl( Crotate1Dlg::compass::h, DIO_READ, 0, 0, Crotate1Dlg::compass::data, 5, &read, 0 ))
{
myangle = (int)Crotate1Dlg::compass::data->angle;
return 0;
}
else
{
return 1;
}
}
int Crotate1Dlg::compass::deinit()
{
if( Crotate1Dlg::compass::h )
{
if( 0 == DeviceIoControl( Crotate1Dlg::compass::h, 0x3000002, 0, 0, 0, 0, 0, 0 ))
{
CloseHandle( Crotate1Dlg::compass::h );
Crotate1Dlg::compass::h = 0;
return 0;
}
}
return 1;
}
This code compiles fine, deploys on emulator with no error (does not give proper output of course) , but gives error on the device (HTC HT2) . I am sure I am doing something wrong , please correct me.
Thank you in advance.
any screenshots ?
HTC compass
All I get on screen is : "A problem has occured with Test1.exe" then asks me to report to Microsoft .

[Q] Switch on the flash light (code snippet required)

Here is a code to switch on the flash light, but it dowa not work on my S200. I want to fix it. Which message have I send to the cam 1 to switch on/off the flash light on?
How could I define that offset?
Code:
void main(){
DWORD retVal=0;
BYTE inBuf[1]={0};
BYTE outBuf[1]={0};
HANDLE hCam = CreateFile ( L"CAM1:", GENERIC_READ,
0,
NULL,
OPEN_EXISTING,//CREATE_ALWAYS,
0,//FILE_ATTRIBUTE_NORMAL,
NULL);
if(hCam!=INVALID_HANDLE_VALUE)
{
if(DeviceIoControl( hCam, 0x2222336F, inBuf, 1, outBuf, 1, &retVal, NULL))
{
inBuf[0] = (outBuf[0])?0:1;
DeviceIoControl( hCam, 0x2222336E, inBuf, 1, outBuf, 1, &retVal, NULL);
}
CloseHandle(hCam);
}
return 0;
}

[REQUEST] hacking MVNO support into framework.jar

hello! i hope this is the right forum for my request.
i`ve tried to hack some files from JS2, which supports national roaming without data roaming enabled, into the deodexed JVK framework.jar. the result was crashing com.....phone and no working phone function.
here are the outputs of jd-gui after i used dex2jar on services.dex in framework.jar for com/android/internal/telephony/gsm/GsmServiceStateTracker.class with the relevant code:
JS2:
PHP:
private boolean isRoamingBetweenOperators(boolean paramBoolean, ServiceState paramServiceState)
{
String str1 = SystemProperties.get("gsm.sim.operator.alpha", "empty");
String str2 = paramServiceState.getOperatorAlphaLong();
String str3 = paramServiceState.getOperatorAlphaShort();
int i;
if (str2 != null)
{
String str4 = str1;
String str5 = str2;
if (str4.equals(str5))
i = 1;
}
while (true)
{
int j;
label72: String str8;
String str9;
int k;
label141: int m;
int n;
int i1;
if (str3 != null)
{
String str6 = str1;
String str7 = str3;
if (str6.equals(str7))
{
j = 1;
str8 = SystemProperties.get("gsm.sim.operator.numeric", "");
str9 = paramServiceState.getOperatorNumeric();
if ((str8 == null) || (str9 == null))
break label318;
String str10 = str8;
String str11 = "24421";
if (!str10.equals(str11))
break label318;
String str12 = str9;
String str13 = "24405";
if (!str12.equals(str13))
break label318;
k = 1;
m = 1;
n = 0;
i1 = 3;
}
}
try
{
String str14 = str8;
int i2 = n;
int i3 = i1;
String str15 = str14.substring(i2, i3);
String str16 = str9;
int i4 = 0;
int i5 = 3;
String str17 = str16.substring(i4, i5);
int i6 = str15.equals(str17);
m = i6;
label208: String[] arrayOfString1 = this.phone.mSIMRecords.getFakeHomeOn();
int i8;
if (arrayOfString1 != null)
{
String[] arrayOfString2 = arrayOfString1;
int i7 = arrayOfString2.length;
i8 = 0;
label237: if (i8 < i7)
{
String str18 = arrayOfString2[i8];
if (!str18.equals(str9))
{
String str19 = str9;
int i9 = 0;
int i10 = 3;
String str20 = str19.substring(i9, i10);
String str21 = str18;
String str22 = str20;
if (!str21.equals(str22));
}
else
{
n = 0;
}
}
}
while (true)
{
return n;
i = 0;
break;
j = 0;
break label72;
label318: k = 0;
break label141;
i8 += 1;
break label237;
StringBuilder localStringBuilder = new StringBuilder().append("isRoamingBetweenOperators : equalsSaunalahtiElisa=");
int i11 = k;
String str23 = i11;
int i12 = Log.w("GSM", str23);
if (SIMRecords.isNationalRoaming(str8, str9))
{
n = 0;
continue;
}
if ((paramBoolean) && ((m == 0) || ((i == 0) && (j == 0))) && (k == 0))
{
n = 1;
continue;
}
n = 0;
}
}
catch (Exception localException)
{
break label208;
}
}
}
http://pastebin.com/stD1YFPB
JVK:
PHP:
private boolean isRoamingBetweenOperators(boolean paramBoolean, ServiceState paramServiceState)
{
String str1 = SystemProperties.get("gsm.sim.operator.alpha", "empty");
String str2 = paramServiceState.getOperatorAlphaLong();
String str3 = paramServiceState.getOperatorAlphaShort();
int i;
if ((str2 != null) && (str1.equals(str2)))
i = 1;
while (true)
{
int j;
label56: String str4;
String str5;
int k;
int m;
int n;
if ((str3 != null) && (str1.equals(str3)))
{
j = 1;
str4 = SystemProperties.get("gsm.sim.operator.numeric", "");
str5 = paramServiceState.getOperatorNumeric();
k = 1;
m = 0;
n = 3;
}
try
{
String str6 = str4;
int i1 = m;
int i2 = n;
String str7 = str6.substring(i1, i2);
String str8 = str5;
int i3 = 0;
int i4 = 3;
String str9 = str8.substring(i3, i4);
int i5 = str7.equals(str9);
k = i5;
label140: String[] arrayOfString1 = this.phone.mSIMRecords.getFakeHomeOn();
int i7;
if (arrayOfString1 != null)
{
String[] arrayOfString2 = arrayOfString1;
int i6 = arrayOfString2.length;
i7 = 0;
label169: if (i7 < i6)
{
String str10 = arrayOfString2[i7];
if (!str10.equals(str5))
{
String str11 = str5;
int i8 = 0;
int i9 = 3;
String str12 = str11.substring(i8, i9);
String str13 = str10;
String str14 = str12;
if (!str13.equals(str14));
}
else
{
m = 0;
}
}
}
while (true)
{
return m;
i = 0;
break;
j = 0;
break label56;
i7 += 1;
break label169;
if ((paramBoolean) && ((k == 0) || ((i == 0) && (j == 0))))
{
m = 1;
continue;
}
m = 0;
}
}
catch (Exception localException)
{
break label140;
}
}
}
http://pastebin.com/mgNYbWPa
you can see in the code of JS2 there is some code with "isNationalRoaming" which in JVK does not exist. i think this is the reason why national roaming without data roaming enabled is not working in JVK (and also many other sgs roms). i`ve tried to swap the JS2 GsmServiceStateTracker.smali file into the JVK framework, smali it back to .dex and put services.dex back into framework.jar with 7zip. the result was no working com...phone.
i`m no pro, so i think i did something wrong and some of you pro devs maybe have the answer how to do this. many users with virtual network operators like hutchison 3, bob, yesss, and many more would be happy if there will be a way without enabling the risky dataroaming, which could be very expensive when you are geting near a frontier and using data from foreign countries.
push
unwanted data roaming could be really expensive, please help. a lot of users would love you for a working solution! i would donate some beers for a working howto/fix!
to all MVNO users like 3, bob, yesss, .... push this thread with your comments how you would love national roaming without the risk of high costs in the near of frontiers!
I think solution could be easier
Who is your mobile provider?
BOB in austria, MVNO in a1 network.
bob: at 23211
a1: at 23201
Extract this file, paste 'spn-conf.xml' on system/etc/ and reboot
Let me know if it works!
IT WORKS! THANX DUDE!
here are the promised beers: 9J3661079T435484J
Glad tit worked!
Many thanks for your beer!
rafalense said:
Glad tit worked!
Many thanks for your beer!
Click to expand...
Click to collapse
Should this file also work for the Desire (Provider= 3 Austria)
Greetings
r u schnello from braunau?
i think it should work. if u have root, try it.
if it doesn`t work, delete the file again. it won`t harm anything.
edit: the fake_home data for 3 isn`t in the file. i will try to find some more infos about 3 roaming.
paratox said:
r u schnello from braunau?
i think it should work. if u have root, try it.
if it doesn`t work, delete the file again. it won`t harm anything.
Click to expand...
Click to collapse
Thx for the quick reply,
yeah my home town is braunau.
Greetings
Schnello said:
Thx for the quick reply,
yeah my home town is braunau.
Greetings
Click to expand...
Click to collapse
you`ve got a pm!
if we find a solution, we will post it here.
Could this also work on a stock nexus one with gingerbread?

[Q] How to read store.vol file Windows phone 7

Hello!
I have file store.vol copy from Windows phone device(HTC HD7). I use EDB API to read it.
My problem: I could not open store.vol file. ERROR_BAD_FORMAT.
How can I open this file.
Thanks!!!
My code:
Code:
#include "stdafx.h"
#include "Winphone7_Lib.h"
#include "clsReadEDB.h"
#include <iosfwd>
#define EDB
extern "C"
{
#include <windbase_edb.h>
}
// clsReadEDB
IMPLEMENT_DYNAMIC(clsReadEDB, CWnd)
clsReadEDB::clsReadEDB()
{
}
void clsReadEDB::readFile(char* path)
{
CEGUID guid;
CEVOLUMEOPTIONS cevo = {0};
cevo.wVersion = 1;
CEOIDINFOEX oidInfo = {0};
wchar_t buff[250];
HANDLE hSes, hBD, hBDS;
BOOL rez;
rez = CeMountDBVolEx(&guid, L"store.vol", &cevo,OPEN_EXISTING);
if (rez == FALSE) {
}
DWORD dw = GetLastError();
hBD = CeFindFirstDatabaseEx(&guid, 0);
if (hBD != INVALID_HANDLE_VALUE)
{
oidInfo.wVersion = CEOIDINFOEX_VERSION;
oidInfo.wObjType = OBJTYPE_DATABASE;
//creare sesiune
hSes = CeCreateSession(&guid);
if (hSes == INVALID_HANDLE_VALUE) {/* error */}
CEOID oidBD = CeFindNextDatabaseEx(hBD, &guid);
while (oidBD != 0)
{
//obtain database information
rez = CeOidGetInfoEx2(&guid, oidBD, &oidInfo);
if (rez != TRUE) {/* error */}
//open database
hBDS = CeOpenDatabaseInSession(hSes, &guid, &oidBD,
oidInfo.infDatabase.szDbaseName, NULL, CEDB_AUTOINCREMENT, NULL);
if (hBDS == INVALID_HANDLE_VALUE) {/* error */}
PCEPROPVAL pInreg = NULL;
PBYTE pBuffInreg = NULL;//memory is allocated by function
WORD wProp;//number of properties
DWORD dwLgInreg;// record lengths
//memory is allocatd by function
CEOID ceoid = CeReadRecordPropsEx(hBDS, CEDB_ALLOWREALLOC, &wProp, NULL,
&(LPBYTE)pBuffInreg, &dwLgInreg, NULL);
int k = 0;
while(ceoid != 0)
{
pInreg = (PCEPROPVAL)pBuffInreg;
//for each field
for (int i = 0; i < wProp; i++)
{
switch(LOWORD(pInreg->propid))
{
case CEVT_LPWSTR:
//process string values
break;
//integers
case CEVT_I2:
case CEVT_I4:
case CEVT_UI2:
case CEVT_UI4:
case CEVT_BLOB:
case CEVT_BOOL:
//process integer values
break;
case CEVT_R8:
//process floating point values
break;
default:
//other types
break;
}
OutputDebugString(buff);
//next field
pInreg++;
}
LocalFree(pBuffInreg);
//next record
ceoid = CeReadRecordPropsEx(hBDS, CEDB_ALLOWREALLOC, &wProp, NULL,
&(LPBYTE)pBuffInreg, &dwLgInreg, NULL);
k++;
}
CloseHandle(hBDS);
//next database
oidBD = CeFindNextDatabaseEx(hBD, &guid);
}
CloseHandle(hBD);
CloseHandle(hSes);
}
CeUnmountDBVol(&guid);
}
clsReadEDB::~clsReadEDB()
{
}

Categories

Resources