Develop Bugs

LG Expo Original/ Official ROM - v10d - 21749.5.0.28

LG Expo Original/ Official ROM - v10d​
I was seriously unhappy with LG for not providing us an update for so long and lack of base ROM was not allowing us to start cooking ourselves.
Pissed off wondering why I bought my LG Expo at full price and not buy one of those HTC alternatives, today I got down to see if I can scoop some info from their website/ update utility/ etc etc. I fired up WireShark, Fiddler2 and some of tools I wrote myself.
Going thru various network packets, I found a perticular XML snippet that looked interesting. It had a URL that was pointing to an exe called: LG_SmartPhone_SW_Upgrade_GW820_V10d_Ship.exe .
Though we are already on V10d and it is not a update for us, it meant that if that path was accessible and I was able to download the file, we will have the original ROM that our phone was shipped with
So here are the URL's:
URL1: http://csmg.lgmobile.com:9002/swdat.../LG_SmartPhone_SW_Upgrade_GW820_V10d_Ship.exe
URL2: http://csmgaic.lgmobile.com/swdata/.../LG_SmartPhone_SW_Upgrade_GW820_V10d_Ship.exe
Once you download the exe and launch it, it starts extracting the phone image. Do not click 'Start Update' button.
It extracts to
%ProgramData%\LGMOBILEAX\Phone\GW820-V10d-OCT-27-2009+0.dz
On Windows 7 it translates to something like:
C:\ProgramData\LGMOBILEAX\Phone\GW820-V10d-OCT-27-2009+0.dz
With this I think I can say:
Let the cooking begin!!​

omfg is this a dream? u just made my ****ing day! kudos to u good sir! kudos to u! someone get this man a cookie asa - ****ing - p! does Dark know yet? if only i had his number id call and wake him... im sure he'd want to know

So I just learned about the LGFlashMuncher and parser, but neither of those utilities are working on this FLASH.bin... Both utilities give me this output:
Found Magic Header
Found image [email protected], length 0xf08fa00
MainBlock 0x0
MainBlock 0x202000
MainBlock 0x404000
MainBlock 0x606000
MainBlock 0xaeae00
MainBlock 0xef6e800
Checking MBR @sector 0x320
Sector NOT FOUND

Jayant, Wtg dude.
WR

omgwtfbbq?

Jayant said:
LG Expo Original/ Official ROM - v10d​
I was seriously unhappy with LG for not providing us an update for so long and lack of base ROM was not allowing us to start cooking ourselves.
Pissed off wondering why I bought my LG Expo at full price and not buy one of those HTC alternatives, today I got down to see if I can scoop some info from their website/ update utility/ etc etc. I fired up WireShark, Fiddler2 and some of tools I wrote myself.
Going thru various network packets, I found a perticular XML snippet that looked interesting. It had a URL that was pointing to an exe called: LG_SmartPhone_SW_Upgrade_GW820_V10d_Ship.exe .
Though we are already on V10d and it is not a update for us, it meant that if that path was accessible and I was able to download the file, we will have the original ROM that our phone was shipped with
So here are the URL's:
URL1: http://csmg.lgmobile.com:9002/swdat.../LG_SmartPhone_SW_Upgrade_GW820_V10d_Ship.exe
URL2: http://csmgaic.lgmobile.com/swdata/.../LG_SmartPhone_SW_Upgrade_GW820_V10d_Ship.exe
Once you download the exe and launch it, it starts extracting the phone image. Do not click 'Start Update' button.
It extracts to
%ProgramData%\LGMOBILEAX\Phone\GW820-V10d-OCT-27-2009+0.dz
On Windows 7 it translates to something like:
C:\ProgramData\LGMOBILEAX\Phone\GW820-V10d-OCT-27-2009+0.dz
With this I think I can say:
Let the cooking begin!!​
Click to expand...
Click to collapse
your my new best bud.
edit. i get runtime error "this app has requested the runtime to terminate in an unusual way. ....."

josefcrist said:
your my new best bud.
edit. i get runtime error "this app has requested the runtime to terminate in an unusual way. ....."
Click to expand...
Click to collapse
Interesting it doesnt unpack nicely with the incite/KS20 tools

Conflipper managed to decrypt the rom
http://forum.xda-developers.com/showthread.php?t=646712

what about a kitchen? can we use an existing one or does one have to be created? never cooked before but wouldn't mind taking a stab at it...

: depack rom
osnbtool -sp flash.bin
osnbtool -sp flash.bin.BIN.NB0
osnbtool -d flash.bin.BIN.NB0.OS.NB 1 xip.bin
osnbtool -d flash.bin.BIN.NB0.OS.NB 2 imgfs.bin
: ... (imgfstodump.exe imgfs.bin)
:get imgfs.new；xip_out.bin
Use this to decompile the files.

Jayant said:
Going thru various network packets, I found a perticular XML snippet that looked interesting. It had a URL that was pointing to an exe called: LG_SmartPhone_SW_Upgrade_GW820_V10d_Ship.exe .
Click to expand...
Click to collapse
Do you remember where abouts in the updater app you were doing stuff when it generated that response? I was inspired by your success and hooked my IQ up with a network tap running yesterday, but I was only able to find a reference to a kdz file, which Dark tried unsuccessfully to extract.
I got that url by trying 'recovery phone' from the menu, so I'm hoping there's somewhere else you went to get reference to the .exe and I can do some more digging.

I got off my duff and figured out what a kdz was and extracted it ... still seems strange to me there's no *Ship.exe but I'm a neophyte.

extracted OK, putting it back together now...
So I got things extracted with imgfstodump, and it looks like everything is in the dump. I had some weird problems with imgfsfromdump, though, but after a few more attempts (this time with ervius visual kitchen imgfs tools) and a re-dump, it created the imgfs.bin. I started with ImgfsToNb, but it gave me an error without writing anything.
I tracked it down to a code problem in ImgfsToNb.cpp, in the sectorSize function. It's looking for the signature "MSFLSH50", but the signature inside the imgfs is "MSFLSH500". The code requires slight modification (to make it ignore the trailing null in the signature):
Code:
// find MSFLSH50 header
for(i = 0; i < Size - sizeof(signature); i+=0x100) // assumption: MSFLSH always starts at a sector border, and sectors size is always a multiple of 0x100
{
if(memcmp(Base+i, signature, [COLOR="Red"]([/COLOR]sizeof(signature)[COLOR="Red"]-1)[/COLOR] ) == 0)
break;
}
So, now I have a modified FLASH2.nb, which is as far as I got. I should only need to turn it into a FLASH.bin, through whatever transformations are required...

..............

Has anyone posted the OEM & SYS for this ROM yet? I wouldn't mind taking a look before I pick one of these up.
Thanks,
TG
Update: I was able to dump the LG IQ ROM. Here is the OEM & SYS if anyone is interested.....
http://rapidshare.com/files/376651473/LG_IQ_OEM_SYS.zip
or
http://www.megaupload.com/?d=8KC2HF13

i think we can def now say LET THE COOKING BEGIN

So is anyone going to start cooking for this phone, I was looking for an alternative to the htc hd2 that was cheaper with a slide out keyboard and this looks good hardware wise but im not big on the lg shell. Thats alright cuz im used to sbp mobile shell anyway and planned on putting that on but before i put up the cash to upgrade from my htc diamond id like to make sure i can update the lg expo and such. But this board looks very dead.

Unfortunately, most of the action has been on http://www.lg-expo.com/. I've been trying to restrict my posts to this forum, but that also means that less people will see them.
I've been working on my own ROM. It is very easy to cook for this phone. I'm sure in the next few weeks we will see a few more ROMs pop up.

sonic101mk2 said:
So is anyone going to start cooking for this phone, I was looking for an alternative to the htc hd2 that was cheaper with a slide out keyboard and this looks good hardware wise but im not big on the lg shell. Thats alright cuz im used to sbp mobile shell anyway and planned on putting that on but before i put up the cash to upgrade from my htc diamond id like to make sure i can update the lg expo and such. But this board looks very dead.
Click to expand...
Click to collapse
I've cooked a few roms for this phone already that have been out for a few weeks now. Here is the link if you are interested.
http://forum.xda-developers.com/showthread.php?t=666982

[GUIDE FOR DEVELOPERS] How to create HOMEBREW apps with NATIVE code on MANGO

When we were back on NoDo there were quite a few homebrew apps that used native code to apply tweaks to WP7 devices. Most of those apps seized to work after the device is upgraded to Mango. There a several reasons for this behavior. I've done research on this, because I wanted to make WP7 Root Tools compatible with Mango. In this topic I'd like to explain how developers can fix their apps to work on Mango again. It has taken me quite some time to compile this guide, but I hope to give the Homebrew development on WP7.5 Mango a boost.
This guide is NOT about creating homebrew executables (exe-files) for WP7. This guide aims to utilize native code DLL's (C++ / ARM) from within your Silverlight app.
Note that with native code you get access to a lot of extra API's. But that does not mean you automatically get access to resources you normally won't have access to. For example, you can use the CopyFile() API. But if you try to copy a file to the \Windows folder, you will get errorcode 0x4ec (1260), which means "Blocked by policy". So you are still bound to the rules of the sandbox of your app. If you want Full Root Access for your app, you have to wait for a new version of WP7 Root Tools, which will allow you to give your app root-access. I'm also working on an SDK for that, which wraps all common task into a neat managed library. But don't hold your breath for that, because it's all taking a bit longer than I expected.
To understand everything in this guide you need basic knowledge of C++, COM-interop and Silverlight for Windows Phone. If you are new to all this, you might want to do some reading on these topics first. Currently there is no way to debug the native code. The only thing you can do is create test-functions which return formatted debug-info. This makes things pretty difficult. Read the guide carefully, because a little mistake can make your app crash easily!
Important note: If you have any long-running tasks, they may work fine while you are debugging. But you need to make sure that you start a new thread to run this code. Because, when you run without debugger the WatchDog will monitor your application and if the User Interface thread is blocked for more than 10 seconds the WatchDog will exit your app ungracefully!
It has been suggested that native homebrew DLL's need to be signed with approved code-signing keys. This is in fact not true! You can use native DLL's on Mango devices, which are not signed at all!
Basically there are two reasons why homebrew apps are not working anymore:
- Interop Lock
- DLL's were built against libraries, which are not supported anymore on Mango
Interop Lock is discussed in this thread. Interop Lock is a new protection mechanism in WP7.5 Mango. Basically it means you can't use apps with ID_CAP_INTEROPSERVICES, unless a device is Interop Unlocked. Without ID_CAP_INTEROPSERVICES an app can't call any drivers. And most homebrew apps call these drivers directly or indirectly. So if an app uses the Interop Capability, it can only run on devices that are Interop Unlocked. If you're going to build an app that uses this capability on Mango, you'll have to give your users instructions on how to apply Interop Unlock on their device.
Most of the native code libraries that were used on NoDo, were based on a hand full of projects. These projects were created and then extended for their own needs by other developers. The result was that most of these projects had the same project-types and library-references. In Mango, a lot of DLL's that were not used anymore by Microsoft, have been removed from the OS. Mostly in the ShellCore. The DLL's were meant for MFC-type functionality, which was never even supported on WP7. Actually, these DLL's are not even used by the homebrew apps either, but there are references to these DLL's in the homebrew libraries, which will cause the library to fail loading into memory. You can see this behavior when you try to run an app with non-Mango-compatible native code on an Interop Unlocked device from within the Visual Studio 2010 development environment. When the COM-class is instantiated it will throw an COMException: "COM object with CLSID '{...}' cannot be created due to the following error: The request is not supported." This is errorcode 0x80070032. This exception is actually caused due to the fact that the previous call to RegisterComDll() failed. If you get the returnvalue of that function you should have 0. In this case the return-value is probably 0x8007007E, which is "Module Not Found". This actually means that you directly or indirectly refer to a DLL, which cannot be found on the device. To fix this we need to create a clean project and add our new or existing native code to that project.
Here are the steps to setup your development environment and create a new, clean project for your native code. Please keep in mind that this guide is still work-in-progress. I may add more detailed instructions and examples later on, when people ask for it.
Update 2011/10/15: Some improvements in the guide, based on comments of rudelm and GoodDayToDie.
Install Visual Studio 2008 with latest service pack and hotfixes. Make sure you install C++. You need Visual Studio 2008, because the necessary SDK does not support Visual Studio 2010.
Install Windows Mobile 6 Professional SDK Refresh.
Install Visual Studio 2010 with latest service pack and hotfixes. You need this to create your Windows Phone Silverlight app.
Install Windows Phone SDK 7.1.
Download the attached Microsoft.Phone.InteropServices.zip. After you downloaded the zip-file, open the file-properties and make sure the file is "unblocked" (Windows will block downloaded files). Some unzippers, including the built-in unzipper from Windows will mark the unzipped files as "blocked", which would give problems later on if you don't unblock first.
If your developmachine is 32-bit you go to "C:\Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone71" or if you have a 64-bit machine you go to "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone71". Extract the DLL from the zip-file in this folder.
Open the Visual Studio Commandprompt and change directory to the folder where you just extracted the DLL. Then enter this command:
Code:
SN -Vr Microsoft.Phone.InteropServices.dll
In the same folder there is a subfolder called "RedistList". Open that folder and open the file "FrameworkList.xml". Add this line to that file:
Code:
<File AssemblyName="Microsoft.Phone.InteropServices" Version="7.0.0.0" Culture="neutral" ProcessorArchitecture="MSIL" InGac="false" />
Thanks to Tom Hounsell for this tip!
Install the latest version of Zune.
Open Visual Studio 2008 and create a new project.
Choose Visual C++ / Smart Device / ATL Smart Device Project and fill in a name and location for your native library. Do NOT choose MFC, or your library won't work on WP7! The name will be the name for the DLL. Later on you will create a COM-class. Choose a different name for your library and for your COM-class!
In the new wizard click "Next".
Remove the "Pocket PC 2003" from the Selected SDK list and add "Windows Mobile 6 Pro SDK" to the selected SDK's. Click "Next".
In "Application Settings" keep everything default and click "Finish".
Set your configuration to "Release", because you won't be able to debug anyway.
Go to Project Properties / Configuration Properties / C/C++ / Preprocessor / Preprocessor Definitions and add this: _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA
Right-click the project and click "Add" / "Class" and choose "Simple ATL object".
In the new dialog enter the "Short name" for your COM-class. All other names are filled in automatically. Keep those names default to avoid naming-conflicts. Also make sure the name of your COM-class is different from the name of the library. All other options can are default, so you can click "Finish" now.
The basic layout for your native project is now ready. Note that you have these files: for your library you have a header-file (.h), a code-file (.cpp) and a COM-definition-file (.idl) and for your COM-class you have a header-file (.h) and a code-file (.cpp). I will refer to these files in the following steps, so make sure you can identify these files.
The COM-class you have now is based on IDispatch. IDispatch is the COM-interface that supports reflection-like functionality. The COMBridge in WP7 does not support this interface. Instead we should use IUnknown, which is the base-interface for all COM-objects and supports reference-counting.
In the header file of your COM-class you can see the public inheritance of IDispatchImpl. This is no problem and you can leave it as it is. But you can also see this COM-mapping:
Code:
COM_INTERFACE_ENTRY(IDispatch)
You need to remove that line.
In the IDL file of your library you need to change the inheritance of the COM-class from IDispatch to IUnknown.
Your native code layout is now ready to add your methods. A method in COM-class should always have HRESULT as return-type. This value should be 0 or positive in case of success (normally use constant S_OK for success). If you have an errorcode which should throw a COMException do a logical OR with 0x80070000 and return that value. If you want to return a variable, you'll to declare that as parameter of your method and decorate it as returnvalue in the IDL-file. The parameter-types are bound by the definition of COM. You can read about the supported COM-datatypes here and here. Study those parameter-types closely, because any mismatch in your managed and unmanaged declarations will make your app crash definitely. You need to add all your methods in 3 different places: in the COM-class code, in the COM-class interface and in the IDL-file. Later on you need to add an exactly matching interface to your managed code. All the declarations have their own specific format and decoration. I will give an example of two different functions for these 3 files. Note that in these examples, the COM-class was named "Native", so the class implementation is called "CNative" and the interface is called "INative". You have to change that if your class has a different name.
In the COM-class implementation (.cpp-file) add this code:
Code:
STDMETHODIMP CNative::TestMethod1()
{
BOOL result = ::CopyFile(L"\\Windows\\0000_System.Windows.xaml", L"\\Windows\\Test.xaml", TRUE); // This will fail due to insufficient privileges. This is expected behavior to show how errors can be handled.
if (result)
return S_OK;
else
return 0x80070000 | ::GetLastError();
}
STDMETHODIMP CNative::TestMethod2(BSTR InputString, BSTR* OutputString)
{
size_t size = 1000; // in chars
TCHAR* msg = new TCHAR[size];
wcscpy_s(msg, size, L"\0");
LPWSTR value = new WCHAR[20];
_itow((int)wcslen(InputString), value, 10);
wcscat_s(msg, size, L"Length of string is: ");
wcscat_s(msg, size, value);
*OutputString = SysAllocString(msg);
delete[] msg;
delete[] value;
return S_OK;
}
In the interface of the COM-class (.h-file) add this code immediately after END_COM_MAP():
Code:
STDMETHOD(TestMethod1)();
STDMETHOD(TestMethod2)(BSTR InputString, BSTR* OutputString);
Locate your interface in the IDL-file of the library. This may look a bit weird, because there are a lot of attributes that decorate the empty interface. Add these declarations to your interface (note the decoration of the parameters, read more here):
Code:
HRESULT TestMethod1();
HRESULT TestMethod2(BSTR InputString, BSTR* OutputString);
Now we need to locate two GUID's and copy them in a text-file, because we need these GUID's later on. These GUID's are in the IDL-file. We will call the first GUID "interface-GUID". It is the "uuid" in the tag RIGHT ABOVE the interface-declaration. We will call the second GUID "coclass-GUID". It is the "uuid" in the tag RIGHT ABOVE the coclass-declaration. There also a "uuid" in the tag above the library-declaration, but we don't need that one.
Open Visual Studio 2010 and create a new project: Visual C# / Silverlight for Windows Phone and choose a project-type, name and location.
Now go back to your native project in Visual Studio 2008. The compiled result DLL of this project will be used in your Windows Phone app. To make sure you always use the latest version of the native DLL in your Windows Phone app, you can add a Post Build Event to this project. This example assumes you will have a folder with a subfolder for the native solution and a subfolder for the Windows Phone solution. Go to Project Properties / Configuration Properties / Build Events / Post-build Events and add this (change the paths according to the soluton-foilder you will create for your Windows Phone app):
Code:
copy "$(TargetPath)" "$(SolutionDir)..\MyApp
If you checked the option "Create folder for solution" when you created the Windows Phone project, you may want to add another subfolder "\MyApp" to the path.
Now build your native project! The compiled DLL should now also be copied to the folder of your Windows Phone app.
Create a new file called "WPInteropManifest.xml" in the folder of your managed Windows Phone app. Copy this content in the file:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<Interop>
</Interop>
Switch back to Visual Studio 2010. In the solution explorer click on "Show all files". Your native DLL and the "WPInteropManifest.xml" should be shown now.
Select the "WPInteropManifest.xml" file and in the file-properties set "Build action" to "Content" and set "Copy" to "Always". You will always need this file in your project, regardless you will be calling drivers or not. If you don't have this file in your project, you won't be able to use your native DLL.
Select your native DLL and in the file-properties set "Build action" to "Content" and set "Copy" to "Always".
In the solution explorer, right-click on the project and choose "Add Reference". Then select "Microsoft.Phone.InteropServices".
Open the "WMAppManifest.xml" file and add this line below the other capabilities:
Code:
<Capability Name="ID_CAP_INTEROPSERVICES" />
Later on, you can try if your app will work without this capability. If you only use native code without calling drivers (directly or indirectly), you don't need the capability and your app will also work on devices that are not Interop Unlocked then. This specific example does not call any drivers, so in this example the ID_CAP_INTEROPSERVICES can be omitted and then it would run on non-Interop-Unlocked devices.
Now add a code-file to your project and copy this code into the file. You need the the coclass-GUID and interface-GUID you copied into a text-file earlier and you also need to replace the name of the class and interface to the names you used. Also note that the declaration must be an exact match (order and parameters) with the declaration in the IDL-file, although the IDL-file is differently formatted.
Code:
using System.Runtime.InteropServices;
[ComImport, ClassInterface(ClassInterfaceType.None), Guid("YOUR-COCLASS-GUID-GOES-HERE")]
public class CNative
{
}
[ComImport, Guid("YOUR-INTERFACE-GUID-GOES-HERE"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface INative
{
void TestMethod1();
[return : MarshalAs(UnmanagedType.BStr)]
string TestMethod2([MarshalAs(UnmanagedType.BStr)] string InputString);
}
Note that the interface is declared as IUnknown.
Now you need to call the native code. You can add this code to the constructor of your Page or to the eventhandler of a button, or anywhere you like. Be sure to replace the DLL-name, interface-name and class-name and use your coclass-GUID. The exception is a well-known error-code and the exception will be casted to a UnauthorizedAccessException, instead of a COMException.
Code:
uint retval = Microsoft.Phone.InteropServices.ComBridge.RegisterComDll("WP7Native.dll", new Guid("YOUR-COCLASS-GUID-GOES-HERE"));
INative MyNativeCodeInstance = (INative)new CNative();
string result1 = "OK";
try
{
MyNativeCodeInstance.TestMethod1(); // UnauthorizedAccessException is thrown due to insufficient privileges. This is expected behavior to show how errors can be handled.
}
catch (Exception ex)
{
result1 = ex.Message;
}
string result2 = MyNativeCodeInstance.TestMethod2("Hello, Mango!");
MessageBox.Show(result1 + Environment.NewLine + result2);
You can now run your project! Be sure that you deploy it to your device. The emulator won't work, because you project uses native ARM code. The emulator runs on x86, so your native DLL won't load in the emulator.
When you go more advanced, you may need the Marshal-class. For example to copy a native memory-block to a managed byte-array. Be aware that there are actually two "Marshal" classes. There is "Microsoft.Phone.InteropServices.Marshal" and "System.Runtime.InteropServices.Marshal". They both look the same. But be sure you are using "Microsoft.Phone.InteropServices.Marshal", because it will allow you to do a lot more! Most methods in "System.Runtime.InteropServices.Marshal" will throw a MethodAccessException, because they are tagged [SecurityCritical], while the same methods in the other Marshal class will work.
I hope this will help you port your homebrew apps to Mango or create some fresh new homebrew! If you created an app with native code, drop me a line here. Show me your Screen Recorders, Accent Changers and more!
Ciao,
Heathcliff74

looking fwd to the native apps , a universal screenshot apps would be awesome..
Update :
scratch that, just ready that the app will be bound to the rules of the sandbox of your app.I guess that means no universal screenshot app yet

Its time to get native! Thanks Heathcliff.. I think I have a very good idea on something I could use native code for.. Ill pm you =)
Sent from my SGH-i917 using XDA Windows Phone 7 App

Suddenly, awesomesauce! Wow, big thanks Heathcliff74! Eve since you said you'd figured out homebrew native DLLs on Mango, I was really excited to see what people could do. I never guessed the real reason homebrew DLLs didn't work on Mango, although in retrospect this makes sense. You're awesome for investigating this for us.
Thoughts that immediately come to mind:
Update the existing screen capture apps.
Update the existing WebServer app.
(As part of the above) update the sockets DLL so we have server sockets again.
Explore how much filesystem access we have. Can files be copied from one app's isostore to another app's isostore?
Explore accessing drivers. The HTC update breaks filesystem access for HTC homebrew, but maybe there's another driver entry point we can use.
Investigate direct access to the SMS store (message backup?)
... and so much more. Oh, this is going to be fun!

the0ne said:
looking fwd to the native apps , a universal screenshot apps would be awesome..
Update :
scratch that, just ready that the app will be bound to the rules of the sandbox of your app.I guess that means no universal screenshot app yet
Click to expand...
Click to collapse
Hi!
Screenshots apps are definitely possible! The API for this can be called from within the sandbox and using OEM drivers it is possible to switch off dehydration. I already discussed this with fiinix and gave him this info. And I believe he almost has a Mango version ready.
Thanks for writing the article
Ciao,
Heathcliff74

great to hear about the progress
thanks Heathcliff74 for sharing!

Wooohooo nice HowTo! I will definitively try it and will report later. However, that will require that I go back to NoDo and back to Mango first. I'm not looking forward to that procedure... anyways awesome work Heathcliff, thank you!
@GoodDayToDie: you mentioned that the HTC libraries are fixed regarding file access. Julien Schapman from TouchXplorer mentioned something like that a while ago on twitter. Do you have any additional information on that topic? Is it just the DLL files from the HTC apps or is it something with the Mango HTC Update? I'll hope this is reversible, if I go back to NoDo and want to try Heathcliffs instructions :/

@rudelm, I only have experimental knowledge; I haven't dug into the actual update. However, the way that things like ComFileRW.dll work is by calling into some high-permission module in the HTC firmware (probably a driver using an IOCTL, though it could possibly be an RPC call to a privileged process) which then executes the requested action with high permissions. That's why the HTC DLLs don't do anything on other phones; they can't talk to the component that actually does the work.
My guess is that the HTC update simply turned off whatever it was that the COM DLLs are calling into. It could be more complex than that - for example, they could be trying to validate the caller, and prevent it from being used by homebrew - but whatever they did, neither DLL works anymore once you have the HTC update *even though the DLLs themselves did not change.*
Is it reversible? Well, "fixing" whatever component they were calling into is one option. Using Heathcliff74's Root Tools to gain full permissions on a "normal" homebrew app is another. There might be more, but it would need more study.

Thanks. Will try it. Hopefully i can get "GetPhoneNumber" from Windows Mobile 6 SDK to run or maybe trying http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx

GoodDayToDie said:
@rudelm, I only have experimental knowledge; I haven't dug into the actual update. However, the way that things like ComFileRW.dll work is by calling into some high-permission module in the HTC firmware (probably a driver using an IOCTL, though it could possibly be an RPC call to a privileged process) which then executes the requested action with high permissions. That's why the HTC DLLs don't do anything on other phones; they can't talk to the component that actually does the work.
My guess is that the HTC update simply turned off whatever it was that the COM DLLs are calling into. It could be more complex than that - for example, they could be trying to validate the caller, and prevent it from being used by homebrew - but whatever they did, neither DLL works anymore once you have the HTC update *even though the DLLs themselves did not change.*
Is it reversible? Well, "fixing" whatever component they were calling into is one option. Using Heathcliff74's Root Tools to gain full permissions on a "normal" homebrew app is another. There might be more, but it would need more study.
Click to expand...
Click to collapse
uhoh... sounds pretty bad for HTC users. If it was a firmware update, we will have a bigger problem. I will try to revert back to Nodo and will try Heathcliffs instructions for Native Code first. InteropUnlock is still something I need to try for Mango

rudelm said:
uhoh... sounds pretty bad for HTC users. If it was a firmware update, we will have a bigger problem. I will try to revert back to Nodo and will try Heathcliffs instructions for Native Code first. InteropUnlock is still something I need to try for Mango
Click to expand...
Click to collapse
No worries. I did some testing with contable and we just got confirmation that my exploits for HTC will still work on HTC Interop Unlocked Mango devices (needs a little adjustment, but No Problem!) Still working on a version of WP7 Root Tools for Samsung/HTC/LG RTM/NoDo/Mango!!
Ciao,
Heathcliff74

A screenshot app is allready there:
TouchXperience for Mango from Schaps.
Atm there is only missing the WPDM Mango update for being able to save the screenshot...

Heathcliff, could you please try to fix that HTC bug first? I am running into this problem with the HTC update and now my old code does not work anymore But at least my phone is finally interop unlocked because I could deploy the app on Mango but I get this error:
COM object with CLSID '{C6BD09B4-96AA-4524-89C4-665A15DD7C9B}' cannot be created due to the following error: The request is not supported. .
Which is one of the errors you mentioned on the first page. So far, so good

rudelm said:
Heathcliff, could you please try to fix that HTC bug first? I am running into this problem with the HTC update and now my old code does not work anymore But at least my phone is finally interop unlocked because I could deploy the app on Mango but I get this error:
COM object with CLSID '{C6BD09B4-96AA-4524-89C4-665A15DD7C9B}' cannot be created due to the following error: The request is not supported. .
Which is one of the errors you mentioned on the first page. So far, so good
Click to expand...
Click to collapse
I don't get what you mean. What HTC bug? What HTC update?

Ok, I will explain it:
There was a HTC Update when I upgraded from Mango B2 Refresh to the Mango RTM from Microsoft. It was followed by a smaller HTC Update. It was called HTC Update for Windows Phone. You can read it here in my blog.
Yesterday, I decided to revert back to NoDo, so that I could Interop Unlock my HD7 before I upgrade to Mango RTM. I did this with these tools and instructions from petbede.
However, ansar found out, that MS changed the update procedure and included the HTC update directly in the 7720.68 update.
Now you mentioned yesterday, that you and contable found a solution to use the HTC DLLs although there was this HTC update on our phones. That was when I already feared that the HTC update will break everything I tried so far.
So I called it the HTC bug, because it breaks my stuff

rudelm said:
Ok, I will explain it:
There was a HTC Update when I upgraded from Mango B2 Refresh to the Mango RTM from Microsoft. It was followed by a smaller HTC Update. It was called HTC Update for Windows Phone. You can read it here in my blog.
Yesterday, I decided to revert back to NoDo, so that I could Interop Unlock my HD7 before I upgrade to Mango RTM. I did this with these tools and instructions from petbede.
However, ansar found out, that MS changed the update procedure and included the HTC update directly in the 7720.68 update.
Now you mentioned yesterday, that you and contable found a solution to use the HTC DLLs although there was this HTC update on our phones. That was when I already feared that the HTC update will break everything I tried so far.
So I called it the HTC bug, because it breaks my stuff
Click to expand...
Click to collapse
I see. Well, I didn't find a solution. I just checked if MY exploit still works. And it does! I don't even know what you use exactly (I assume you use some HTC DLL's, but I don't know which and I don't know which functions). I don't use the HTC DLL's myself. Mainly because I don't want to get copyright issues when releasing WP7 Root Tools. Just look at the current release of WP7 Root Tools. No OEM code in there. So I don't think I can fix that for you.
Ciao,
Heathcliff74

Hm ok, I understand. I was using a HTC dll for changing a registry value (overriding DHCP DNS Server). However, it is interesting to know why the HTC DLLs all of sudden stopped working after this update. The DLLs inside the HTC tools seem to be the same size and should not be changed by the update.
But this shouldn't then influence the DLL made with your instructions in this thread i guess?

@rudelm:
The HTC devices have HSPL support, so why you don´t flash the latest xboxmod rom ? This saves a lot of time and all available types of unlocking can be sent via cab sender.
For writing registry keys or doing file operations you can use DiagProvXML til Heathcliff has finished the next version of WP7 Root Tools.
Is there any other reason why you are updating your phone the official way ?

@rudelm: The HTC DLLs don't actually have elevated permissions by themselves. To do things that an app n ormally lacks permissions for (like accessing the whole filesystem or writing to the registry), it needs to call into a high-permission component (probably a driver or a high-permission process). All HTC had to do to make the registry and filesystem COM DLLs stop working is to change that component so it didn't do what the COM DLLs told it to do.
@contable: I've heard enough reports of things that *should* work on HTC phones not working on the custom ROMs that I'm hesitant to install one. Then there's the risk of bootloader issues. Then there's the lose-all-your-data-because-your-phone-gets-reformatted issue - until I have my backup app working fully, I prefer to avoid the last one in particular.

Edit: If you are looking for working attachments, please look at this posting.
@contable:
I need an unmodified version of WP7 for my master thesis. The other thing is that I don't want to play around with HSPL without having the original SPL or firmware. It's like GoodDayToDie said: I'm still hesitating of the said reasons.
@GoodDayToDie:
The HTC applications still work and they were not updated afaik. So they are using the same DLL files. If there would be some driver running in TCB or ECB and they changed something, then their applications should stop working too. However, they can still be executed without problems. I am not sure what DLLs are used by advancedexplorer, but I think it were also the HTC dlls. My own application which used the HTC dlls stopped also.
@Heathcliff:
I've tried your instructions and found some errors in it:
step 23: *OutpuString = SysAllocString(msg); instead of *OutputString = SysAllocString(msg);
step 25: ; missing after OutputString)
step 28: add \MyApp to path, because VS2010 Solutions always have a subfolder with the same name of the solution
step 36: [return : MarshalAs(UnmanagedType.BSTR)] should be [return : MarshalAs(UnmanagedType.BStr)]
step 37: result 2 needs a type => string result 2 = ...
on first run:
Error 1 Could not load the assembly file:///C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone71\Microsoft.Phone.InteropServices.dll. This assembly may have been downloaded from the Web. If an assembly has been downloaded from the Web, it is flagged by Windows as being a Web file, even if it resides on the local computer. This may prevent it from being used in your project. You can change this designation by changing the file properties. Only unblock assemblies that you trust. See http://go.microsoft.com/fwlink/?LinkId=179545 for more information. NativeTestApp
Click to expand...
Click to collapse
This is because you forgot to register the DLL first. Look here: http://thounsell.co.uk/2010/11/avoi...g-the-interopservices-library-to-the-wp7-sdk/ and then down in the comments:
You must open the visual studio 2010 command prompt as administrator and call:
SN -Vr Microsoft.Phone.InteropServices.dll
then close and reopen Visual Studio, now it should work
Click to expand...
Click to collapse
In addition that, you will have to unblock the file in Windows Explorer, Properties of the file. Otherwise you will get this error in Xaml view:
Could not load file or assembly 'Microsoft.Phone.InteropServices, Version=7.0.0.0, Culture=neutral, PublicKeyToken=24eec0d8c86cda1e' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)
Click to expand...
Click to collapse
This unblock will only work, if you use the Windows Explorer in administrator mode. The DLL file should be copied to a path were every user can access the file. Unblock it there and move it than back to the WindowsPhone71 folder. I've extracted it directly to the WindowsPhone71 folder and I couldn't change its properties there.
I've created a VS2008 and VS2010 sample project on your instructions and tried to add some comments to the sources. I've attached them to this post. Here are a few extra information to my project:
Interface-GUID: D28D8CB9-F8BC-4379-9D0A-FA77C87EF814
coclass-GUID: 7300CD4A-03F4-4569-B2D8-F1515385D46D
COM Class: NativeTestClass
INativeTestClass and CNativeTestClass
Always results in retval 0 and this exception:
System.MethodAccessException was unhandled
Message=Attempt to access the method failed: System.IO.FileInfo..ctor(System.String)
StackTrace:
at Microsoft.Phone.InteropServices.ComBridge.RegisterComDll(String dllFileName, Guid clsid)
at NativeTestApp.MainPage.actionButton_Click(Object sender, RoutedEventArgs e)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(MouseButtonEventArgs e)
at System.Windows.Controls.Control.OnMouseLeftButtonUp(Control ctrl, EventArgs e)
at MS.Internal.JoltHelper.FireEvent(IntPtr unmanagedObj, IntPtr unmanagedObjArgs, Int32 argsTypeIndex, Int32 actualArgsTypeIndex, String eventName)
Click to expand...
Click to collapse
I've rechecked every step but I am still stuck. The phone itself should be interop unlocked, otherwise I couldn't have deployed the app with the capability activated. Could you please look into it? I know this error from my earlier attempts to access the HTC dll directly, but then I used the NativeLibrary here from XDA which took care of all the GUID things etc.

[TWEAK] Visual Studio debugging in custom Mango roms

Most of dev-unlocked custom ROMs miss a possibility to use Visual Studio debugger. In this case you get something like "Application could not be launched for debugging. ..."
I found out registry entries missed in these roms. Most likely you'll be unable to access these keys, so just ask your rom chef to add them. Here they are:
Code:
[HKEY_LOCAL_MACHINE\System\OOM\DoNotKillApps]
"\\Application Data\\Phone Tools\\10.0\\CoreCon\\bin\\ConmanClient3.exe"=""
"\\Application Data\\Phone Tools\\10.0\\CoreCon\\bin\\edm3.exe"=""
Of course, standard unlock registry entries are still required.

Just wanted to add if you're adding this via WP7 Root Tools -- say, your retail phone was broken like mine -- a value of . will do. (You can't input values with NULL data.)

Grr... I *still* can't get "The application could not be launched for debugging..." every time. I've used the DllImport project to confirm that ConmanClient3 and edm3 are both running, but it doesn't help.
Windows Phone Device Manager is also unable to launch TouchXperience automatically; I have to launch it manually.
HTC HD7, stock ROM, 7720.68 RTM, firmware is *.*.3XXXX.* (yes, intentially out of date on OS and firmware, but I wouldn't expect that to be a problem). So far as I can recall, it never worked, certainly never on Mango.

GoodDayToDie said:
Grr... I *still* can't get "The application could not be launched for debugging..." every time. I've used the DllImport project to confirm that ConmanClient3 and edm3 are both running, but it doesn't help.
Windows Phone Device Manager is also unable to launch TouchXperience automatically; I have to launch it manually.
HTC HD7, stock ROM, 7720.68 RTM, firmware is *.*.3XXXX.* (yes, intentially out of date on OS and firmware, but I wouldn't expect that to be a problem). So far as I can recall, it never worked, certainly never on Mango.
Click to expand...
Click to collapse
I cannot launch any apps for debugging either on my Samsung Omnia 7, DFT Rainbow rom. Other apps like phone7market cannot open apps either!

I am not a tech support either for custom ROMs or for stock ROMs. Works on my phone (Mozart, Mango 7720-7740-8107) so no proofs should be required.
Here are basic unlock entries I set on my custom rom:
Code:
[HKEY_LOCAL_MACHINE\Comm\Security\LVMod]
"DeveloperUnlockState"=dword:1
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg]
"PortalUrlInt"=""
"PortalUrlProd"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=dword:7fffffff
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg]
"Environment"=dword:1
[HKEY_LOCAL_MACHINE\System\OOM\DoNotKillApps]
"\\Application Data\\Phone Tools\\10.0\\CoreCon\\bin\\ConmanClient3.exe"=""
"\\Application Data\\Phone Tools\\10.0\\CoreCon\\bin\\edm3.exe"=""

I'll check that "Environment" value, but the others are s I have them. Thanks for the info though!

I just noticed that those keys you mentioned in the first post do not persist for some reason. I'm pretty sure I did add them and now they aren't there.

[minnow for whale]USB Video Out Dev&Dig (Status:success)

We all remember at the MIX10 Joe Belfiore projects his phone onto the big screen. Even on the recent XBOX show he did that again.
http://www.youtube.com/watch?v=9IA28wRWAI8
http://www.youtube.com/watch?v=uCDXaJh4bwE
this kind of video out is through micro-usb, normal type one. You can find Joe is using a Lumia 800 in his hand in the XBOX video.
I asked him through twitter and received an answer of "Special Software build".
I did some research and dig into the register keys. Found something.
This is a special driver that only shared inside the MS and normally won't be out anytime soon.
...
（Deleted because they are no longer of any means）
...
----Update on 2012.Feb 9 China Time----
marsrogers said:
Big Step Forward, since the DFT Rom released, the exe can be run in WP7.
One thing I need now is if someone can build an app for me, which calls the changeusbprofile.exe under /windows
Things here is I'm using the Opera mini launcher to call it, but the path is under /application, not under /Windows, and the result is my computer can not detect the phone when the phone reboots. I think this may relates to the path I call.
I'm not a typical tech-man, so I need help here. Thanks!
Click to expand...
Click to collapse
----Update on 2012.Feb 9 23:00 China Shanghai Time----
Today I really thank @GoodDayToDie and @ultrashot for helping so many.
@ultrashot sent me a xap app that does the job, calling the changusbprofile.exe in Windows folder. Although result is the same with yesterday, but now I am more sure that we are one more step closer to our destination. I'll wait my new micro usb cables to arrive and then I'll make a second try. Thank you again!!! Can't reach here without you kind people~~~
----Update on 2012.Feb 10 19:22 China Shanghai Time----
I removed the attachments because the project is now on special stage. I will put them back after the feature works, or after I can't make it work. Either way, I will put them back~~~Don't worry.
----Update on 2012.Feb 12 15:22 China Shanghai Time----
Complete failure....
New cable arrived and still my computer can't recognize the phone in usb video out mode...I changed a computer and till the same...
Will think about next steps...if I can't make figure it out next week, I shall put everything at present stage onto here.
----Update on 2012.Feb 14 10:22 China Shanghai Time----
Think it over, and think there is still a hill in front of us. The changeusbprofile.exe seems just to be a toggle, like a shortcut. But the real port of usb video out hasn't been enabled. On my samsung focus, I checked the *#7284# in Diagnosis Mode before and after I ran the changeusbprofile. The thing changes from Zun to Tethering, while it's not the real tethering mode. I think the changeusbprofile is just doing a job like changing usb mode from zune to tethering or to Diag mode. So that's to say, we haven't really seen the iceberg yet. I'll keep finding and hoping that anyone can get any help on this. This may requires me to dig some post in Windows Mobile age, since some parts between the two system are same.
And I contacted the kind secret person, and get the news that the usb cable doesn't really matters. Any short cables should serve the job. So our attention should move back onto the phone again.
----Update on 2012.Feb 15 15:13 China Shanghai Time----
I figured it out~The changeusbprofile changes the value in Registry Local_Machine/Drivers/USB/FunctionDrivers, DefaultClientDriver=CompositeFn to UFN_VIDSTREAM_CLASS. Every value change here points to a folder in FunctionDrivers.
in Samsung Focus, it is like below:
/CompositeFn;
/CompositeFn_QCOM;
/CompositeFn_SAMSUNG;(This is the one when we choose Diag Mode in Diagnosis App *#7284#)
/MtpClientDrvUsb;
/Samsung_USBSER_Modemlink;
/Serial_Class;
/Serial_Class_Diag_Qcom;
/Serial_Class_Nmea_Qcom;
/Serial_Class_Trace_Qcom;
/USBSER_Class;
/USBSER_Modemlink_Qcom;
There is no UFN_VIDSTREAM_CLASS folder here, so that explains why the changeusbprofile works well while it is no use at all...
Next step, I will try looking for the Setting in Asus E600, if I can find someone who has this device. Maybe Samsung Taylor will do the same.
If you can help, don't hesitate~~
----Update on 2012.Mar 3 15:13 China Shanghai Time----
marsrogers said:
Updated some info
I looked into the Key name, UFN_VIDSTREAM_CLASS, which is very unique way to name.
This belongs to a USB function Driver, and the only thing I saw similar is a UFN_PRINTER_CLASS, which is in Wince 6.0
http://msdn.microsoft.com/en-us/library/ee483856(v=winembedded.60).aspx
And you may check this
http://msdn.microsoft.com/en-us/library/ee485691(v=winembedded.60).aspx
So I'm still waiting for somebody who can offer any help on this. I talked with Mr. Yang Zhongke, who invented RecX prototype, fiinix optimized that, but not the inventor.
His way is not quite efficient and seems can't go further. But he will do some work for this in a foreseeable future.
Any one has a Asus E600, plz contact me, will keep your name secret.
Thanks!~
Click to expand...
Click to collapse
----Update on 2012.Mar 6 1:02 China Shanghai Time----
Project suspended, cuz according to a source, WP8 will have Remote desktop support.
"The ability to take screenshots (via Remote Desktop, no less) will be a feature of Windows Phone 8. I don't see anything changing before that."
Click to expand...
Click to collapse
"Only that you will be able to remote desktop into the Phone, which should allow you to create videos and/or screenshots from a PC."
Click to expand...
Click to collapse
The source is quite trustful, and I have no reason to doubt that.
So just be patient, and it will come. No need for this project to keep going.
At last, use my words in the email I talked with the source.
Me:Really puzzled why MS doesn't release such a cool and convenient feature. Haven't they realized that when people use this feature, they are promoting WP7 for free...(Actually I've promoted in this way for Android as a "side effect" in the company I work in for three months and as a result more than 20 Samsung Galaxy SII were added during this period. Google and Samsung should thank me...)
Click to expand...
Click to collapse
---Update on 2012.August 17 14:21 China Shanghai Time---
A very kind man has sent me the 7003 LG Panther ROM, which has the necessary file, and we successfully got them out. But I just lost my sell phone, so it may take some time to buy a new WP7 Samsung focus. Maybe next week. Very close to the final line. God bless us. Cheers.
Click to expand...
Click to collapse
Good luck!~
--Update on 2012.August 20 22:37 China Shanghai Time--
I tried to make it work while it still failed. The computer recognised my cellphone as WM7VIDSTREAM while the PC side app still does n't work.
I think this could be related to that the PC side app is for mango and the cellphone side is grabbed from 7003. I uploaded the VSD folder which contains what I think are the everything we need for now.
If anyone wants to build an rom, now it's the time.
Click to expand...
Click to collapse
--Update on 2012.August 23 17:42 China Shanghai Time--
One friend, who you will know someday later, gave me a home-make cab which includes the pkg file from Microsoft. Right now it is not for public for now. But it is successful.
Although I started this project, but as it always be, not a technique project but a sociology one. So there are many things and many people's benefit to consider. So just wait for some time, it is there when it is there.
For technique part, the pkg file includes as same as the VSD.rar in the attachment.
Cheers
Click to expand...
Click to collapse
--Update on 2012.August 28 19:43 China Shanghai Time--
Check here, you have what you want. http://forum.xda-developers.com/showthread.php?t=1856509
This is a long story, and finally it ended beautifully.
"Always be closing"--Glengarry Glen Ross (1992)
To me? Yeah, this project closed.
Regards,
marsrogers
Click to expand...
Click to collapse

Well, I can tell you a little about the thing you found (good investigation, by the way!)
First off, that's a module - it's kind of like a file (and shows up in the filesystem) but is baked into the ROM and can't be opened, much less modified, like a normal file.
There are tools that are supposed to be able to re-assemble modules, such as recmod. I haven't been able to get them to work, but maybe I'm just doing it wrong. In theory, it should be possible to create a "normal" DLL out of the components of a module.
The next trick is getting that rebuilt DLL onto the phone. This can be done pretty easily on Samsung, and is possible on interop-unlocked HTC, but on LG/Toshiba/Fujitsu/Dell/Nokia we don't currently have a way.
After that, you'll need to "install" the driver. Now, there's a registry entry for doing this. The problem is, I only know that the entry is required - I don't know if it's sufficient, or if there's also a database or something that must be updated. In any case, any phone where we can put a file into the Windows folder, we can also do registry editing.
Then there's the thing of actually getting the UI for this feature (the Settings "app" to control it). It's vaguely possible that the retail ROMs include it, but this is doubtful, so you'll probably need to pull it out of that old ROM. It's probably an EXE, so it's unlokely you can make a XAP for it - instead, you'll need to install it into the phone directly, including putting in the registry entried to launch it (this is a guess, I've never tried).
It's worth noting here that it's probably *WAY* easier to just pull that feature out of your old ROM and bake it into a custom ROM. This should be pretty straightforward, however, then it's only useful on custom ROMs, which in turn are only possible on HTC phones (right now).

GoodDayToDie said:
Well, I can tell you a little about the thing you found (good investigation, by the way!)
First off, that's a module - it's kind of like a file ...
Click to expand...
Click to collapse
Thanks for your reply. I did something with the recmod, but the dll it packed is only 1kb, apparently it's not useful. I guess it is because there is no imageinfo.bin inside the dll folder. I used some tools recommended by Da_G who started to try modding WP7 on the first day. Like nbsplit.exe to creat a IMGFS.bin, and use xidump to dump it. Just like what they have done before, I got the dll folders as same as I got at the beginning.
You may be right for the part that it's rather easier to build a new rom. There are tools to repack the whole IMGFS from files while I didn't find any good ways to pack a specific folder.
May ask more people all over the world (thx to the internet) cuz I just moved from android. In android, I use cygwin to pack the Odin Tar files, but it's totally different of course.
Anyway, doing this research is just for fun~ All is because MS is moving too slow...not to mention the NFC function I already have for a year on my Nexus S~~
Thank U again!~

This would be awesome good luck

Really a good find! Found that reg entry some time ago but I didn't care about it...Now that you bring up that thing again I also think that this could be very useful (even if you want it just for fun and not for business purposes). But note that the DLL file doesn't have to be in the /windows folder. It could be somewhere different, too.

@-WP7User-: That's an interesting idea, and might enable this to work on LG phones (where we have registry but not filesystem control). The registry value that speicies the path to the driver binary only ever gives the file name (example:
[HKLM\Drivers\Builtin\HTCFileUtility]
Dll="HTCFileUtility.dll")
However, it might work to specify a full path instead of just a relative one (relative to the \Windows folder, one must assume, since that's where the files in question are located).
However, there's still the issue of actually getting the phone to load the driver correctly. Just adding or editing the registry value for Drivers\Builtin didn't work for me - it did something (the driver stopped working when I chancged the value for an existing driver) - I wasn't able to make a user-added DLL work (even a different version of an official driver).

any news on this?

The old Recmod doesn't work on WP7 files. I believe there is a patched version for WP7 floating around XDA somewhere. Have to check my files, could of swore I downloaded it once.
EDIT: Here you go.

I have get the source code for creating the dcTNONE_ANALOGTV.dll, they are .c file and .def file.
My Problem is I don't know how to build them.
And I have got the changeusbmode.exe and the xml file with it. Figuring an idea to put them in.

marsrogers said:
I have get the source code for creating the dcTNONE_ANALOGTV.dll, they are .c file and .def file.
My Problem is I don't know how to build them.
And I have got the changeusbmode.exe and the xml file with it. Figuring an idea to put them in.
Click to expand...
Click to collapse
Download the FixRecMod.exe above I posted. Drag the dctNONE_analogtv.dll folder with the "s000 s001 s002 s003 s004" files in it over the exe. Now you'll find the actual DLL file inside the folder. Any problems, just upload the folder & I'll do it for you.

drkfngthdragnlrd said:
Download the FixRecMod.exe above I posted. Drag the dctNONE_analogtv.dll folder with the "s000 s001 s002 s003 s004" files in it over the exe. Now you'll find the actual DLL file inside the folder. Any problems, just upload the folder & I'll do it for you.
Click to expand...
Click to collapse
I have made the dll successfully. But when I put the dll into the /Windows folder in my Samsung Focus, nothing happened even after a reboot.
And another interesting thing is in WP7 Root Tools, when exploring the /Windows folder, all single file has a "ROM Module" or "ROM File" written blew, but the files I moved in has nothing written under it.
I tried to check the usb mode in diagnosis *#7248#, still there are three options to choose, nothing new.
I personally don't see the future of this project for now.
However, You have done a lot to help, it's very kind of you, thank you so much!

marsrogers said:
I have made the dll successfully. But when I put the dll into the /Windows folder in my Samsung Focus, nothing happened even after a reboot.
And another interesting thing is in WP7 Root Tools, when exploring the /Windows folder, all single file has a "ROM Module" or "ROM File" written blew, but the files I moved in has nothing written under it.
I tried to check the usb mode in diagnosis *#7248#, still there are three options to choose, nothing new.
I personally don't see the future of this project for now.
However, You have done a lot to help, it's very kind of you, thank you so much!
Click to expand...
Click to collapse
It wouldn't have ROM FILE/MODULE under it as it wasn't cooked in. You probably need some registry for it to work. Also, try opening the DLL in PEexplorer & checking to see it it has a cert attached.
Example of a DLL/EXE with a cert;

Gonna cook it into my rom and try it out...Do you have an idea which reg entry it could need?
I think of something for the settings page. Because if you haven't got a settings page for it, how can you activate it?
And maybe another entry which points it to the DLL file...?

-WP7User- said:
Gonna cook it into my rom and try it out...Do you have an idea which reg entry it could need?
I think of something for the settings page. Because if you haven't got a settings page for it, how can you activate it?
And maybe another entry which points it to the DLL file...?
Click to expand...
Click to collapse
Next weekend I may upload the dcTNONE_ANALOGTV.dll folder which I found in the leaked ROM for HTC Surround even before the WP7 was officially to public, the source code which is .c and .def for it, which is to remove some limits for QSD8250 CPU, and the changeusbprofile.exe and changeusbprofile.xml from Asus E600 (the only dev phone has the display mirror feather in 7720 for now)someone Mr X, who I am very grateful to gave me.
I ain't major in this level of computing techs, so I think in order to make the project alive, it's better to share what I have to those who has the ability to do it. Let them holding in my hand is a great waste at present stage.
The QSD8250 is a very old cpu, so there should be no problem with NDA.
P.S
There should be a manual installed usb driver on PC and a client application on PC but I don't have them right now. If you have friends or friend's friend who is a dev, holding a e600 dev phone, try ask them to share something, appreciated.

drkfngthdragnlrd said:
It wouldn't have ROM FILE/MODULE under it as it wasn't cooked in. You probably need some registry for it to work. Also, try opening the DLL in PEexplorer & checking to see it it has a cert attached.
Example of a DLL/EXE with a cert;
http://i105.photobucket.com/albums/m240/drkfngthdragnlrd/Untitled-31.png
Click to expand...
Click to collapse
I've uploaded all my files so you can make the check yourself.
After all I'm major in management not IT techniques so I don't want to pull the path down.
Thank You for the help you offered!~~~

Thanks for uploading your files. But it seems like I can't find the reg key...
There isn't a single reg entry which points to the uploaded .dll. At least not in the official Mango Update for the HD7.
But if you post the whole entry, I could try to cook the .dll into my rom and see what happens.

-WP7User- said:
Thanks for uploading your files. But it seems like I can't find the reg key...
There isn't a single reg entry which points to the uploaded .dll. At least not in the official Mango Update for the HD7.
But if you post the whole entry, I could try to cook the .dll into my rom and see what happens.
Click to expand...
Click to collapse
has this registry something to do With that ? :
Local Machine\Drivers\Display\TV\
PanelDLL=string:"dcTNONE_ANALOGTV.dll"

-WP7User- said:
Thanks for uploading your files. But it seems like I can't find the reg key...
There isn't a single reg entry which points to the uploaded .dll. At least not in the official Mango Update for the HD7.
But if you post the whole entry, I could try to cook the .dll into my rom and see what happens.
Click to expand...
Click to collapse
Just like @tessut posted. It's it. And I think you'd better try to build the dcTNONE_ANALOGTV.dll yourself from the source, it should be more reliable than using fixedRecmod. I can't do that cuz there seems to need many head files that do not exist in computer even I have vs2010...
Sent from my SGH-i937 using XDA Windows Phone 7 App

Okay, if someone wants to try that, too: The exact reg key (just copy and paste) is
[HKEY_LOCAL_MACHINE\Drivers\Display\TV]
"PanelDLL"=string:"dcTNONE_ANALOGTV.dll"
Didn't flash the rom on my device yet, but that's soon going to happen
The dctNONE_analogtv.dll is in the windows folder, the changeusbprofile.exe and .xml are in there, too. I hope it works!
EDIT: Didn't work at all...The ChangeUSBProfile.exe didn't get installed (although I'm 100% sure that it is there and of course in the right folder). Wasn't there a license xml around or something? Because normally a Windows Phone 7 App needs a license file to get installed when starting the phone for the first time. Don't know if this applies to .exe files though.
Has someone got an idea?

-WP7User- said:
EDIT: Didn't work at all...The ChangeUSBProfile.exe didn't get installed (although I'm 100% sure that it is there and of course in the right folder). Wasn't there a license xml around or something? Because normally a Windows Phone 7 App needs a license file to get installed when starting the phone for the first time. Don't know if this applies to .exe files though.
Has someone got an idea?
Click to expand...
Click to collapse
Thanks for the work! Is it possible if we extract the official .cab update file to get a licence and patch it to the exe?
I used a PE Explorer to open the changusbprofile.exe and found a license called"Windows Mobile TCB signing cert" in it.
Another thing is I used a way to open .exe in IE (use IE in WP7 to open this thread and download the usbvideoout.zip and you can have the chance to open changeusbprofile.exe directly) but it failed in Mango. Maybe we should try this in 7004 because this is really an old file. Or we should find a .cab file that contains a exe file in it and this .cab must be announced after mango update.

[Source][Dll][XAP] The HtcRoot project - Testers needed

The result of probably more than 100 hours of solo hackery: a working COM DLL for allowing any application to elevate itself to SYSTEM (root) permissions.
What you need:
An interop-unlocked HTC phone. Sorry second-gen and Arrive users.
A working HtcUtility driver. It's possible some HTC update at some point crippled this. It works for me; if it doesn't work for you let me know what updates you have.
What it does:
Allows changing the security token of any application to give that app unrestricted permissions. At this point, you can call any user-mode API, perform any operation, with full access.
It also allows you to read or write any value from memory, even kernel memory (this is how it modifes the security token).
What it can be used for:
Darn near anything. If it can be done while the phone is booted, you can do it.
What it can't be used for:
Modifying the ROM - the R and O stand for "read only" and they mean it.
Interop-unlocking a phone - it requires interop-unlock to get root in the first place.
How to use it:
In your app, include the HtcRoot.dll library.
Include the code from DriverAccessTest.cs in the test app (defines the COM API and enables using it).
Call the OpenHtcUtility function (will throw an exception if your device is incompatible).
Call the MakeMeRoot function (can also throw exceptions).
(OPTIONAL) Call the ReturnZeroIfRoot function to make sure your app is elevated (does not throw exceptions, will return an error code if you get one).
Do stuff with SYSTEM permissions (probably using another COM DLL, such as for registry or filesystem access).
Call the RestoreToken function (failure to do this *might* cause a kernel memory leak).
Call the CloseHtcUtility function (OS will probably handle this if program just exits).
What you can do right now:
Try the test app. It should pop up a series of messge boxes. Hopefully none of them say anything like "FAILURE".
Report any bugs or failures you discover.
Build things with this library, and publish them!
Breakdown of the download:
There are two folders in the ZIP, one for the Visual Studio 2010 C#/Silverlight XAP project, and one for the Visual Studio 2008 C++/COM DLL project.
The test XAP is in the HtcUtilityTest\bin\Debug folder.
The native (COM) DLL is also available in that folder, or under its own project.
If you want to mess with this, I'm going to assume you are already familiar with hybrid native/managed development for WP7. If not, Heathcliff74 has posted an excellent tutorial on this forum.
Special thanks to:
Heathcliff74 for the hybrid app tutorial and interop unlock info.
Paul_Hammons for the links and info about HtcUtility, the driver that makes this possible. Thread: http://forum.xda-developers.com/showthread.php?t=1434793

Supported devices / firmware versions / ROMs
All HTC devices (if interop-unlocked and with the right firmware numbers) should be compatible.
Some custom ROMs work, some do not. This will depend on the version of the firmware that the ROM's HtcUtility driver is taken from.
I believe I compiled the test app as Mango-only, but the native library doesn't care at all.
Compatible:
Stock ROMs with compatible firmware for HD7, Trophy, Mozart
HD2 (BttF [XBmod-Yuki] v2 SP1)
Not compatible:
Firmware version 2250.21.51004.401 or newer
Verizon Trophy firmware version 2305.13.20104.605 or newer
DFT ROM with build 8107, Firmware 5.10.401
Arrive (except on pre-Mango), Titan, Radar, Titan 2 (no interop-unlock)
Others are untested or results are incomplete.
Goals and future work:
Support more devices:
* Try and add support for newer firmware.
* Help ROM cookers ensure the library is supported.
* Look for similar openings in other OEM libraries.
Future-proofing:
* Allow installation of a mod to support this capability after known updates.
* Resilience against possible future updates.
* Allow users with incompatible devices to downgrade (possibly to NoDo), install the mod, and be able to use the phone after upgrading.
Improve the library:
* Fix some memory leaks.
* Clean up the code - remove dead code and improve comments.
* Allow reading/writing more than 4 bytes at a time from managed code.
* Add APIs to elevate other processes (by name or ID) to SYSTEM.
Develop homebrew around the library:
* Support accessing common APIs (filesystem, etc.).
* Resurrect the Advanced Explorer app, perhaps (registry and filesystem).
* Support native app launching on stock ROMs.

Also reserved
Reserved for OP #2

It does not work on HTC 7 Mozart (HTC Europe):
Error to Write the value 1337 to test address - System.Runtime.InteropServices.COMException (0x8007001F): A device attached to the system is not functioning
Click to expand...
Click to collapse
OS: 7.10.7740.16
Firmware: 2250.21.51101.401
Radio: 5.71.09.02a_22.51.50.21U
Boot: 5.11.2250.1(133487)

Please include the full error message or a description of what went wrong.
Failure on fully updated devices is unfortunately possible - my phone is (intentionally) a few updates behind. I'm looking into ways to make it work anyhow (either sending an older CAB update to roll back, or using the root acess to create an unlocker/root-enabler that survives subsequent updates). I'm going to look into how the full-unlock ROMs differ from standard ROMs, and see if I can do the same thing in running software.

Does it works with custom roms?

If the custom ROM has a working HtcUtility driver, then yes. My goal is to unlock the kind of capabilities normally restricted to custom ROMs on stock firmware, though.
@bleh815: Thanks for the report. That's frustrating; it looks like it is capable of doing read but not write. Write might just be restricted in what addresses is allowed, or it might be disabled entirely (the driver gives the same error code for every problem that I've encountered so far). Time to figure out
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
B) what restrictions that update introduces
C) how to work around those resrtictions (possibly by downgrading and then using root access to add something that will still work after upgrade).

GoodDayToDie said:
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
Click to expand...
Click to collapse
I've just downgraded a mozart of mine back to stock NoDo (TMOB-DE) to find out which OEM update breaks (actually fixes) it.

Cool, thanks! It's one of the post-Mango HTC updates; a Microsoft update wouldn't have modified an HTC driver, and my phone has all the pre-Mango HTC updates but it still works.

.
..........

Hi, at first it says "SUCCESS!", then it says "Trying to open a file gives error 1260" and then it says "Now opening a file gives error 0" and finally "Finally, opening a file gives error 1260".
System informations:
OS=7.10.7720.68
Firmwareversion=2250.21.12200.162
Radio=5.68.09.05a_22.50.50.21U
Bootloader=4.6.2250.0(129185)
HTC 7 Trophy.

That is *exactly* the sequence of messages it is supposed to give!!
In particular, the messages I need to see are the "SUCCESS" (the rest is potentially interesting info, but not very important) and then the "Now opening a file gives error 0".
The "SUCCESS" means that a sequence of read/write tests succeeded.
The "Now... error 0" means that the process has been elevated to full permissions.
The "Finally... error 1260" means that the security token was successfully restored at the end, so it was unable to open the file again. This is the expected and correct behavior.
I don't recognize your Firmware Version number; I'm guessing it's specific to your phone. What method did you use to upgrade to Mango?

how do i install it?

Tried on interop-unlocked HTC Surround, not working Tested any call in VS debug mode - no luck at all.

I can confirm that it works with any OS version, from 7004 to 8107.79
On a HTC 7 Mozart (TMOB-DE) it works with firmware 2250.21.13201.111 (Stock NoDo ROM) but the hole gets fixed with 2250.21.51101.111 (1st Post-Mango HTC Update).

You guys are gods taking programming to a hole new level!
I wish to see ms take you all more serious and not let wp7 fail like minmo6.5 did!
I wish I could get on your level!
I realy need some help lerning basic silverlight my self!
But I have read how hybrid working ant this is just fantastic!
conradulations on all your developments so far you guys are truly amazing!

Oh, that code, beautiful reading that!
Thanks for sharing this learnfull code!

I'd like to try it on my Verizon HTC Trophy, I would love to get file access back....
I downloaded the package and I even have VS 2010 installed but beyond that I have no idea as I am not a programmer.
Can someone post a compiled XAP for us to try to see if our phone works with it or not ?
Or some step by step VS 201 directions to try would also be helpful.

@Ttblondey: *FACEPALM* The path to the test XAP is given in the opening post. You install the XAP on your phone using any XAP deployment tool. It requires that your phone be interop-unlocked; Heathcliff74 has a nice long thread about that. The app is called called HtcUtilityTest. Run it, and report the results. If you want to actually *use* the DLL, the instructions for doing that are given too but you need to write some code.
@sensboston: PLEASE give a more complete report! Success and error messages, at the least. Also, your phone version info. Thanks!
@bleh815: THANK YOU! I mean, it's a little annoying to know how far back this was fixed ("First post-Mango HTC update" means the one that was included *with* Mango for most people, or the one after that?) but good to know. Now, to look at exactly what they changed...
@jackrabbit72380: Thanks man! As for working with it yourself, like I mention below, I'm planning to provide a universal homebrew library that people can easily use to do whatever they want.
@fiinix: You're welcome! Honestly, I didn't expect anybody to call my mess of debug-commented and mildly hacky C++ "beautiful" but that hack itself *is* pretty awesome. My only concern with using it is the risk of a context switch causing the wrong app's token to get overwritten, and I should probably look into that, but I think it's OK for the moment. There are bigger fish to fry.
In the meantime, it should open up a huge list of capabilities for tools like your DllImport project. I'm currently considering reviving Advanced Explorer (like TouchXplorer + Registry Editor, but open source; was never ported to Mango though) using the root access instead of using ComFileRW and the provxml driver. Let me know what you want to do with it!
One other thing I'd like to add is the ability to easily elevate *another* process; it's not hard to do but I haven't written it yet. This could be handy for apps where we don't have the source code (for example, elevate Schaps registry editor, which uses low-privilege native code for browsing, so it can read *all* registry locations instead of just some of them).
@DavidinCT: Well, running the test app is easy, just install the XAP. It just runs a battery of tests though, it doesn't actually *do* anything useful. To get filesystem access, you'll need to write some native code (which means using Visual Studio 2008 and the CE/Smart Device plug-in, see Heathcliff74's toturial on the subject). Basically, you would first use this DLL (accessed via COM, you can look at my own C# code for how to do that) to opent he driver handle and elevate the process to root. You could then write your own COM DLL that uses the standard Win32 filesystem APIs (CreateFile, etc. - all are documented on MSDN) and exposes those APIs, or the results of them, to managed code via COM. Then, back in your phone app (the one that called into my HtcRoot DLL) you can call into your own DLL to access the file system.
If that's too big a leap, don't worry. I plan to release a general-purpose high-privilege homebrew DLL that exposes some of the most-used functionality (filesystem, registry, provxml, and other things by request), is easily extensible (possibly using something like the DllImport project, where you just specify the function you want to call and the DLL it's located in right from C#), and that will be a lot easier to hack with. You'll still need to know C# and basic Silverlight, but it'll be a lot easier (and hopefully useful without knowing any C++ or COM).

GoodDayToDie, you are amazing, always keeping me interested!
When starting the test xap, I get the below, it then goes into the "Page Name" and that's it.
Device Info here, running a FullUnlock DFT Rom by a Chinese dev from the DFT Forum.
Nonetheless, top work on getting this started and can't wait to keep reading about the progress!
XeKToReX