This may be better served in the development and hacking forum. Mods please move?
I am trying to hook the keybd_event API in the keypad. I have found the address of the import entry for keybd_event in the keypad.dll's IAT. I have done so by disassembling the keypad.dll and finding the offset from an exported function to that IAT entry. At runtime, I have added my own service (in order to get my dll loaded into services.exe). When loaded, I use GetModuleHandle and GetProcAddress to find that exported function then use the known offset to find the IAT entry. I have verified that I have the right memory location by comparing the pointer to the module's location using remote process viewer.
The problem is that I cannot read from or write to the IAT. My code crashes when I try. IsBadReadPtr and IsBadWritePtr tell me that I cant read or write to this memory location. Even a call to VirtualProtect to set it to PAGE_EXECUTE_READWRITE will not work. The call fails. How can I get access to this memory?
This simple test code exe shows that all the memory in the code section of keypad.dll is writeable. As soon as I hit section 2 which contains the IAT The call starts failing. Once I hit section 3 it succeeds again (the hard coded PID and address come from remote process viewer and my service dll; I debugged to find where the read calls fail).
Code:
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow)
{
DWORD PID = 239927214, addr = 2061766572, read = 0, sz = 0;
HANDLE pr;
BOOL ans1;
_SetKMode SetKMode;
SetKMode = (_SetKMode)GetProcAddress(GetModuleHandle(L"coredll.dll"), L"SetKMode");
ans1 = SetKMode(true);
pr = OpenProcess(0, 0, PID);
while(ReadProcessMemory(pr, (LPVOID)addr, &read, 4, &sz))
addr++;
while(!ReadProcessMemory(pr, (LPVOID)addr, &read, 4, &sz))
addr++;
while(ReadProcessMemory(pr, (LPVOID)addr, &read, 4, &sz))
addr++;
//ans4 = WriteProcessMemory(pr, ptr2, &mkep, 4, &p4);
CloseHandle(pr);
return 0;
}
What do I need to do to get access? Calls to VirtualProtect and SetKMode do nothing. Any ideas? Thanks!
Nevermind! It seems I was not modifying the correct location. I was trying to modify the table that simply lists imports. I found where the actual function pointer is stored.
I'd like to ask for your help with finding a Vanilla ICS messaging app that:
Works on our SGS2 (or, ideally, cross-device)
Handles merged SNS profiles correctly
Allows me to disable automatic SMS -> MMS conversion
Here's what we've got at the moment:
Android 4 ICS Messaging SMS by Tim Hutt
The only thing this port does right is that it works. Other than that it doesn't allow you to disable MMS conversion and it appears to be unable to handle contacts correctly:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
ICS Messages by apptechbuzz
This one handles contacts correctly, but doesn't work. After having attempted to open a thread, the app crashes.
HTC Evo 3D 4.0+ Mms.apk dark themed by netwokz
This one is a true beauty. It does everything from looking slick through allowing me to disable MMS conversion and handling merged contacts correctly:
But it does seem to be missing the same dependancy as the aforementioned ICS Messages app, since it crashes once one tries to open a thread. Words can't do justice to how much I'd like to see a functional port of this app.
And that's about as far as vanilla messaging app ports I was able to find go. I hope some of you were luckier or savvier in this regard and will share their findings with us here.
No suggestions? I must say I'm pretty disappointed. Are all of you just happy using the stock app or do you all use Handcent / GoSMS? I won't lie, these apps do fit the bill, but I personally find them a tad too bloaty. I'm looking for a single-purpose simple app which would do what's needed. You can't deny the stock Samsung app the simplicity, true, but it doesn't really fullfil one's needs - see the original post as for why I believe that is. The stock google app, on the other hand, seems perfect.
I'm in the same boat as you...
Was using the Andorid 4 ICS one, but keep going back to the stock sammy one as it does the job without issues. Just wish I could change theme (like in early gb roms) or replace completely with stock ICS
I tried handcent/gosms, but they did too much
http://forum.xda-developers.com/showthread.php?t=1531422
this one seems for work on my galaxy sII. backup your mms.apk in system/app and then flash this zip.
it's missing a few things imo (changing vibration types) but all in all works well and it's good looking
ogk-slay said:
http://forum.xda-developers.com/showthread.php?t=1531422
this one seems for work on my galaxy sII. backup your mms.apk in system/app and then flash this zip.
it's missing a few things imo (changing vibration types) but all in all works well and it's good looking
Click to expand...
Click to collapse
Strange, I still get crashes as I try to open a thread. Running the XXLPW 4.0.3 stock FW with Siyah kernel. I installed the ICS Messages app by apptechbuzz, invoked the error and captured the log:
Code:
V/MmsProvider( 8956): Query uri=content://mms/drafts, match=6
V/MmsSmsProvider( 8956): called query()
I/SqliteDatabaseCpp( 8956): sqlite returned: error code = 1, msg = no such column: date_sent, db=xxx
E/DatabaseUtils( 8956): Writing exception to parcel
E/DatabaseUtils( 8956): android.database.sqlite.SQLiteException: no such column: date_sent: , while compiling: SELECT transport_type, _id, thread_id, address, body, date, date_sent, read, type, status, locked, error_code, sub, sub_cs, date, date_sent, read, m_type, msg_box, d_rpt, rr, err_type, locked FROM (SELECT DISTINCT date * 1 AS normalized_date, 'sms' AS transport_type, _id, thread_id, address, body, date, date_sent, read, type, status, locked, error_code, NULL AS sub, NULL AS sub_cs, date, date_sent, read, NULL AS m_type, NULL AS msg_box, NULL AS d_rpt, NULL AS rr, NULL AS err_type, locked FROM sms WHERE (thread_id = 75 AND (type != 3)) UNION SELECT DISTINCT date * 1000 AS normalized_date, 'mms' AS transport_type, pdu._id, thread_id, NULL AS address, NULL AS body, date, date_sent, read, NULL AS type, NULL AS status, locked, NULL AS error_code, sub, sub_cs, date, date_sent, read, m_type, msg_box, d_rpt, rr, err_type, locked FROM pdu LEFT JOIN pending_msgs ON pdu._id = pending_msgs.msg_id WHERE (thread_id = 75 AND msg_box != 3 AND (msg_box != 3 AND (m_type = 128 OR m_type = 132 OR m_type = 130))) UNION SELECT DISTINCT date * 1 AS normalized_date, 'wpm' AS transport_type, _id, thread_id, NULL AS address, body, date, date_sent, read, type, NULL AS status, locked, NULL AS error_code, NULL AS sub, NULL AS sub_cs, date, date_sent, read, NULL AS m_type, NULL AS msg_box, NULL AS d_rpt, NULL AS rr, NULL AS err_type, locked FROM wpm WHERE (thread_id = 75) ORDER BY normalized_date ASC)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteCompiledSql.native_compile(Native Method)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteCompiledSql.<init>(SQLiteCompiledSql.java:68)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteProgram.compileSql(SQLiteProgram.java:143)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteProgram.compileAndbindAllArgs(SQLiteProgram.java:361)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:127)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:94)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteQuery.<init>(SQLiteQuery.java:53)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteDirectCursorDriver.query(SQLiteDirectCursorDriver.java:47)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteDatabase.rawQueryWithFactory(SQLiteDatabase.java:1690)
E/DatabaseUtils( 8956): at android.database.sqlite.SQLiteDatabase.rawQuery(SQLiteDatabase.java:1664)
E/DatabaseUtils( 8956): at com.android.providers.telephony.MmsSmsProvider.getConversationMessages(MmsSmsProvider.java:1509)
E/DatabaseUtils( 8956): at com.android.providers.telephony.MmsSmsProvider.query(MmsSmsProvider.java:423)
E/DatabaseUtils( 8956): at android.content.ContentProvider$Transport.query(ContentProvider.java:178)
E/DatabaseUtils( 8956): at android.content.ContentProviderNative.onTransact(ContentProviderNative.java:112)
E/DatabaseUtils( 8956): at android.os.Binder.execTransact(Binder.java:338)
E/DatabaseUtils( 8956): at dalvik.system.NativeStart.run(Native Method)
W/AsyncQuery(12392): Exception thrown during handling EVENT_ARG_QUERY
W/AsyncQuery(12392): android.database.sqlite.SQLiteException: no such column: date_sent: , while compiling: SELECT transport_type, _id, thread_id, address, body, date, date_sent, read, type, status, locked, error_code, sub, sub_cs, date, date_sent, read, m_type, msg_box, d_rpt, rr, err_type, locked FROM (SELECT DISTINCT date * 1 AS normalized_date, 'sms' AS transport_type, _id, thread_id, address, body, date, date_sent, read, type, status, locked, error_code, NULL AS sub, NULL AS sub_cs, date, date_sent, read, NULL AS m_type, NULL AS msg_box, NULL AS d_rpt, NULL AS rr, NULL AS err_type, locked FROM sms WHERE (thread_id = 75 AND (type != 3)) UNION SELECT DISTINCT date * 1000 AS normalized_date, 'mms' AS transport_type, pdu._id, thread_id, NULL AS address, NULL AS body, date, date_sent, read, NULL AS type, NULL AS status, locked, NULL AS error_code, sub, sub_cs, date, date_sent, read, m_type, msg_box, d_rpt, rr, err_type, locked FROM pdu LEFT JOIN pending_msgs ON pdu._id = pending_msgs.msg_id WHERE (thread_id = 75 AND msg_box != 3 AND (msg_box != 3 AND (m_type = 128 OR m_type = 132 OR m_type = 130))) UNION SELECT DISTINCT date * 1 AS normalized_date, 'wpm' AS transport_type, _id, thread_id, NULL AS address, body, date, date_sent, read, type, NULL AS status, locked, NULL AS error_code, NULL AS sub, NULL AS sub_cs, date, date_sent, read, NULL AS m_type, NULL AS msg_box, NULL AS d_rpt, NULL AS rr, NULL AS err_type, locked FROM wpm WHERE (thread_id = 75) ORDER BY normalized_date ASC)
W/AsyncQuery(12392): at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:179)
W/AsyncQuery(12392): at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:135)
W/AsyncQuery(12392): at android.content.ContentProviderProxy.query(ContentProviderNative.java:358)
W/AsyncQuery(12392): at android.content.ContentResolver.query(ContentResolver.java:311)
W/AsyncQuery(12392): at android.content.AsyncQueryHandler$WorkerHandler.handleMessage(AsyncQueryHandler.java:79)
W/AsyncQuery(12392): at android.os.Handler.dispatchMessage(Handler.java:99)
W/AsyncQuery(12392): at android.os.Looper.loop(Looper.java:137)
W/AsyncQuery(12392): at android.os.HandlerThread.run(HandlerThread.java:60)
V/MmsSmsProvider( 8956): called query()
D/AndroidRuntime(12392): Shutting down VM
W/dalvikvm(12392): threadid=1: thread exiting with uncaught exception (group=0x40c2e1f8)
E/AndroidRuntime(12392): FATAL EXCEPTION: main
E/AndroidRuntime(12392): java.lang.NullPointerException
E/AndroidRuntime(12392): at com.mms.ics.ext.ui.ComposeMessageActivity$BackgroundQueryHandler.onQueryComplete(ComposeMessageActivity.java:3844)
E/AndroidRuntime(12392): at android.content.AsyncQueryHandler.handleMessage(AsyncQueryHandler.java:344)
E/AndroidRuntime(12392): at android.os.Handler.dispatchMessage(Handler.java:99)
E/AndroidRuntime(12392): at android.os.Looper.loop(Looper.java:137)
E/AndroidRuntime(12392): at android.app.ActivityThread.main(ActivityThread.java:4507)
E/AndroidRuntime(12392): at java.lang.reflect.Method.invokeNative(Native Method)
E/AndroidRuntime(12392): at java.lang.reflect.Method.invoke(Method.java:511)
E/AndroidRuntime(12392): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:790)
E/AndroidRuntime(12392): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:557)
E/AndroidRuntime(12392): at dalvik.system.NativeStart.main(Native Method)
android.database.sqlite.SQLiteException: no such column: date_sent
Anyone has an idea what might be causing the problem? Is my sms db somehow broken?
That seems to be my problem only, though, so consider the aforementioned Dark themed Mms.apk to be working. Given the fact that it supports vibration patterns, emoji and other stuff, I suppose it might be worth giving a whirl.
I have a panasonic th12 home phone base that normally my phone connects to when I am at home over bluetooth. This allows me to use regular handsets while in the house to make / receive phone calls. I just updated to the FF18 from sfhub's odin and now my device no longer will connect the home phone base. It pairs but it will not stay connected or allow me to check the box for phone calls as well. Any ideas? is this a bluetooth bug?
Every time I flash I have to pair my phone with car again. I typically delete device profile from phone, delete phone profile from device, change bluetooth name of phone, pair phone with device under new name. Finally after paired wait for message to pop up on phone asking if device has permission to access your stuff and check box for always allow.
Yes my phone does the same for Microsoft sync in my vehicle but it will not connect with my home phone.
EDIT: I have a couple of logcat during the time i tried to connect my device to the base if that helps anything?
Code:
I//system/bin/bluetoothd( 2530): bluetoothd[2534]: external/bluetooth/bluez/plugins/hciops.c:conn_complete() status 0x00
I//system/bin/bluetoothd( 2530): bluetoothd[2534]: external/bluetooth/bluez/src/adapter.c:adapter_get_device() 00:80:F0:8F:61:B6
V/BluetoothEventLoop.cpp( 1910): event_filter: Received signal org.bluez.Device:PropertyChanged from /org/bluez/2534/hci0/dev_00_80_F0_8F_61_B6
D/BluetoothEventLoop( 1910): Device property changed: 00:80:F0:8F:61:B6 property: Connected value: true
I/BluetoothService( 1910): ACL connected, mAclLinkCount = 1
I//system/bin/bluetoothd( 2530): bluetoothd[2534]: external/bluetooth/bluez/plugins/hciops.c:remote_features_information() hci0 status 0
I//system/bin/bluetoothd( 2530): bluetoothd[2534]: external/bluetooth/bluez/plugins/hciops.c:remote_name_information() hci0 status 0
I//system/bin/bluetoothd( 2530): bluetoothd[2534]: external/bluetooth/bluez/plugins/hciops.c:link_key_request() hci0 dba 00:80:F0:8F:61:B6
I//system/bin/bluetoothd( 2530): bluetoothd[2534]: external/bluetooth/bluez/plugins/hciops.c:get_auth_info() hci0 dba 00:80:F0:8F:61:B6
I//system/bin/bluetoothd( 2530): bluetoothd[2534]: external/bluetooth/bluez/plugins/hciops.c:link_key_request() kernel auth requirements = 0x04
I//system/bin/bluetoothd( 2530): bluetoothd[2534]: external/bluetooth/bluez/plugins/hciops.c:link_key_request() Matching key found
I//system/bin/bluetoothd( 2530): bluetoothd[2534]: external/bluetooth/bluez/plugins/hciops.c:link_key_request() link key type 0x00
W/ActivityManager( 1910): Permission Denial: receiving Intent { act=android.bluetooth.device.action.ACL_CONNECTED flg=0x10000010 (has extras) } to com.locationlabs.v3client requires android.permission.BLUETOOTH due to sender android (uid 1000)
V/BluetoothEventManager( 4127): Received android.bluetooth.device.action.UUID
D/Bluetooth HSHFP( 2156): SDP UUID: TYPE_HANDSFREE
E/CachedBluetoothDevice( 4127): updating profiles for Base TH12
V/CachedBluetoothDevice( 4127): Class: 620210
V/CachedBluetoothDevice( 4127): UUID:
V/CachedBluetoothDevice( 4127): 0000111e-0000-1000-8000-00805f9b34fb
E/CachedBluetoothDevice( 4127): onUuidChanged: Time since last connect2151
D/CachedBluetoothDevice( 4127): Command sent successfully:CONNECT Address:00:80:F0:8F:61:B6 Profile:HEADSET
D/CachedBluetoothDevice( 4127): Preferred profiles = 1
D/BluetoothUtils( 2156): isHeadsetAllowedBySecurityPolicy
V/BT HSHFP( 2156): waitForAsyncConnectNative
V/BT HSHFP( 2156): connectAsyncNative
I/BT HSHFP( 2156): Created RFCOMM socket fd 125.
I/BT HSHFP( 2156): async connect is in progress (Operation now in progress)
V/BT HSHFP( 2156): Remaining time 486ms
V/BT HSHFP( 2156): select() returned 2.
E/BT HSHFP( 2156): RFCOMM async connect() error: Connection refused (111), nr = -1
V/BT HSHFP( 2156): disconnectNative
D/BluetoothService( 1910): CONNECTION_STATE_CHANGE: : 1 -> 0
V/BluetoothEventManager( 4127): Received android.bluetooth.headset.profile.action.CONNECTION_STATE_CHANGED
I/BluetoothDeviceProfileState( 1910): Entering ACL Connected state with: 102
D/BluetoothPbap( 1910): disconnect()
Looks like someone on CM had issues with this as well, but it eventually worked... mine doesnt
http://forum.cyanogenmod.com/topic/41497-bluetooth-wont-auto-connect/
Maybe someone can even point me in the right direction as to how to debug this situation? I have a development environment up for apps, but havent ever explored the base source code. If anyone has any thoughts it would truly be appreciated.
Its really makes me made because I had a similar problem with my last phone, the HTC hero. It got to the point you wait for all of these updates and then I had to limit my phone to like andorid 1.5 otherwise my phone would not connect. Its should be a bigger issue only because users who are not on xda would be screwed and could not rollback to a previous Android release. At lease this community exists so that I can go back if needed. As of right now I'm liking the new ics on this phone and will be very disappointed if I have to to back to GB just for this.
I am hoping that someone can help point me in the right direction since this issue is driving me nuts. My FireTv worked perfectly, ppdated through the official method to the latest FW (51.1.1.0), installed XBMC, rooted it, etc. After a while I decided to do a factory reset. Everything went OK but since then I cannot play any Instant videos or Netflix content. Instant video throws an error saying to try again or contact customer support. Netflix buffers around 40% and then gives an error.
I tried everything without any luck:
- Cleared Amazon VOD data and cache
- Cleared Netflix data and cache
- Reset factory settings again
- Downgraded firmware, upgraded firmware
- Unregister from account, created new account with prime trial, registered to new account
No matter what I did the error is still there.
I have other devices (PS3, Smart TV, iPad) and on all of them Prime Instant Video runs just fine on the same account.
Here is some data from logcat in case somebody knows what it means:
W/ContextImpl( 640): Calling a method in the system process without a qualified user: android.app.ContextImpl.sendBroadcast:1353 com.amazon.internal.policy.impl.AmazonPhoneWindowManager$SendTopWindowChanged.run:3297 android.os.Handler.handleCallback:725 android.os.Handler.dispatchMessage:92 android.os.Looper.loop:137
I/AudioService( 640): AudioFocus requestAudioFocus() from [email protected]
W/PackageManager( 640): Launching com.amazon.tv.device (32003) with AMZ_APP_GID
I/ActivityManager( 640): Start proc com.amazon.tv.device.cms.util for broadcast com.amazon.tv.device/.cms.util.CMSUpdateReceiver: pid=5403 uid=32003 gids={72003, 1028, 9001}
I/ActivityManager( 640): No longer want com.amazon.alta.h2clientservice (pid 2018): empty #17
D/AivPlayCore( 275): COMXAivPlayCore - num of supported audio formats 3
D/AivPlayCore( 275): COMXAivPlayCore - num of supported video formats 2
D/AivPlayCore( 275): COMXAivPlayCore - Video codec 4, name - OMX.qcom.video.decoder.mpeg4
D/AivPlayCore( 275): COMXAivPlayCore - Video codec 7, name - OMX.qcom.video.decoder.avc
D/AivPlayCore( 275): COMXAivPlayCore::component_init
D/AivPlaySvr( 275): Created thread for AivPlayCoreTh
D/AivPlaySvr( 275): omx_aivplay_msg: message thread start name - AivPlayCoreTh
D/pr_crypto_plugin( 275): createCryptoFactory()
E/pr_crypto_plugin( 275): PRCryptoPlugin version = 0x4
W/pr_crypto_plugin( 275): PRCryptoPlugin:RCryptoPlugin: DRM header size = 0
D/PlayReady( 275): playready_initialize starts! g_qsee_apps_version = 8
D/QSEECOMAPI: ( 275): QSEECom_start_app sb_length = 0x19000
D/QSEECOMAPI: ( 275): App is not loaded in QSEE
An then:
D/PlayReady( 274): playready_initialize starts! g_qsee_apps_version = 8
D/QSEECOMAPI: ( 274): QSEECom_start_app sb_length = 0x19000
D/QSEECOMAPI: ( 275): Loaded image: APP id = 1
D/QSEECOMAPI: ( 274): App is already loaded QSEE and app id = 1
D/PlayReady( 274): playready_initialize returns -2147166970
E/PlayReady( 274): Error: playready_initialize failed and return = -2147166970
D/PlayReady( 274): playready_initialize returns context = 0
D/PlayReady( 274): Closing services starts!
D/QSEECOMAPI: ( 274): QSEECom_shutdown_app
D/QSEECOMAPI: ( 274): QSEECom_shutdown_app, app_id = 1
E/PRDrmPlugInImp( 274): acquirePlayReadyIfNeeded:: the playready_initialize failed and returns = 0X8004d506
E/PRDrmPlugInImp( 274): GetConstraints:: the playready_initialize failed and returns = 0X8004d506
D/PRDrmPlugInImp( 274): PRDRMPluginAPI::releasePlayReadyIfNeeded, prInited = -2147166970, prCachedMode = 0
D/PRDrmPlugIn( 274): PRDrmPlugin:nGetConstraints, lastError = 0X8004d506
E/PRDrmPlugIn( 274): PRDrmPlugin:nGetConstraints, there's no valid license available, Error key added.
D/PRDrmPlugIn( 274): PRDrmPlugin:nAcquireDrmInfo
D/PRDrmPlugIn( 274): PRDrmPlugin:nAcquireDrmInfo, MimeType = application/vnd.ms-playready.media.pyv
I'm seeing the same issue and so are my parents across 3 different units.
YouTube, crackle, xbmc, all work. Netflix, Hulu, and Prime content that hasn't been cached all get errors.
What are others seeing?
-UPDATE-
I just spoke to Kyle in tech support (super weird call) and he had me force close the app, clear cache, clear data for the Amazon Video app. That fixed all 3.
mistr_e said:
I'm seeing the same issue and so are my parents across 3 different units.
YouTube, crackle, xbmc, all work. Netflix, Hulu, and Prime content that hasn't been cached all get errors.
What are others seeing?
-UPDATE-
I just spoke to Kyle in tech support (super weird call) and he had me force close the app, clear cache, clear data for the Amazon Video app. That fixed all 3.
Click to expand...
Click to collapse
Tried it again, still no go on my side. I have a funny feeling that they are doing something on their side to fix the error and once that is done, a cache and data cleanup on the unit fixes the issue. Hopefully other people will chime in...