Related
let me start a thread where you all can drop your shared homebrew app's.
For homebrew app's we first need to unlock:
iridium21 said:
As people may know, Chevron have removed their unlocker download for WP7 so I thought I'd archive it and make it available for everyone here still:
http://www.megaupload.com/?d=Q1T7WQMK
EDIT: Thanks to Cendaryn we also have the required security certificate - the easiest way (thanks to Talys) to install the cert and unlock your WP7 is to do as follows:
1. Unzip file, and attach chevronwp7.cer (see below for file) to an e-mail to yourself
2. Open email in WP7
3. Tap attachment once, turns it into a shield, tap it again, goes to install certificate screen with white letters on black screen
4. Click install at the bottom
5. Make sure registry is modified:
Code:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsPhone\ProxyPorts]“DeviceReg”=dword:000069C5
I think the WP7 developer tools from MS does this, but you can add it in manually (it's a 32bit DWORD)
6. Plug in phone and leave Zune running
7. Run chevronwp7.exe, click both checkboxes
8. Click unlock
Excellent video tutorial here thanks to Jaxbot
[Edit 8th Dec 2010]
Worried that Microsoft has relocked your phone? They haven't, look here
Hope this helps someone.
Click to expand...
Click to collapse
Or unlock using a modded version by hounsell .
hounsell said:
Been able to remove the sideload limit, I was able to install 11 apps by my count, though I'd appreciate a third-party confirmation to be honest.
http://thounsell.co.uk/2010/12/chevronwp7-now-without-the-sideload-limit/
Click to expand...
Click to collapse
After unlocking we want some custom ringtones ofcourse:
ShadowLegion said:
I didnt see a thread so i just thought i would let people who did already know that ChevronWP7 released their Custom Ringtone Manager Today
you can Find It Here http://www.chevronwp7.com/
download: http://walshie.me/ChevronWP7.RingtoneInstaller.zip
Source code:http://blog.walshie.me/2010/12/source-code-to-the-chevronwp7-ringtone-editor/
Click to expand...
Click to collapse
Lets look at the file system:
hounsell said:
FileBrowser
Source
Still very basic, not the most stable either, but at least you can browse the Windows folder, and read text files.
I'll probably put more effort in once I've got further with my SevenIRC App.
Click to expand...
Click to collapse
We need a .reg viewer to:
(nico) said:
I've managed to create a basic Registry Viewer, readonly for the moment.
For now, I didn't manage to get access to root path, so the first 2 levels are hardcoded.
Download it here: (link removed, see below)
Edit:
Updated version here: http://bit.ly/ed1Sz1
and a direct link:http://www.xda-developers.ch/download/?a=d&i=4227279264
Click to expand...
Click to collapse
And to get this all on the phone a nice way:
tom_codon said:
Hi all !
For all devices unlocked with ChevronWP7 Unlocker , we're can easy install custom ringtones or applications .XAP format via Application Deployment , but everytimes need open start menu --> Application Deployment then browser .xap to tool for install take too much times and almost make some in us crazy
That why i decided to write Tom XAP installer , basicly Tom XAP installer and Application Deployment are the same ( Alow install custom .xap to device and emulator windows phone 7 ) But Tom XAP installer a lot convenience , it's alow you install .xap with double click to file or simple just right click --> install xap
How to :
Download exe and put it somewhere in PC, run it , it will automatic add registry path of application and add menu , icon to .XAP files
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Then just close it and now double click to custom ringtones , or any .xap format files , the Tom XAP installer will automatic open and give you some details ( App name , Version , Author , Size , Description of XAP ) then select where you will install xap ( device or emulator )
Press Install and wait it finish.
Notices :
1. Tom XAP installer Requires .NET 4.0 Framework and Windows Phone 7 SDK
2. If you install xap to device
- Please make sure your device was unlocked with ChevronWP7 Unlocker ( Here is guide how to unlock )
- Make sure your device was connected with PC and Zune lauched
- Make sure your device not in sleep mode
3. If you move Tom XAP installer.exe to other location in PC , you should run it again one time for registry again location of application
4. If you don't like this software , just run Tom XAP installer.exe and uncheck " Enable Tom XAP installer" it will uninstall all registry of Tom XAP installer in your PC
Download: http://forum.xda-developers.com/attachment.php?attachmentid=456249&d=1291493842
Cheers !
Tom
Click to expand...
Click to collapse
Man I need a webserver on my phone.
davux said:
I've extended jmorrill's code to include the Winsock functions to listen. The example proves that one may listen on port 80.
One problem with this library right now is that it is IPv4 only. I tried to make things generic but that was quite hard, I'm also really not very familiar with native Winsock anyway.
dl.dropbox.com/u/12359/PhoneNetworkingSample_with_listen.zip
[edit] and here's a really simple (and really hacked together - you've been warned) webserver!
dl.dropbox.com/u/12359/wp7_webserver.zip
The code is definitely *preview quality* - I pulled it together just now because I don't think I'll be able to work on this for a few days, so it'd be a starting point but I'm sure it's buggy.
Click to expand...
Click to collapse
davux said:
I've enhanced my Webserver sample to support reading from the device (where allowed), as well as reading/writing IsolatedStorage
//dl.dropbox.com/u/12359/WP7Homebrew_Webserver.zip
The XAP is located in the Webserver project.
I am not finished, there are several issues:
- I have not implemented support for getting the local endpoint, so you need to know your phones IP address
- There is a bug somewhere that causes a problem when uploading larger files.
- There is no UI
- No authentication!
To access the webserver, open the app on your phone (it will disable the idle timer and run behind the lock screen)
//phone_ip/IsolatedStorage
//phone_ip/Windows
IsolatedStorage is a special case (virtual directory that uses the SDK IsolatedStore APIs), the filesystem is mounted at the root of the webserver. Note that if you navigate to //phone_ip/, you will not see anything, as we are not able to list the contents of the root directory.
I am working to create a real socket library that mimics System.Net/.Sockets, and System.IO for file access. TcpClient and TcpListener are in a mostly functional state already.
I'll add in registry and other capabilities once those two components are stable.
Most of the code came from jmorrill.
Click to expand...
Click to collapse
I'm thinking we could do with somewhere to place an open-source collection of homebrew apps.
Also, with the Chevron WP7 unlocker, you might want to include the version with the sideload limit removed
hounsell said:
I'm thinking we could do with somewhere to place an open-source collection of homebrew apps.
Also, with the Chevron WP7 unlocker, you might want to include the version with the sideload limit removed
Click to expand...
Click to collapse
good idea do you have some ideas
can you gif me the link of the unlocker you modded ?
The regviewer zip file contained projects not possible to open in VS2008 or VS2010. Could you check this?
ajhvdb said:
The regviewer zip file contained projects not possible to open in VS2008 or VS2010. Could you check this?
Click to expand...
Click to collapse
I will ask the maker of the regviewer.
What to you mean by not possible ?
The source contains multiple project:
- COM: Visual Studio 2008 C++ project using Windows Mobile 6 SDK
- Native : Visual Studio 2010 Solution containing the .Net / COM interface
- Registry Viewer: Visual studio 2010 Project containing the registry viewer app and also referencing Native project.
Everything works on my machine. You may need to fixe path to make it works on yours.
(nico) said:
What to you mean by not possible ?
The source contains multiple project:
- COM: Visual Studio 2008 C++ project using Windows Mobile 6 SDK
- Native : Visual Studio 2010 Solution containing the .Net / COM interface
- Registry Viewer: Visual studio 2010 Project containing the registry viewer app and also referencing Native project.
Everything works on my machine. You may need to fixe path to make it works on yours.
Click to expand...
Click to collapse
Sorry, most of the time when i rebuild a project all files are relative to the project, the references are not of course and i need to set the correct path. Could you give me a hint?
I download the 002 file. In this there is a native.zip. I unzipped it and got 2 folders:
1. COM
Renamed it to COM2008 and opened this in VS2008, did a rebuild. below is the output.
1>Compiling resources...
1>Microsoft (R) Windows (R) Resource Compiler Version 6.1.6723.1
1>Copyright (C) Microsoft Corporation. All rights reserved.
1>Linking...
1> Creating library Windows Mobile 6 Professional SDK (ARMV4I)\Release/Native.lib and object Windows Mobile 6 Professional SDK (ARMV4I)\Release/Native.exp
1>Performing Post-Build Event...
1> 1 file(s) copied.
1>The system cannot find the path specified.
1> 0 file(s) copied.
1>The system cannot find the path specified.
1> 0 file(s) copied.
1>The system cannot find the path specified.
1> 0 file(s) copied.
1>Project : error PRJ0019: A tool returned an error code from "Performing Post-Build Event..."
1>Build log was saved at "file://e:\_PROJECT\WP7\_Source\_Homebrew\RegistryViewer002\Native\Native\COM2008\Native\Windows Mobile 6 Professional SDK (ARMV4I)\Release\BuildLog.htm"
1>Native - 1 error(s), 0 warning(s)
Im not sure where to find this "path".
2. Nativelibrary
In the post build event of the COM project, I copy the output file to several projects of mine. Just remove post build events and copy the file manually to your own project.
(nico) said:
In the post build event of the COM project, I copy the output file to several projects of mine. Just remove post build events and copy the file manually to your own project.
Click to expand...
Click to collapse
Yup, it's working now.
In the registry viewer I only needed to change the project folder to the nativelibrary.
ceesheim, thanks..excellent
Updated the first post with a newer/better webserver
So, I've worked a little bit with sztupy's creation from here:
http://forum.xda-developers.com/showthread.php?t=817387
and I decided to tweak/improve it a bit.
Included:
-ssh
-samba to access files on Debian from the Windows host
-Eclipse IDE to work nice with the linux Kernel
Check the screenshot to get an ideea on how it looks on Eclipse IDE.
Please take note that all the fuss is to get a nice looking with nice features IDE working on windows (but should not be a problem for someone on linux to follow my tutorial).
This is not intended to compile the kernel right from the Eclipse IDE, be it installed on Windows or Linux.
However, with some nicely crafted ssh commands you can tunnel some "make" command over ssh and trigger the compiler on the guest os.
The best stuff of this is that on Windows you get nice software like Beyond & Compare to compare/diff/join source code from different repos/kernels.
Also, something nice on Eclipse is that you can see the defines grayed out if those are not declared, also you can jump easily from a variable to its definition/declaration, etc.
ssh, samba, alter configuration for virtualbox
First thing first, the connection to the VM box over ssh (putty) can easily be achieved following the steps described here:
http://forum.xda-developers.com/showpost.php?p=8868634&postcount=54
###########################################################
Let's continue with setting up some sort of file sharing between host and guest.
Note: to make things easy, login as root.
Now, we can ssh nicely into guest OS, so what about sharing?
Well, we can share files over "Shared folders" feature, but this sucks cause we can't see symlinks in Windows.
So, the best choice would be to install Samba.
Note: People might get better speeds if instead of Samba would try NFS, but tbh, I wasn't able to get a damn working NFS client on Windows.
So, for now, Samba FTW!
Code:
apt-get install samba smbfs
You need to configure the samba share to be able to see it inside the Windows host machine.
edit /etc/samba/smb.conf in your favorite editor and add the following lines:
inside [global] section you should have something like:
Code:
[global]
workgroup = kernelcompiler
security = user
browseable = yes
guest ok = yes
guest only = no
encrypt password = yes
then add a new section, called [kernel-compiler]:
Code:
[kernel-compiler]
#in order to make the files touched on windows not executables add map archive = no
map archive = no
path=/home/kernel
read only = no
writable = yes
browseable = yes
public = no
valid users = kernel
restart the samba daemon:
Code:
/etc/init.d/samba restart
###########################################################
Great, now shut down the Guest (I think the previous restart was not necesary).
On Virtual Box window, all VMs stoped, select File > Preferences.
On the network tab, add a new Host Only network (you can reuse the existing one if you wish and you understand what are you doing).
Alter settings, the IP should be something like: 192.168.134.1 and mask: 255.255.255.0
Disable DHCP server.
Ok. Ok.
The new network interface should be installed.
Right click on the Debian machine, Settings > Network.
On the tab Adapter 2, check Enable Network Adapter, Host Only Adapter, select (the Name field) the network card that we created above and click ok.
The first interface (Adapter 1) NAT is for internet access of the guest os.
The second interface (Adapter 2) Host Only is for communication between guest os and host os. You need that to be able to access Samba. If I think a little that could be used to access also the ssh port...
###########################################################
If we have something left to do is to configure the network settings inside the guest os.
Start virtual box.
Note: Inside /etc/udev/rules.d/ there is a file like: 70-persistent-net.rules Just delete this file if you run into problems while configuring the network interfaces inside guest os.
To enable the second interface (Host Only) do something like:
Code:
ifconfig eth1 192.168.134.1 netmask 255.255.255.0 up
Also, do your stuff (I assume you kinda know how to config the linux box) inside the file:
/etc/network/interfaces
Reboot.
###########################################################
Now you should be able to map the /home/kernel folder in Windows to something like Z: drive.
Ask for help if you don't understand/run into troubles.
Eclipse IDE on Windows
Install Eclipse CDT. Google for it. Chose your Windows/Linux version and install it.
Inside Eclipse installation folder there is a file, eclipse.ini.
Edit it and change the last line (regarding memory) to something like -Xmx768m.
Reason: You need some memory, the linux kernel is kinda big, in order to get comfortable we need to change the default settings.
Note: To run Eclipse, you need Java SDK. Google for it, find it, install it if you don't have Java SDK.
0.###########################################################
Start Eclipse.
New project.
Select a C project. Give it a name. Example: sgs_kernel.
Project type: Makefile project -> Empty Project
Toolchain: --Other Toolchain --
(check screenshot 1)
Note: You can change the location of the folder, you can work with the default one, just don't create the project in the same folder where you have the linux kernel sourcecode.
1.###########################################################
Next
Advanced Settings
In the Properties window that was opened, go on the C/C++ General branch, expand it, Indexer.
Check Enable project specific settings
Uncheck Enable Indexer. I repeat, you have to uncheck in order to disable the indexer.
Apply
Ok
(check screenshot 2)
2.###########################################################
In the Project Explorer select your project (sgs_kernel), right click, New > Folder
Click on Advanced then Link to alternate location (Linked Folder)
Browse and select the root of the kernel of your choice. (you have a kernel folder already, right? If not, check sztupy post regarding git commands to retrieve your own kernel source code)
Finish
(check screenshot 3)
Reason: By linking to alternate location you keep the mess out, the project settings stays on your windows machine, the kernel files remains on the linux machine.
3.###########################################################
Get a cofee. Adding all the files to the project over Samba should take some time.
###########################################################
When it is done, expand the source code tree, inside arch folder select everything except arm folder and right click Resource configuration and then Exclude from Build....
In the new window, check Default, then OK.
The same should be done in the arm folder, so, expand the arm folder and there select all folders starting with "mach-", except mach-s5pv210 which is the platform for our Galaxy S, and we dont want that one to be excluded.
Again right click Resource configuration and then Exclude from Build....
(check screenshot 4)
4.###########################################################
Right click on the project (sgs_kernel) and expand C/C++ General > Paths and Symbols.
On the Symbol tab click on Add... button, check Add to all languages and add the symbol with the name: __KERNEL__ and Value: 1.
(check screenshot 5)
5. ###########################################################
Now the hard part.
To push Eclipse to the limits, we have to add the defines from the include/linux/autoconf.h.
There are several ways to do that, I'm still looking for better ways to do that, but for now the ideea is to use a script that parse the file autoconf.h and extract the defines and push those inside our project.
The script I'm talking about is a python script (yeah, that sucks, something else to install on our kitchen.
Code:
sudo apt-get install python
Note: The python script is attached in this post.
Copy the script autoconf-to-eclipse.py somewhere, example: /home/kernel
Also copy/create a new sh script that will call the python script above, using a syntax like:
Code:
#!/bin/sh
python autoconf-to-eclipse.py /home/kernel/voodoo/linux_gt-i9000/Kernel/include/linux/autoconf.h /home/kernel/voodoo/linux_gt-i9000.eclipse/
The first parameter is the path to the autoconf.h file, the second is the path where you should copy your eclipse project file (that would be the .cproject file).
So you have to copy over the .cproject file from the Windows host project folder C:\Users\XXXXXXX\workspace\sgs_kernel to the linux box to a folder like: /home/kernel/voodoo/linux_gt-i9000.eclipse/
You have samba, right?
Then on the linux guest, run the sh script, that will run the python script.
If everything is ok, then the .cproject file should be much bigger (the defines were imported).
Note: you have to do this step each time you alter the configuration, like running "make menuconfig".
Copy the file back on windows to the project folder and inside eclipse, right click on project folder and hit Refresh.
Wait...
To check everything is ok, right click, Properties, expand C/C++ Projects > Paths and Symbols, Symbols tabs... and there you should have all defines.
(check screenshot 6)
6. ###########################################################
Switch to the Includes Tab in the same branch C/C++ Projects > Paths and Symbols.
Add include folder. Check Add to all languages.
Add arch/arm/mach-s5pv210 folder. Check Add to all languages.
(check screenshot 7)
Apply.
Ok.
END. ###########################################################
Finally.
Right click > Properties > branch C/C++ Projects > Indexer.
Check Enable Indexer.
Ok.
Get a RedBull, it should take a while.
###########################################################
Start coding!
Ask for help if you don't understand/run into troubles.
Credits: Inspiration from here -> http://www.nazgee.eu/en/book/forcing-eclipse-to-work-with-linux-kernel-indexing-kernel-source
awsome work man . thanks to you and sztupy !
This thread is kicked to the front page
Sent from my GT-I9000 using XDA App
ragin said:
This thread is kicked to the front page
Sent from my GT-I9000 using XDA App
Click to expand...
Click to collapse
Kicked again.
Thanks! This pretty much still works for the Gingerbread source except that the autoconf.h is now in include/generated/autoconf.h.
A simple photochooser task application throws a Nullrefference exception(Invalid pointer) and pixel height and width is 0 on mango, on nodo it worked alright.
Am I missing a cast? or this is a bug in mango, and will be fixed?
Here's the code:
Code:
private PhotoChooserTask photo;
// Constructor
public MainPage()
{
InitializeComponent();
photo = new PhotoChooserTask();
photo.Completed += new EventHandler<PhotoResult>(photo_Completed);
}
void photo_Completed(object sender, PhotoResult e)
{
if (e.TaskResult == TaskResult.OK)
{
BitmapImage bi = new BitmapImage();
bi.SetSource(e.ChosenPhoto);
//////////////////////////////////////////////////////////////////////////////////////
var wb = new WriteableBitmap(bi);//Exception here
/////////////////////////////////////////////////////////////////////////////////////
// bi.PixelHeight and bi.PixelWidth == 0;
}
}
private void button1_Click(object sender, RoutedEventArgs e)
{
photo.Show();
}
}
Hope someone can help.
Thanks in advance
This is because you need to set the CreateOptions property of the BitmapImage before you use it to construct the WriteableBitmap.
The default 'create' option on WP7 is DelayCreation (it may be BackgroundCreation in some of the 7.1 betas, but the mango RTM I think is DelayCreation) but either way the problem you're having is that your image has not been initialised yet at the point you use it in the WriteableBitmap's constructor (hence the null reference exception).
The options (depending what you set) let images be only initialised when needed, and downloaded on separate threads / asynchronously, which can help performance (or at least stop the phone blocking other things happening whilst images are loaded). Users also have the ability with the photo chooser to pick images from online ablums, so as you can imagine you also have to handle perhaps a second or two waiting for a download to complete, and of course downloads can also fail when connections drop etc. which you can handle too.
So in answer to your question (off the top of my head, not confirmed it with code) set the createoptions to none, and use the Bitmap's ImageOpened event to construct the WritableBitmap (you may also want to handle the Bitmap's ImageFailed event). Make sure you set up the ImageOpened event before you set the source, i.e.
BitmapImage bi = new BitmapImage();
bi.CreateOptions = BitmapCreateOptions.None;
bi.ImageOpened += new (some event name)
bi.ImageFailed += new (some event name)
bi.SetSource(e.ChosenPhoto);
Hope that helps,
Ian
Thank you very much
Problem solved
otherworld said:
This is because you need to set the CreateOptions property of the BitmapImage before you use it to construct the WriteableBitmap.
The default 'create' option on WP7 is DelayCreation (it may be BackgroundCreation in some of the 7.1 betas, but the mango RTM I think is DelayCreation) but either way the problem you're having is that your image has not been initialised yet at the point you use it in the WriteableBitmap's constructor (hence the null reference exception).
The options (depending what you set) let images be only initialised when needed, and downloaded on separate threads / asynchronously, which can help performance (or at least stop the phone blocking other things happening whilst images are loaded). Users also have the ability with the photo chooser to pick images from online ablums, so as you can imagine you also have to handle perhaps a second or two waiting for a download to complete, and of course downloads can also fail when connections drop etc. which you can handle too.
So in answer to your question (off the top of my head, not confirmed it with code) set the createoptions to none, and use the Bitmap's ImageOpened event to construct the WritableBitmap (you may also want to handle the Bitmap's ImageFailed event). Make sure you set up the ImageOpened event before you set the source, i.e.
BitmapImage bi = new BitmapImage();
bi.CreateOptions = BitmapCreateOptions.None;
bi.ImageOpened += new (some event name)
bi.ImageFailed += new (some event name)
bi.SetSource(e.ChosenPhoto);
Hope that helps,
Ian
Click to expand...
Click to collapse
Hello, I have the same problem (NullReferenceException) and have read you response, which from what I see it is the solution, but I have a problem; not where I have to go to do I change them that you propose. I would be so kind of explaining to me that I have to continue steps. It English me is very bad and I am using a translator.
I have HTC Trophy the v.th 7740.16 with chevrom and U2M7740 of Ansar.
Thank you in advance and greetings.
Hi,
If you upload your code / project I will take a look and see where the error is.
Si me muestras su código / proyecto, puedo ver por qué recibiras una excepción NullReference
Ian
otherworld said:
Hi,
If you upload your code / project I will take a look and see where the error is.
Si me muestras su código / proyecto, puedo ver por qué recibiras una excepción NullReference
Ian
Click to expand...
Click to collapse
Hello,
The question is that it is not any project, applications do not develop (although I would like). This type of errorr (nullreferenceexception) happens to me since I updated to Mango, so much in v.7720.68 as in v.7740.16 and happens in apps as Morfo, Fantasy Painter, and at the time of choosing fund in Touchxperience. Not if these apps are not conditioned to Mango or if, perhaps, from the record it might change some type of configuration or entering the Xaml of the app to be able to change some fact, end not...
For the little that, an error of the photochooser seems to be, the question is if it is possible to gain access to him and as doing it.
Anyhow thank you very much and a cordial greeting.
Hi,
If it is not a code issue then I do not know what it could be. Are you using a custom rom?
Good luck with it.
Ian
otherworld said:
Hi,
If it is not a code issue then I do not know what it could be. Are you using a custom rom?
Good luck with it.
Ian
Click to expand...
Click to collapse
Hello. Not, I am with official Mango the v.th 7740.16. I have already restored to factory and it continues the error. I believe that it is a question of the update, it must have a mistake in the pitcher of photos or some error with the librerie, do not know...
Thank you anyhow and greetings.
Hello, otherworld.
I continue with the same problem, 'nullreferenceexception' related with 'chooserphoto' in some application. The curious thing is that someone of them me work correctly, I gain access to me librery and it takes the photos, and in others not, as for example Morfo. I do not know if the problem is in the code source of these applications or phone is in me. Is this the code source of Morfo, is it possible to correct so that this does not happen?
Thank you in advance and greetings.
As we know, MS prohibits using most of standard Win32 API in Windows Store applications. Obviously there are lots of ways to overcome this limit and to call any API you like, if you are not going to publish your app on Windows Store. And here is one of them.
Idea is really simple and rather old (lots of viruses use it): search for kernel32.dll base in memory, then parse its exports for LoadLibraryA and GetProcAddress, call them - and get profit.
Writing here so this post can be indexed by google.
Partial code:
Code:
void DoThings()
{
char *Tmp=(char*)GetTickCount64;
Tmp=(char*)((~0xFFF)&(DWORD_PTR)Tmp);
while(Tmp)
{
__try
{
if(Tmp[0]=='M' && Tmp[1]=='Z')
break;
} __except(EXCEPTION_EXECUTE_HANDLER)
{
}
Tmp-=0x1000;
}
if(Tmp==0)
return;
LoadLibraryA=(t_LLA*)PeGetProcAddressA(Tmp,"LoadLibraryA");
GetProcAddressA=(t_GPA*)PeGetProcAddressA(Tmp,"GetProcAddress");
CreateProcessA=(t_CPA*)PeGetProcAddressA(Tmp,"CreateProcessA");
HMODULE hUser=LoadLibraryA("user32.dll");
MessageBoxA=(t_MBA*)GetProcAddressA(hUser,"MessageBoxA");
MessageBoxA(0,"A native MessageBox!","Test",MB_OK);
STARTUPINFO si;
memset(&si,0,sizeof(si));
si.cb=sizeof(si);
PROCESS_INFORMATION pi;
CreateProcessA("c:\\Windows\\system32\\cmd.exe",0,0,0,FALSE,0,0,0,&si,&pi);
}
Complete project is attached. It contains sources and compiled appx files for side-loading.
Code compiles fine for x86/x64 and ARM, tested on x86/x64. Can someone test it on ARM? Ability to sideload metro apps is required.
The application should output a MessageBox, then execute cmd.exe.
A note: Windows Store application runs in a sandbox and as a limited account, so most of API returns "access denied". You can check this in a launched CMD - it displays "access denied" even on a "dir" command because normally "modern ui" apps don't have even read access to c:\.
To overcome this - add "all application packages" full control to the directories/objects you like (for example to c:\).
Works perfectly on my Windows 8 x64 Tablet :good:... its not ARM based though ...
Can i use this to run a non-store app?
Here is the catch, I have managed to get the installed (not the installation) file from a kind member here on XDA. But when I paste the folder in:
C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe
The app isnt seen on the metro UI?
Any way to start a scanner of some sorts so that I can see the app in Metro.../?
THanx a ton!
Plz feel free to laugh a little at my noobish question...im stil learning..
Works perfectly on my surface RT!
but type dir in CMD returns "access denied".
There are no code signature checks from the command prompt that you launch.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Code:
#include <iostream>
void main()
{
std::cout << "Hello RT World!\n";
}
Compiled as an exe with info in http://stackoverflow.com/questions/...op-programs-be-built-using-visual-studio-2012
Open properties of your disk c:, go to the security tab and add "ALL APPLICATION PACKAGES" == full control. In this cage "dir" command would work, and your apps would be able to access whole filesystem.
Sorry if it's unrelated, but does RT check signatures for loaded DLLs too? Can one run regedit and change some system CLSID to point to unsigned library, will it be loaded?
Simplestas said:
Sorry if it's unrelated, but does RT check signatures for loaded DLLs too? Can one run regedit and change some system CLSID to point to unsigned library, will it be loaded?
Click to expand...
Click to collapse
Unless the dll is loading with a restricted security policy (such as through a Metro app) it is checked, yes.
Excellent work on the 'App1' technique of starting a cmd prompt from a modern app, and the fact it can run other unsigned cmd line apps.
Note that the cmd prompt still runs in the modern app container and probably has lots of restrictions
And also it only runs when the modern app is running and effectively freezes when the modern app goes into the background and suspends
Don't seem to be able to run win32 gui apps from the cmd prompt it starts -- they start but immediately terminate, presumably because the full win32 stuff cant initialise in a modern app container.
But can tum gui win32 api's, like the create dialog one, from the App1 modern app
Luckily we can also test, investigate and debug this on an intel Windows 8 system (dual monitor is best) when trying to work out what is going on, and then test on ARM after that.
@Simplestas: LoadLibrary is also blocked, I'm afraid. One fo the first things I tried was creating a DLL compatible with the built-in rundll.exe program and using that. It failed to load the third-party library.
@xsoliman3: Don't forget the debugger. You can't run it on the RT device right now, but there are (official) tools for debugging RT apps remotely. That should allow connecting to the child process and seeing what happens as it starts up.
GoodDayToDie said:
@Simplestas: LoadLibrary is also blocked, I'm afraid. One fo the first things I tried was creating a DLL compatible with the built-in rundll.exe program and using that. It failed to load the third-party library.
@xsoliman3: Don't forget the debugger. You can't run it on the RT device right now, but there are (official) tools for debugging RT apps remotely. That should allow connecting to the child process and seeing what happens as it starts up.
Click to expand...
Click to collapse
Great seeing you again!
Anyways, I determined from some work with the VS Remote Debugger that the integrity checks are enforced in ZwCreateUserProcess. But, I bet LoadLibrary has its integrity checks in user-mode, since it normally doesn't access any functions using a call-gate to the kernel on Windows 7, which would mean we can modify it to allow us to load unsigned DLL's.
However, with this vulnerability, I had a different. What about allowing a native application to open, such as Notepad, and before it reaches the entrypoint, remotely injecting a different application to be ran (this would involve some sort of custom LoadLibrary + CreateRemoteThread pair of functions)? With the VS Debugger, you can already attach to any native process in user-mode and modify running code, data, and even the context (e.g. registers and similar data).
That suggestion is possible, and for trivial operations (i.e. replacing some strings in a program, or causing it to take one branch instead of another) people have already done so. Doing a wholesale replacement would be tricky, but should be possible (perhaps aided with WinDBG scripts or similar).
GoodDayToDie said:
Doing a wholesale replacement would be tricky
Click to expand...
Click to collapse
Not so tricky, I've already made a prototype on desktop Win8. Just make an ARM DLL that implements a PE loader using only 2 WinAPI functions - LoadLibrary (used only to get kernel32 handle) and GetProcAddress. Inject that DLL code and data sections via debugger, fixup relocs (you can minimize their amount in your "loader DLL" by not using global variables, placing all code into one file, not using CRT at all, and so on, ARM makes it easy to create position-independent code), and call your injected code via debugger passing it the address of LoadLibrary and GetProcAddress as parameters. Your code than would do what you wish - load and execute an unsigned DLL that you specify.
With this trick you can load EXE files too, as all ARM EXEs contain relocs by default.
But this way is too inconvenient to the end-user, so should be avoided. I really think that MS left enough holes for us to "unlock" unsigned apps on retail WinRT devices.
I'm already thinking on buying an Asus tablet with 3G (instead of waiting for a better device that I wish), so after NY holidays I'll join your game
Ah, that's a much more clever approach than actually trying to load the full program using the debugger itself... if it works. LoadLibrary triggers the same signature check that CreateProcess does (or rather, the system calls that they do will perform that check; if it was user-mode we could bypass it with the debugger). Your method may work, but since the desktop doesn't have the signature check anyhow, prototyping it there doesn't actually mean it will work on RT. Try it out and let us know how it goes, and if it works, posting your source would be awesome!
GoodDayToDie said:
Ah, that's a much more clever approach than actually trying to load the full program using the debugger itself... if it works. LoadLibrary triggers the same signature check that CreateProcess does (or rather, the system calls that they do will perform that check; if it was user-mode we could bypass it with the debugger). Your method may work, but since the desktop doesn't have the signature check anyhow, prototyping it there doesn't actually mean it will work on RT. Try it out and let us know how it goes, and if it works, posting your source would be awesome!
Click to expand...
Click to collapse
He doesn't mean making a prototype and importing from kernel32.dll. He means manually mapping the PE file, then using either CreateRemoteThread or modifying the context of a thread already launched to run it once it's in the memory address of another process. It's basically DLL injection with our own implementation of LoadLibrary. It would work because LoadLibrary doesn't use any system calls except to map memory (and mapping memory doesn't have integrity checks of any sort, and it shouldn't be design -- e.g. VirtualAlloc).
A bigger problem I thought of is automating this. I took a quick peek with Wireshark at my remote debugging session and saw HTTP with what appeared to be a proprietary protocol. In order to automate this from another computer (or any mobile device for that matter), we would need to reverse engineer the protocol. Or, an alternative would be to hook into Visual Studio once the debugging session is launched (maybe just a nice VS plugin would work?).
mamaich said:
Code:
void DoThings()
{
char *Tmp=(char*)GetTickCount64;
Tmp=(char*)((~0xFFF)&(DWORD_PTR)Tmp);
while(Tmp)
{
__try
{
if(Tmp[0]=='M' && Tmp[1]=='Z')
break;
} __except(EXCEPTION_EXECUTE_HANDLER)
{
}
Tmp-=0x1000;
}
if(Tmp==0)
return;
Click to expand...
Click to collapse
I was looking through the provided sample -- wouldn't our own GetModuleHandleA implementation be a better way of doing this? I'm just thinking should the alignment be changed in kernel32.dll it may be better to have something like this:
Code:
522 if (!name)
523 {
524 ret = NtCurrentTeb()->Peb->ImageBaseAddress;
525 }
526 else if (flags & GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS)
527 {
528 void *dummy;
529 if (!(ret = RtlPcToFileHeader( (void *)name, &dummy ))) status = STATUS_DLL_NOT_FOUND;
530 }
Source: http://source.winehq.org/source/dlls/kernel32/module.c#L504
Grabbing the Peb (NtCurrentTeb()->Peb) would involve pulling from the FS register at offset 0x30. Implementing this on ARM could be trickier, as I'm not sure of the inline assembly or availability of intrinsics (not to mention, it would be stored somewhere else than the FS register).
Now, for the PC, it appears __readfsdword is available as an intrinsic, so this *should* work on x86 installations of Windows 8.
mamaich said:
Not so tricky, I've already made a prototype on desktop Win8. Just make an ARM DLL that implements a PE loader using only 2 WinAPI functions - LoadLibrary (used only to get kernel32 handle) and GetProcAddress. Inject that DLL code and data sections via debu
Click to expand...
Click to collapse
I think this approach (of injecting own loader as far as understand) has such problem(even if implemented & automated)
Loaded exe can have own dependant dlls(any complicated-usefull proj has) that it cant load because of signing checks (and even more problems if it uses dynamic loading of own dlls and getprocaddress)
Or do i miss somth in your idea?
Will I be able to read/write to a parallel port using this method? Do the limited store apps have sufficient permissions to do that? Writing to a parallel port requires calling
Code:
hndleLPT = CreateFile("LPT1",(GENERIC_READ | GENERIC_WRITE), 0, 0, OPEN_EXISTING, 0, 0);
. Will this succeed?
Will I be able to successfully load this: http://www.highrez.co.uk/Downloads/InpOut32/default.htm ?
---------- Post added at 03:01 PM ---------- Previous post was at 02:11 PM ----------
This looks like an improved method to get the base address:
http://tedwvc.wordpress.com/2013/07/19/finding-the-kernel32-dll-module-handle-in-a-windows-store-app-using-approved-apis/
You should be able to do that using CreateFile2, which is permitted in Store apps already (no need to use the rest of the Win32 API). As for the permissions, I don't know, but it will probably work.
I mean, assuming your computer *has* an LPT port. I haven't seen one of those in a while...
how about the other way round? can a desktop app have access to the full windows 8 api (including those reserved for win store apps only)?
Hello,
I want to use HTML5 + jQueryMobile in combination with PhoneGap to develop a multi platform app.
In the app I need a solution to save login information (e.g. password) on the device and I will use PhoneGap to solve this problem.
I found an example which use the PhoneGap File API and I tested it in an Android project.
Code:
window.onload = function() {
document.getElementById("write").addEventListener('click', function() {
window.requestFileSystem(LocalFileSystem.PERSISTENT, 0, gotFSW, fail);
}, false);
}
function gotFSW(fileSystem) {
fileSystem.root.getFile("test.txt", {
create : true,
exclusive : false
}, gotFileEntryW, fail);
}
function gotFileEntryW(fileEntry) {
fileEntry.createWriter(gotFileWriter, fail);
}
function gotFileWriter(writer) {
writer.write(document.getElementById("txt").value);
}
It works but the code save the file "test.txt" in the root of the filesystem (mnt/sdcard/test.text) and this is a problem because the file will contain passwords and login information.
How can I define that the file will saved in the app root or in a directory where only the app have access.
Or is there another secure solution to save information like passwords on the device file system with PhoneGap?
Thanks
Andi
AndiS84 said:
How can I define that the file will saved in the app root or in a directory where only the app have access.
Click to expand...
Click to collapse
I suggest you use a Sqlite database file, it will be stored in the same directory your application has been installed (and therefore, no other application has access to this file unless it's rooted).
Check this out: https://github.com/lite4cordova/Cordova-SQLitePlugin
I hope you're not saving the credentials human-readable...
Have you considered simply using html5 localstorage?
Sent from my Xperia Arc S using xda app-developers app
@ HoPi`
But so far as I know SQLite is not available for Windows Phone. Is it right?
So i have a problem if i develop my PhoneGap App also for Windows and not only for Android and iOS
Can you recommend a method for PhoneGap to save the credentials no human-readable?
@ lubber!
Yes, but is this a really secure solution to save credentials?
AndiS84 said:
@ HoPi`
But so far as I know SQLite is not available for Windows Phone. Is it right?
So i have a problem if i develop my PhoneGap App also for Windows and not only for Android and iOS
Can you recommend a method for PhoneGap to save the credentials no human-readable?
@ lubber!
Yes, but is this a really secure solution to save credentials?
Click to expand...
Click to collapse
You can use the local storage in html5 to store the credentials .only thing to take care is that make sure the credentials are encrypted before saving. Apps which i was in the development team uses a different mechanism. we wont save the credentials instead we set flags to define whether user checked remeber username check box and act accordingly. Something like a user token is added.
Sent from my Nexus 4 using Tapatalk