Hi
* Please help keeping the noise level low: Don't ask for ETA (stuff will be anounced), use Thanks buttons to say thx, etc.
* This will work on "fully unlocked" WP7 devices only and is not limited to specific phones
thx, dcordes
HaRET (Handhelds Reverse Engineering Tool) has been used on smartphones and PDAs with previous WinCE (Windows Mobile) versions to
* boot the Linux kernel (=> use Linux based OS like Android)
* obtain information about hardware and software (=> reverse engineering) in order to accordingly modify the Linux kernel (drivers).
Famous HTC devices that are capable of running HaRET are the QSD8250 based HTC HD2 and a wide range of MSM7xxA based phones like the diamond, raphael and touch pro 2.
WP7 is and will be shipped on many devices with quality hardware. In order to be able to run Linux on these, a novel aim is to investigate the use of HaRET on WP7 based devices. WP7 is known to posess several mechanisms to prevent this.
A discussion about the problem has beend started on the official HaRET development mailing list by Jaxbot:
http://lists.linuxtogo.org/pipermail/haret-devel/2012-January/000150.html
You need to send a subscription mail in order to write to the list. The original creators of HaRET as well as many good developers with low level skills (from XDA: Cotulla, NetRipper, cr2) are subscribed to it but maybe not many of them have access to a WP7 device.
HaRET source code repository with history:
http://git.linuxtogo.org/?p=groups/haret/haret.git
Documentation of the HaRET project (publicly accessible wiki):
http://htc-linux.org/wiki/index.php?title=HaRET
See http://htc-linux.org/wiki/index.php?title=HaRET/Documentation#Development for how to compile.
We should discuss the technical possibilites and challenges (if any ) about this project in this thread.
Update: Lots of insight has been gained. Since progress is rapid, uptades are not listed here yet. Please read the full thread for now.
Hi, I and all WP7 users waiting for your result HaRET project.
Thanks for your great work. And I would like to send you a cup of Heiniken beer.
Confirmation number: 0W3951910E743222Y
Hey dcordes,
I did a bit of housecleaning on this thread as I would hate to see this become your old Android-HD2 port thread
I want to see some real discussions going on in here (for a change).
So, HaRET must be, if memory serves me well, developed based on the processor, right? If it worked so well for the HD2, considering that most WP7+ devices from HTC also use Snapdragon's.... it should only take a few tweaks to get it to run (at least compatibility with HW) with most HTC WP7+ devices. The problems will be (I guess):
* Porting over from WM6.5 to WP7+ (may not be as bad as it sounds);
* Making sure that whatever this thing is coded with, it does not have interoplock code running on it (which I think will be kinda difficult considering that several apps that require access to less critical areas of the device require this). if it is interoplocked, then you will run into the issue of multiple versions out there (see Heathcliff's interopunlock thread to see/learn about the HTC variants on the new drivers, etc);
* Drivers, kernels, etc... but I believe that the HW specs between WP7+ devices and the HD2 are not so different, so you may even be able to get the same kernels to work with a few tweaks.
My Titan is already drooling with expectation
Please let me know if this thread needs further cleaning....
Good to see you back.
I feel somewhat obligated to make an appearance, then
Here's what I know, on the WP7 side of things:
A lot of APIs were removed, but the core pieces of CE still remain. I don't know what HaRET does to load Linux into the memory, but I would be shocked if it wasn't possible.
Part of the APIs that were removed were GUI related. This is why HaRET segfaults when you try to load it on a full unlocked device. If these pieces were removed, making it rely only on the command line, the loader might actually work, more or less. A WP7 Silverlight app could easily be built to serve as a launcher for it.
Those pieces aside, it is basically the technical pieces that have yet to be dug into that we are bound to run into. Curious to see what will happen, glad to see this getting some attention Cheers!
for HD2 ok, but for other phone that hasn't SD card?..... i hope however Ubuntu 0.4 will go on magldr, right?
nikola360 said:
for HD2 ok, but for other phone that hasn't SD card?..... i hope however Ubuntu 0.4 will go on magldr, right?
Click to expand...
Click to collapse
Most wp7 phones have the SD built in or in some form of flash storage capability. But you do make a good point, I guess.
Sent from my 4.7" Titan.... My device IS bigger than yours.
It's still Windows CE, there's nothing to emulate but the missing APIs
As the MAGLDR for Samsung focus/omnia7 will be out in around just now , maybe it will be possible to manage smthng
nhathoa egzthunder1, thank you very much for the kind welcome
Jaxbot said:
Here's what I know, on the WP7 side of things:
A lot of APIs were removed, but the core pieces of CE still remain. I don't know what HaRET does to load Linux into the memory, but I would be shocked if it wasn't possible.
Part of the APIs that were removed were GUI related. This is why HaRET segfaults when you try to load it on a full unlocked device. If these pieces were removed, making it rely only on the command line, the loader might actually work, more or less. A WP7 Silverlight app could easily be built to serve as a launcher for it.
Those pieces aside, it is basically the technical pieces that have yet to be dug into that we are bound to run into. Curious to see what will happen, glad to see this getting some attention Cheers!
Click to expand...
Click to collapse
I don't have much insight on how the kernel is loaded either. Obviously it's important for HaRET to have a non-protected memory region it is allowed to write to and then there is something called trampoline that will flush remaining memory and execute the kernel...
GUI: http://htc-linux.org/wiki/index.php?title=HaRET_Documentation#HaRET_commands
"HaRET is fundamentally a command-line driven application."
Can you try to rename your default.txt into startup.txt ? In presence of startup.txt inside the directory of the exectuable, HaRET will automatically run commands inside that file, rather than first showing the GUI. (Maybe it will still crash cause it still depends on the libraries although they won't be used ? See linload below)
Also be sure to create a file named earlyharetlog.txt and check the resulting log in haretlog.txt which would be a good thing to put on the mailing list.
The other way to invoke HaRET commands is through haretconsole (also check doku above). Once the gui shows you can tap a listen button and haret will launch a telnet server. You can then connect remotly from your computer OR (and that might become our replacement gui from a local telnet client on the phone. There is one available in the wp7 software manager: http://www.windowsphone.com/en-GB/apps/333b1e98-4c72-4cf9-a5d0-9d82b6b18213
One possible way to cut through all GUI right now is the linload feature of haret that will burn loader, kernel, startup.txt and initrd into one single exe . Requires local source code and build environment to create. I think it is very likly that this will not depend on any GUI libs so we should really try in case of startup.txt failure!
Beside linload we might create a HaRET stripped from GUI that will be accessible via haretconsole only until we have a new WP7 compatible GUI.
Regarding compiling: http://htc-linux.org/wiki/index.php?title=HaRET_Documentation doesn't have anything on that. But the source code does: http://git.linuxtogo.org/?p=groups/haret/haret.git;a=tree;f=docs
nikola360 said:
for HD2 ok, but for other phone that hasn't SD card?..... i hope however Ubuntu 0.4 will go on magldr, right?
Click to expand...
Click to collapse
Doesn't matter, why would you need SD card ? I guess if a phone lacks SD, it will come with plenty internal storage that can hold at least a minimal rootfs of any Linux distro.
Yes HD2 Ubuntu will work with magldr, I already picked up the work with that but that's offtopic. I will anounce any news via hd2 ubuntu forum section and twitter.
EDIT: If somebody is willing to try, I can create a linload for HD2s that have WP7 flashed. This will be a perfect test setup because we have a known working Linux kernel for the HD2.
dcordes said:
nhathoa egzthunder1, thank you very much for the kind welcome
I don't have much insight on how the kernel is loaded either. Obviously it's important for HaRET to have a non-protected memory region it is allowed to write to and then there is something called trampoline that will flush remaining memory and execute the kernel...
GUI: http://htc-linux.org/wiki/index.php?title=HaRET_Documentation#HaRET_commands
"HaRET is fundamentally a command-line driven application."
Can you try to rename your default.txt into startup.txt ? In presence of startup.txt inside the directory of the exectuable, HaRET will automatically run commands inside that file, rather than first showing the GUI. (Maybe it will still crash cause it still depends on the libraries although they won't be used ? See linload below)
Also be sure to create a file named earlyharetlog.txt and check the resulting log in haretlog.txt which would be a good thing to put on the mailing list.
The other way to invoke HaRET commands is through haretconsole (also check doku above). Once the gui shows you can tap a listen button and haret will launch a telnet server. You can then connect remotly from your computer OR (and that might become our replacement gui from a local telnet client on the phone. There is one available in the wp7 software manager: http://www.windowsphone.com/en-GB/apps/333b1e98-4c72-4cf9-a5d0-9d82b6b18213
One possible way to cut through all GUI right now is the linload feature of haret that will burn loader, kernel, startup.txt and initrd into one single exe . Requires local source code and build environment to create. I think it is very likly that this will not depend on any GUI libs so we should really try in case of startup.txt failure!
Beside linload we might create a HaRET stripped from GUI that will be accessible via haretconsole only until we have a new WP7 compatible GUI.
Regarding compiling: http://htc-linux.org/wiki/index.php?title=HaRET_Documentation doesn't have anything on that. But the source code does: http://git.linuxtogo.org/?p=groups/haret/haret.git;a=tree;f=docs
Doesn't matter, why would you need SD card ? I guess if a phone lacks SD, it will come with plenty internal storage that can hold at least a minimal rootfs of any Linux distro.
Yes HD2 Ubuntu will work with magldr, I already picked up the work with that but that's offtopic. I will anounce any news via hd2 ubuntu forum section and twitter.
EDIT: If somebody is willing to try, I can create a linload for HD2s that have WP7 flashed. This will be a perfect test setup because we have a known working Linux kernel for the HD2.
Click to expand...
Click to collapse
I've tried startup.txt, it still segfaults, won't even print out a log from what I can tell. I'll play around with some stuff and report back, though.
ok. I updated wiki and added compilation info http://htc-linux.org/wiki/index.php?title=HaRET/Documentation
UPDATE: I attached a linload for HD2. Could somebody please run it on their WP7 HD2 and tell us what happens? TIA!
What's this? A special version of HaRET that is solely for booting a Linux kernel that is included inside the exe.
linload source: http://git.linuxtogo.org/?p=groups/haret/haret.git
linux kernel source: http://gitorious.org/linux-on-wince-htc/linux_on_wince_htc
i have a stupid question, what is reason test it on HD2 where you can install android without problem. on native wp7 phones you will not run this app as I know. or maybe I'm wrong? maybe on custom rom?
I have mozart interop unlocked, I can test something if there will be some staff for my phone.
ronalgps said:
I'm going to test this mate
Click to expand...
Click to collapse
Thanks a lot. this is going to be interesting!
Could you create a file called earlyharetlog.txt inside the same directory of linload.exe ? I don't know if this works but see if it will give you a logfile in the same directory after starting linload.exe
I bet it will just crash, just like normal HaRET.exe when using startup.txt
dcordes said:
Thanks a lot. this is going to be interesting!
Could you create a file called earlyharetlog.txt inside the same directory of linload.exe ? I don't know if this works but see if it will give you a logfile in the same directory after starting linload.exe
I bet it will just crash, just like normal HaRET.exe when using startup.txt
Click to expand...
Click to collapse
Tried it with earlyharetlog.txt in the same directory. No log is spit out, and while there is no error code when running the EXE, it crashes before I can even pull the running processes list.
ok does it show anything ? loading screen or so ? it's what I expected. if you compiled haret.exe before, linload takes 2 seconds to build. It might just be the exact haret.exe ...
dcordes said:
ok does it show anything ? loading screen or so ?
Click to expand...
Click to collapse
Nope, no signs that it even loads, except for the fact the Win32 API reports NO_ERROR after shell executing it.
From what I saw, linload.exe cannot run under WP7 because it depends on libgcc_s_sjlj-1.dll, witch cannot be found in WP7. You can try running Haret.exe. All the necessary APIs are there, so no problem about UI related functions. Only one function is missing: SetKmode, witch is used by Haret to take kernel mode privileges, to flush the memory. In WP7 this function is not available and i don't know any workaround about this. We can try to recompile Haret from source, remove SetKmode call from output.cpp and memory.cpp, update functions ordinals in the import table for new Haret.exe to match those from WP7 coredll.dll (i'm not sure about this, maybe can work without matching ordinals) and see if we have a working GUI.
Thanks for this insight, minDark. may I ask how you found out about the missing dependencies?
It's not so nice that the kernel mode function is missing in WP7. How are we going to start the kernel without it?
I did as you proposed and compiled haret.exe without it. I just commented out lines containing setkmode. But I didn't change the ordinals stuff because I have no idea what that is.
no-kmode haret.exe with minDark's proposed kmode patch is attached. Any WP7 device owners welcome to test.
diff to current haret.git HEAD:
Code:
haret$ git diff
diff --git a/src/memory.cpp b/src/memory.cpp
index ccba659..53c0826 100644
--- a/src/memory.cpp
+++ b/src/memory.cpp
@@ -320,7 +320,7 @@ err: VirtualFree (pmWindow, 0, MEM_RELEASE);
if (slot >= PHYS_CACHE_COUNT)
{
// Go into supervisor mode
- SetKMode (TRUE);
+// SetKMode (TRUE);
cli ();
cpuFlushCache ();
@@ -333,7 +333,7 @@ err: VirtualFree (pmWindow, 0, MEM_RELEASE);
// Back to user mode
sti ();
- SetKMode (FALSE);
+// SetKMode (FALSE);
}
// Move least recently used slot to front
@@ -354,12 +354,12 @@ void memPhysReset ()
if (pmInited)
{
// Go into supervisor mode
- SetKMode (TRUE);
+// SetKMode (TRUE);
cpuFlushCache ();
// Restore the page table entries
for (int i = 0; i < 16 * PHYS_CACHE_COUNT; i++)
pmPT [i] = pmOldPT [i];
- SetKMode (FALSE);
+// SetKMode (FALSE);
VirtualFree (pmL2PT, 0, MEM_RELEASE);
VirtualFree (pmWindow, 0, MEM_RELEASE);
diff --git a/src/wince/output.cpp b/src/wince/output.cpp
index cc65d40..e4be7ed 100644
--- a/src/wince/output.cpp
+++ b/src/wince/output.cpp
@@ -276,9 +276,9 @@ prepThread()
// All wince 3.0 and later machines are automatically in "kernel
// mode". We enable kernel mode by default to make older PDAs
// (ce2.x) work.
- Output("Setting KMode to true.");
- int kmode = SetKMode(TRUE);
- Output("Old KMode was %d", kmode);
+// Output("Setting KMode to true.");
+// int kmode = SetKMode(TRUE);
+// Output("Old KMode was %d", kmode);
}
// Initialize the haret application.
I download it through my hd7 but when I try to open it stated this file isn't safe to open in your windows phone.
Ttblondey said:
I download it through my hd7 but when I try to open it stated this file isn't safe to open in your windows phone.
Click to expand...
Click to collapse
You have to deploy it to your phone, then execute it with native code.
Related
Android NBHCREATOR [v0.3] on Ubuntu. FROYO SUPPORT & ADVANCED SETTINGS [July-29-2010]
NBHCreator v 0.3
NBHCreator makes the nbh file for flashing android to nand.
This utility works for Vogue, Polaris and Kaiser.
Currently supporting Donut, Eclair and Froyo
Prerequisites:
1. you need to be running Ubuntu (other Debian distros may work, give it a try) NBHCreator v2.0 will be cross-platform
2. you need to have wine installed ( I am using v1.1.42)
Make sure to "Completely" uninstall previous versions before installing newer versions.
Directions as follows:
a. select the zImage you wish to make an nbh for... try one from here:Working Kaiser GPS!! or here:DZO
b. change parameters to your liking...
c. click on the "compile" button...
d. select output folder.
and Flash Away...
Please Search for how to flash if you don't know how.
that being said...
I welcome any and all criticisms of this program
and I would appreciate any advice, suggestions, questions or comments.
Version 0.3b
-Fixed Window issues.
-For now...do not save output to a FOLDER on the Desktop.
-DOES NOT WORK YET WITH 2.6.32 ZIMAGES
Version 0.3 (07-29-2010)
-Now Supporting Froyo
-New Advanced Settings for things like Clock speed and Memory.
-Added a Date Stamp option for output filename.
-Removed internal Error checking[/B]
-This version has window issues with the xfce desktop environment. fixed in 0.3b
Version 0.2b (07-01-2010)
-Fixed false errors when creating for Vogue and Polaris
Version 0.2 (06-15-2010)
- Added ability to select zImage with name extentions ie... "zImage-12-06-10"
- Output filename now refects device type ie... "VOGUIMG, POLAIMG and KAISIMG"
- Added some error checking to make sure nbh was built correctly
- misc internal code fixes.
-False Error messages are popping up for vogue and polaris. Resulting nbh should still be usable. Fixed in 0.2b.
Version 0.1 (06-09-2010)
- should work for Kaiser, Vogue and Polaris
- Device specific options
- Settings for hw3d (donut/eclair)
- Settings for Resolution 240x320, 320x428, 320x480
- Settings for Panel Type 1, 2, 3
- Settings for Battery Capacity
- Settings for ppp.nostart (Data)
- May not work with loser's editor (let me know...)
- more options to come
- NBHs are all being named KAISIMG.NBH will be fixed in v0.2
Honestly? I think it rocks, since I'm to lazy to build my own NBH's
I see the similarities, and also the differences, and I think you should continue development personally, it's a different approach, and I can see the possibility to add to it by being able to include boot splashes perhaps, or edited initrd/zimage combinations for instance.
So yeah, keep at it
Yep, sounds like a great idea. A nbh editor is good for beginners, but it would be nice to be able to build your own. Could open up a lot of opportunities for customization.
Just make a Windows and a Mac port as well, for the future.
ok....so far progress is going along very well. I have this functioning on my setup
but I still have to work out making it transferable to other computers.
while I work on this, are there any additions that you would like to see added.
I will see if I can squeeze any changes into the beta release.
What language and GUI toolkit are you using?
It would be fairly portable if written in Python with GTK or Tk.
I am using gambas2 in ubuntu.
I am still trying to port my visual basic knowledge to gambas. it doesn't all function the same.
I have minimal experience in Python. but if you know any good tips I am all open for suggestions.
Now available for testing
really???? no feedback at all???
I have to get around to install Ubuntu, and I don't have the hard disk space for it just yet. Been meaning to go buy a terabyte hard drive to dual boot.
got sources or anything like that so I can haz on gentoo?
currently attempting to break open the deb, will fall back to a vm in worst case.
Edit: As I expected, I found the solution right after posting. Run NBHCreator.gambas from /usr/bin
I'm fairly new to Ubuntu and I've never use Wine before so can't work out how to get this running
The package installed, along with it's dependencies. Now what? How do I run it?
Sorry if this is basic stuff...
richard.
Working ok here. Still need to flash it onto my Kaiser - will report back if I find any problems.
Thank - this is a handy little tool
Edit: Hmm, output file only 4.8K so something is not right. Probably down to me so I'll keep playing.
richard_s said:
Edit: As I expected, I found the solution right after posting. Run NBHCreator.gambas from /usr/bin
richard.
Click to expand...
Click to collapse
The install deb should have created a 'start menu' item under /Applications/Other/NBHCreator
that is confirmed under the default Ubuntu window manager 'Gnome'
however I have not tested it in KDE or any other non-gnome window manager.
what window manager are you using?
poly_poly-man said:
got sources or anything like that so I can haz on gentoo?
currently attempting to break open the deb, will fall back to a vm in worst case.
Click to expand...
Click to collapse
let me know if you get it. I don't have the source available at the moment. it's on my wife's computer.
richard_s said:
Working ok here. Still need to flash it onto my Kaiser - will report back if I find any problems.
Thank - this is a handy little tool
Edit: Hmm, output file only 4.8K so something is not right. Probably down to me so I'll keep playing.
Click to expand...
Click to collapse
the resulting nbh must be 3M
DON'T FLASH IF IT ISN'T 3M.
make sure the zImage file is named 'zImage' and not somthing like 'zImage-12-06-10'
I am fixing the next version to allow different names for zImage.
mnjm9b said:
the resulting nbh must be 3M
DON'T FLASH IF IT ISN'T 3M.
make sure the zImage file is named 'zImage' and not somthing like 'zImage-12-06-10'
I am fixing the next version to allow different names for zImage.
Click to expand...
Click to collapse
No - I won't be flashing it! The file name is definitely just 'zImage'. Oh well I'll wait for the next version and try again.
richard_s said:
No - I won't be flashing it! The file name is definitely just 'zImage'. Oh well I'll wait for the next version and try again.
Click to expand...
Click to collapse
I haven't built in a error log into the program but could you run
the NBHCreator.gambas in a terminal and post the output.
what device are you building for and what are your settings?
After restarting Ubuntu your program it is all working as expected. Sorry about that - I should have thought to try that first
yeah, had to throw it into a virtual machine. Nice tool, though.
If someone describes the process in great detail (including the binary formats and all that), I can make a slightly more portable version, if you'd like.
I will be releasing a more cross-platform version after I work out all the bugs.
Keeping it ubuntu for now keeps the distribution of a crappy program to a minimal.
on that note... V0.2 will be out very shortly.
this will address
-input filename variations ie.. 'zImage-12-06-10'
-output filename specific to correct device ie.. 'VOGUIMG,POLAIMG and KAISIMG'
-error checking
-misc fixes
So, this is post made by man with obsession.
I need help with idea.
I told myself i need Amiga emu faster than pocketuae.
Uae4all is kind of emu that could be perfect for porting, so i decided to give it a try.
Natural choice was use of gizmondo port(wince device, similar envinronement etc).
Giz port relies on 0.6.3 so it is old and not sophisticated, but just works for df0: games from a500, and it has minimal amount of tricks made by porters in further developement, that's the point of choice.
I am not a programmer, so you must realize word "desperation" in whole context.
So, i tried to compile sources under cygwin and winxp, after NUMEROUS woes with makefile, sdl libs, etc etc - it compiles with newest mamaich compiler with precompiled SDL set(used to making qemu - ONLY toolset that works for gizuae4all sources - that's interesting) with some warnings - mainly related to FAME m68 core, unfortunately :E, but no general errors.
GUI works, there is no touchscreen support, dpad works, hardenter chooses cursor chosen options, filemanager works fine.
Problems start after "Run":
- uae4all has LED info about df0: and df1: drives, and i can see that df0: is accesed, sectors are changing, i assume it works fine(40's sector boots properly), but emulator quits after few seconds(i see decrunching of rick dangerous 2 cracktro PROPERLY, for example, then it crashes),
- reboot without disc in df0: results in proper 3 color boot defaults of a500(with kick 13), and proper 1 colour(violet) 3.1 boot defaults, but it quits when "begging hand"(1.3) or disc(3.1) img should appear.
Assuming:
some Amiga generated data are displayed, other ones crashes emulator.
I am not sure, where problem lies.
Now:
- is there someone that compiled scummvm for wm/wince here, or have some experience with SDL? I can see it is getting forgotten method, but still useful, though.
(info from original makefile for giz, note SDL_mixer here;/):
SDL_BASE = C:/code/Gizmondo/GizSDL
LDFLAGS = -L$(SDL_BASE) -lSDL_mixer -lSDL -lzlib -static
I tried to compile libs(whole SDL, Mixer, zlib one after another) from sources, but NONE of them compiled properly. So i took easy way of using precompiled set + small modifications...well..there are no lib related errors at last, then..
- or maybe, if it is compiler/crosscompiler envinronment problem, is there someone, that could help me to set up tools properly?
Remember, compiling ends with exe, so i am not sure about this. Other thing i would try is using mingwce-gcc set, but i did not succedeed in proper set-up with that one.
I can provide sources, toolpack or whatever after FIRST response from anyone, that can help or is interested in idea.
upd: ahh, btw gizmondo exe is not working at all, it quits regardless of (wince/wm versions of)dlls replacement. Mainly for hardcoded file/path reasons.
<post written while listening to http://demovibes.de:8000/necta192.mp3 >
Screenshots(skip resolution and all, it just doesn't matter at this moment..i think, only that matters is 4rd one, crash moment, 3.1 kick bkg colour visible):
When we were back on NoDo there were quite a few homebrew apps that used native code to apply tweaks to WP7 devices. Most of those apps seized to work after the device is upgraded to Mango. There a several reasons for this behavior. I've done research on this, because I wanted to make WP7 Root Tools compatible with Mango. In this topic I'd like to explain how developers can fix their apps to work on Mango again. It has taken me quite some time to compile this guide, but I hope to give the Homebrew development on WP7.5 Mango a boost.
This guide is NOT about creating homebrew executables (exe-files) for WP7. This guide aims to utilize native code DLL's (C++ / ARM) from within your Silverlight app.
Note that with native code you get access to a lot of extra API's. But that does not mean you automatically get access to resources you normally won't have access to. For example, you can use the CopyFile() API. But if you try to copy a file to the \Windows folder, you will get errorcode 0x4ec (1260), which means "Blocked by policy". So you are still bound to the rules of the sandbox of your app. If you want Full Root Access for your app, you have to wait for a new version of WP7 Root Tools, which will allow you to give your app root-access. I'm also working on an SDK for that, which wraps all common task into a neat managed library. But don't hold your breath for that, because it's all taking a bit longer than I expected.
To understand everything in this guide you need basic knowledge of C++, COM-interop and Silverlight for Windows Phone. If you are new to all this, you might want to do some reading on these topics first. Currently there is no way to debug the native code. The only thing you can do is create test-functions which return formatted debug-info. This makes things pretty difficult. Read the guide carefully, because a little mistake can make your app crash easily!
Important note: If you have any long-running tasks, they may work fine while you are debugging. But you need to make sure that you start a new thread to run this code. Because, when you run without debugger the WatchDog will monitor your application and if the User Interface thread is blocked for more than 10 seconds the WatchDog will exit your app ungracefully!
It has been suggested that native homebrew DLL's need to be signed with approved code-signing keys. This is in fact not true! You can use native DLL's on Mango devices, which are not signed at all!
Basically there are two reasons why homebrew apps are not working anymore:
- Interop Lock
- DLL's were built against libraries, which are not supported anymore on Mango
Interop Lock is discussed in this thread. Interop Lock is a new protection mechanism in WP7.5 Mango. Basically it means you can't use apps with ID_CAP_INTEROPSERVICES, unless a device is Interop Unlocked. Without ID_CAP_INTEROPSERVICES an app can't call any drivers. And most homebrew apps call these drivers directly or indirectly. So if an app uses the Interop Capability, it can only run on devices that are Interop Unlocked. If you're going to build an app that uses this capability on Mango, you'll have to give your users instructions on how to apply Interop Unlock on their device.
Most of the native code libraries that were used on NoDo, were based on a hand full of projects. These projects were created and then extended for their own needs by other developers. The result was that most of these projects had the same project-types and library-references. In Mango, a lot of DLL's that were not used anymore by Microsoft, have been removed from the OS. Mostly in the ShellCore. The DLL's were meant for MFC-type functionality, which was never even supported on WP7. Actually, these DLL's are not even used by the homebrew apps either, but there are references to these DLL's in the homebrew libraries, which will cause the library to fail loading into memory. You can see this behavior when you try to run an app with non-Mango-compatible native code on an Interop Unlocked device from within the Visual Studio 2010 development environment. When the COM-class is instantiated it will throw an COMException: "COM object with CLSID '{...}' cannot be created due to the following error: The request is not supported." This is errorcode 0x80070032. This exception is actually caused due to the fact that the previous call to RegisterComDll() failed. If you get the returnvalue of that function you should have 0. In this case the return-value is probably 0x8007007E, which is "Module Not Found". This actually means that you directly or indirectly refer to a DLL, which cannot be found on the device. To fix this we need to create a clean project and add our new or existing native code to that project.
Here are the steps to setup your development environment and create a new, clean project for your native code. Please keep in mind that this guide is still work-in-progress. I may add more detailed instructions and examples later on, when people ask for it.
Update 2011/10/15: Some improvements in the guide, based on comments of rudelm and GoodDayToDie.
Install Visual Studio 2008 with latest service pack and hotfixes. Make sure you install C++. You need Visual Studio 2008, because the necessary SDK does not support Visual Studio 2010.
Install Windows Mobile 6 Professional SDK Refresh.
Install Visual Studio 2010 with latest service pack and hotfixes. You need this to create your Windows Phone Silverlight app.
Install Windows Phone SDK 7.1.
Download the attached Microsoft.Phone.InteropServices.zip. After you downloaded the zip-file, open the file-properties and make sure the file is "unblocked" (Windows will block downloaded files). Some unzippers, including the built-in unzipper from Windows will mark the unzipped files as "blocked", which would give problems later on if you don't unblock first.
If your developmachine is 32-bit you go to "C:\Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone71" or if you have a 64-bit machine you go to "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone71". Extract the DLL from the zip-file in this folder.
Open the Visual Studio Commandprompt and change directory to the folder where you just extracted the DLL. Then enter this command:
Code:
SN -Vr Microsoft.Phone.InteropServices.dll
In the same folder there is a subfolder called "RedistList". Open that folder and open the file "FrameworkList.xml". Add this line to that file:
Code:
<File AssemblyName="Microsoft.Phone.InteropServices" Version="7.0.0.0" Culture="neutral" ProcessorArchitecture="MSIL" InGac="false" />
Thanks to Tom Hounsell for this tip!
Install the latest version of Zune.
Open Visual Studio 2008 and create a new project.
Choose Visual C++ / Smart Device / ATL Smart Device Project and fill in a name and location for your native library. Do NOT choose MFC, or your library won't work on WP7! The name will be the name for the DLL. Later on you will create a COM-class. Choose a different name for your library and for your COM-class!
In the new wizard click "Next".
Remove the "Pocket PC 2003" from the Selected SDK list and add "Windows Mobile 6 Pro SDK" to the selected SDK's. Click "Next".
In "Application Settings" keep everything default and click "Finish".
Set your configuration to "Release", because you won't be able to debug anyway.
Go to Project Properties / Configuration Properties / C/C++ / Preprocessor / Preprocessor Definitions and add this: _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA
Right-click the project and click "Add" / "Class" and choose "Simple ATL object".
In the new dialog enter the "Short name" for your COM-class. All other names are filled in automatically. Keep those names default to avoid naming-conflicts. Also make sure the name of your COM-class is different from the name of the library. All other options can are default, so you can click "Finish" now.
The basic layout for your native project is now ready. Note that you have these files: for your library you have a header-file (.h), a code-file (.cpp) and a COM-definition-file (.idl) and for your COM-class you have a header-file (.h) and a code-file (.cpp). I will refer to these files in the following steps, so make sure you can identify these files.
The COM-class you have now is based on IDispatch. IDispatch is the COM-interface that supports reflection-like functionality. The COMBridge in WP7 does not support this interface. Instead we should use IUnknown, which is the base-interface for all COM-objects and supports reference-counting.
In the header file of your COM-class you can see the public inheritance of IDispatchImpl. This is no problem and you can leave it as it is. But you can also see this COM-mapping:
Code:
COM_INTERFACE_ENTRY(IDispatch)
You need to remove that line.
In the IDL file of your library you need to change the inheritance of the COM-class from IDispatch to IUnknown.
Your native code layout is now ready to add your methods. A method in COM-class should always have HRESULT as return-type. This value should be 0 or positive in case of success (normally use constant S_OK for success). If you have an errorcode which should throw a COMException do a logical OR with 0x80070000 and return that value. If you want to return a variable, you'll to declare that as parameter of your method and decorate it as returnvalue in the IDL-file. The parameter-types are bound by the definition of COM. You can read about the supported COM-datatypes here and here. Study those parameter-types closely, because any mismatch in your managed and unmanaged declarations will make your app crash definitely. You need to add all your methods in 3 different places: in the COM-class code, in the COM-class interface and in the IDL-file. Later on you need to add an exactly matching interface to your managed code. All the declarations have their own specific format and decoration. I will give an example of two different functions for these 3 files. Note that in these examples, the COM-class was named "Native", so the class implementation is called "CNative" and the interface is called "INative". You have to change that if your class has a different name.
In the COM-class implementation (.cpp-file) add this code:
Code:
STDMETHODIMP CNative::TestMethod1()
{
BOOL result = ::CopyFile(L"\\Windows\\0000_System.Windows.xaml", L"\\Windows\\Test.xaml", TRUE); // This will fail due to insufficient privileges. This is expected behavior to show how errors can be handled.
if (result)
return S_OK;
else
return 0x80070000 | ::GetLastError();
}
STDMETHODIMP CNative::TestMethod2(BSTR InputString, BSTR* OutputString)
{
size_t size = 1000; // in chars
TCHAR* msg = new TCHAR[size];
wcscpy_s(msg, size, L"\0");
LPWSTR value = new WCHAR[20];
_itow((int)wcslen(InputString), value, 10);
wcscat_s(msg, size, L"Length of string is: ");
wcscat_s(msg, size, value);
*OutputString = SysAllocString(msg);
delete[] msg;
delete[] value;
return S_OK;
}
In the interface of the COM-class (.h-file) add this code immediately after END_COM_MAP():
Code:
STDMETHOD(TestMethod1)();
STDMETHOD(TestMethod2)(BSTR InputString, BSTR* OutputString);
Locate your interface in the IDL-file of the library. This may look a bit weird, because there are a lot of attributes that decorate the empty interface. Add these declarations to your interface (note the decoration of the parameters, read more here):
Code:
HRESULT TestMethod1();
HRESULT TestMethod2(BSTR InputString, BSTR* OutputString);
Now we need to locate two GUID's and copy them in a text-file, because we need these GUID's later on. These GUID's are in the IDL-file. We will call the first GUID "interface-GUID". It is the "uuid" in the tag RIGHT ABOVE the interface-declaration. We will call the second GUID "coclass-GUID". It is the "uuid" in the tag RIGHT ABOVE the coclass-declaration. There also a "uuid" in the tag above the library-declaration, but we don't need that one.
Open Visual Studio 2010 and create a new project: Visual C# / Silverlight for Windows Phone and choose a project-type, name and location.
Now go back to your native project in Visual Studio 2008. The compiled result DLL of this project will be used in your Windows Phone app. To make sure you always use the latest version of the native DLL in your Windows Phone app, you can add a Post Build Event to this project. This example assumes you will have a folder with a subfolder for the native solution and a subfolder for the Windows Phone solution. Go to Project Properties / Configuration Properties / Build Events / Post-build Events and add this (change the paths according to the soluton-foilder you will create for your Windows Phone app):
Code:
copy "$(TargetPath)" "$(SolutionDir)..\MyApp
If you checked the option "Create folder for solution" when you created the Windows Phone project, you may want to add another subfolder "\MyApp" to the path.
Now build your native project! The compiled DLL should now also be copied to the folder of your Windows Phone app.
Create a new file called "WPInteropManifest.xml" in the folder of your managed Windows Phone app. Copy this content in the file:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<Interop>
</Interop>
Switch back to Visual Studio 2010. In the solution explorer click on "Show all files". Your native DLL and the "WPInteropManifest.xml" should be shown now.
Select the "WPInteropManifest.xml" file and in the file-properties set "Build action" to "Content" and set "Copy" to "Always". You will always need this file in your project, regardless you will be calling drivers or not. If you don't have this file in your project, you won't be able to use your native DLL.
Select your native DLL and in the file-properties set "Build action" to "Content" and set "Copy" to "Always".
In the solution explorer, right-click on the project and choose "Add Reference". Then select "Microsoft.Phone.InteropServices".
Open the "WMAppManifest.xml" file and add this line below the other capabilities:
Code:
<Capability Name="ID_CAP_INTEROPSERVICES" />
Later on, you can try if your app will work without this capability. If you only use native code without calling drivers (directly or indirectly), you don't need the capability and your app will also work on devices that are not Interop Unlocked then. This specific example does not call any drivers, so in this example the ID_CAP_INTEROPSERVICES can be omitted and then it would run on non-Interop-Unlocked devices.
Now add a code-file to your project and copy this code into the file. You need the the coclass-GUID and interface-GUID you copied into a text-file earlier and you also need to replace the name of the class and interface to the names you used. Also note that the declaration must be an exact match (order and parameters) with the declaration in the IDL-file, although the IDL-file is differently formatted.
Code:
using System.Runtime.InteropServices;
[ComImport, ClassInterface(ClassInterfaceType.None), Guid("YOUR-COCLASS-GUID-GOES-HERE")]
public class CNative
{
}
[ComImport, Guid("YOUR-INTERFACE-GUID-GOES-HERE"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface INative
{
void TestMethod1();
[return : MarshalAs(UnmanagedType.BStr)]
string TestMethod2([MarshalAs(UnmanagedType.BStr)] string InputString);
}
Note that the interface is declared as IUnknown.
Now you need to call the native code. You can add this code to the constructor of your Page or to the eventhandler of a button, or anywhere you like. Be sure to replace the DLL-name, interface-name and class-name and use your coclass-GUID. The exception is a well-known error-code and the exception will be casted to a UnauthorizedAccessException, instead of a COMException.
Code:
uint retval = Microsoft.Phone.InteropServices.ComBridge.RegisterComDll("WP7Native.dll", new Guid("YOUR-COCLASS-GUID-GOES-HERE"));
INative MyNativeCodeInstance = (INative)new CNative();
string result1 = "OK";
try
{
MyNativeCodeInstance.TestMethod1(); // UnauthorizedAccessException is thrown due to insufficient privileges. This is expected behavior to show how errors can be handled.
}
catch (Exception ex)
{
result1 = ex.Message;
}
string result2 = MyNativeCodeInstance.TestMethod2("Hello, Mango!");
MessageBox.Show(result1 + Environment.NewLine + result2);
You can now run your project! Be sure that you deploy it to your device. The emulator won't work, because you project uses native ARM code. The emulator runs on x86, so your native DLL won't load in the emulator.
When you go more advanced, you may need the Marshal-class. For example to copy a native memory-block to a managed byte-array. Be aware that there are actually two "Marshal" classes. There is "Microsoft.Phone.InteropServices.Marshal" and "System.Runtime.InteropServices.Marshal". They both look the same. But be sure you are using "Microsoft.Phone.InteropServices.Marshal", because it will allow you to do a lot more! Most methods in "System.Runtime.InteropServices.Marshal" will throw a MethodAccessException, because they are tagged [SecurityCritical], while the same methods in the other Marshal class will work.
I hope this will help you port your homebrew apps to Mango or create some fresh new homebrew! If you created an app with native code, drop me a line here. Show me your Screen Recorders, Accent Changers and more!
Ciao,
Heathcliff74
looking fwd to the native apps , a universal screenshot apps would be awesome..
Update :
scratch that, just ready that the app will be bound to the rules of the sandbox of your app.I guess that means no universal screenshot app yet
Its time to get native! Thanks Heathcliff.. I think I have a very good idea on something I could use native code for.. Ill pm you =)
Sent from my SGH-i917 using XDA Windows Phone 7 App
Suddenly, awesomesauce! Wow, big thanks Heathcliff74! Eve since you said you'd figured out homebrew native DLLs on Mango, I was really excited to see what people could do. I never guessed the real reason homebrew DLLs didn't work on Mango, although in retrospect this makes sense. You're awesome for investigating this for us.
Thoughts that immediately come to mind:
Update the existing screen capture apps.
Update the existing WebServer app.
(As part of the above) update the sockets DLL so we have server sockets again.
Explore how much filesystem access we have. Can files be copied from one app's isostore to another app's isostore?
Explore accessing drivers. The HTC update breaks filesystem access for HTC homebrew, but maybe there's another driver entry point we can use.
Investigate direct access to the SMS store (message backup?)
... and so much more. Oh, this is going to be fun!
the0ne said:
looking fwd to the native apps , a universal screenshot apps would be awesome..
Update :
scratch that, just ready that the app will be bound to the rules of the sandbox of your app.I guess that means no universal screenshot app yet
Click to expand...
Click to collapse
Hi!
Screenshots apps are definitely possible! The API for this can be called from within the sandbox and using OEM drivers it is possible to switch off dehydration. I already discussed this with fiinix and gave him this info. And I believe he almost has a Mango version ready.
Thanks for writing the article
Ciao,
Heathcliff74
great to hear about the progress
thanks Heathcliff74 for sharing!
Wooohooo nice HowTo! I will definitively try it and will report later. However, that will require that I go back to NoDo and back to Mango first. I'm not looking forward to that procedure... anyways awesome work Heathcliff, thank you!
@GoodDayToDie: you mentioned that the HTC libraries are fixed regarding file access. Julien Schapman from TouchXplorer mentioned something like that a while ago on twitter. Do you have any additional information on that topic? Is it just the DLL files from the HTC apps or is it something with the Mango HTC Update? I'll hope this is reversible, if I go back to NoDo and want to try Heathcliffs instructions :/
@rudelm, I only have experimental knowledge; I haven't dug into the actual update. However, the way that things like ComFileRW.dll work is by calling into some high-permission module in the HTC firmware (probably a driver using an IOCTL, though it could possibly be an RPC call to a privileged process) which then executes the requested action with high permissions. That's why the HTC DLLs don't do anything on other phones; they can't talk to the component that actually does the work.
My guess is that the HTC update simply turned off whatever it was that the COM DLLs are calling into. It could be more complex than that - for example, they could be trying to validate the caller, and prevent it from being used by homebrew - but whatever they did, neither DLL works anymore once you have the HTC update *even though the DLLs themselves did not change.*
Is it reversible? Well, "fixing" whatever component they were calling into is one option. Using Heathcliff74's Root Tools to gain full permissions on a "normal" homebrew app is another. There might be more, but it would need more study.
Thanks. Will try it. Hopefully i can get "GetPhoneNumber" from Windows Mobile 6 SDK to run or maybe trying http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx
GoodDayToDie said:
@rudelm, I only have experimental knowledge; I haven't dug into the actual update. However, the way that things like ComFileRW.dll work is by calling into some high-permission module in the HTC firmware (probably a driver using an IOCTL, though it could possibly be an RPC call to a privileged process) which then executes the requested action with high permissions. That's why the HTC DLLs don't do anything on other phones; they can't talk to the component that actually does the work.
My guess is that the HTC update simply turned off whatever it was that the COM DLLs are calling into. It could be more complex than that - for example, they could be trying to validate the caller, and prevent it from being used by homebrew - but whatever they did, neither DLL works anymore once you have the HTC update *even though the DLLs themselves did not change.*
Is it reversible? Well, "fixing" whatever component they were calling into is one option. Using Heathcliff74's Root Tools to gain full permissions on a "normal" homebrew app is another. There might be more, but it would need more study.
Click to expand...
Click to collapse
uhoh... sounds pretty bad for HTC users. If it was a firmware update, we will have a bigger problem. I will try to revert back to Nodo and will try Heathcliffs instructions for Native Code first. InteropUnlock is still something I need to try for Mango
rudelm said:
uhoh... sounds pretty bad for HTC users. If it was a firmware update, we will have a bigger problem. I will try to revert back to Nodo and will try Heathcliffs instructions for Native Code first. InteropUnlock is still something I need to try for Mango
Click to expand...
Click to collapse
No worries. I did some testing with contable and we just got confirmation that my exploits for HTC will still work on HTC Interop Unlocked Mango devices (needs a little adjustment, but No Problem!) Still working on a version of WP7 Root Tools for Samsung/HTC/LG RTM/NoDo/Mango!!
Ciao,
Heathcliff74
A screenshot app is allready there:
TouchXperience for Mango from Schaps.
Atm there is only missing the WPDM Mango update for being able to save the screenshot...
Heathcliff, could you please try to fix that HTC bug first? I am running into this problem with the HTC update and now my old code does not work anymore But at least my phone is finally interop unlocked because I could deploy the app on Mango but I get this error:
COM object with CLSID '{C6BD09B4-96AA-4524-89C4-665A15DD7C9B}' cannot be created due to the following error: The request is not supported. .
Which is one of the errors you mentioned on the first page. So far, so good
rudelm said:
Heathcliff, could you please try to fix that HTC bug first? I am running into this problem with the HTC update and now my old code does not work anymore But at least my phone is finally interop unlocked because I could deploy the app on Mango but I get this error:
COM object with CLSID '{C6BD09B4-96AA-4524-89C4-665A15DD7C9B}' cannot be created due to the following error: The request is not supported. .
Which is one of the errors you mentioned on the first page. So far, so good
Click to expand...
Click to collapse
I don't get what you mean. What HTC bug? What HTC update?
Ok, I will explain it:
There was a HTC Update when I upgraded from Mango B2 Refresh to the Mango RTM from Microsoft. It was followed by a smaller HTC Update. It was called HTC Update for Windows Phone. You can read it here in my blog.
Yesterday, I decided to revert back to NoDo, so that I could Interop Unlock my HD7 before I upgrade to Mango RTM. I did this with these tools and instructions from petbede.
However, ansar found out, that MS changed the update procedure and included the HTC update directly in the 7720.68 update.
Now you mentioned yesterday, that you and contable found a solution to use the HTC DLLs although there was this HTC update on our phones. That was when I already feared that the HTC update will break everything I tried so far.
So I called it the HTC bug, because it breaks my stuff
rudelm said:
Ok, I will explain it:
There was a HTC Update when I upgraded from Mango B2 Refresh to the Mango RTM from Microsoft. It was followed by a smaller HTC Update. It was called HTC Update for Windows Phone. You can read it here in my blog.
Yesterday, I decided to revert back to NoDo, so that I could Interop Unlock my HD7 before I upgrade to Mango RTM. I did this with these tools and instructions from petbede.
However, ansar found out, that MS changed the update procedure and included the HTC update directly in the 7720.68 update.
Now you mentioned yesterday, that you and contable found a solution to use the HTC DLLs although there was this HTC update on our phones. That was when I already feared that the HTC update will break everything I tried so far.
So I called it the HTC bug, because it breaks my stuff
Click to expand...
Click to collapse
I see. Well, I didn't find a solution. I just checked if MY exploit still works. And it does! I don't even know what you use exactly (I assume you use some HTC DLL's, but I don't know which and I don't know which functions). I don't use the HTC DLL's myself. Mainly because I don't want to get copyright issues when releasing WP7 Root Tools. Just look at the current release of WP7 Root Tools. No OEM code in there. So I don't think I can fix that for you.
Ciao,
Heathcliff74
Hm ok, I understand. I was using a HTC dll for changing a registry value (overriding DHCP DNS Server). However, it is interesting to know why the HTC DLLs all of sudden stopped working after this update. The DLLs inside the HTC tools seem to be the same size and should not be changed by the update.
But this shouldn't then influence the DLL made with your instructions in this thread i guess?
@rudelm:
The HTC devices have HSPL support, so why you donĀ“t flash the latest xboxmod rom ? This saves a lot of time and all available types of unlocking can be sent via cab sender.
For writing registry keys or doing file operations you can use DiagProvXML til Heathcliff has finished the next version of WP7 Root Tools.
Is there any other reason why you are updating your phone the official way ?
@rudelm: The HTC DLLs don't actually have elevated permissions by themselves. To do things that an app n ormally lacks permissions for (like accessing the whole filesystem or writing to the registry), it needs to call into a high-permission component (probably a driver or a high-permission process). All HTC had to do to make the registry and filesystem COM DLLs stop working is to change that component so it didn't do what the COM DLLs told it to do.
@contable: I've heard enough reports of things that *should* work on HTC phones not working on the custom ROMs that I'm hesitant to install one. Then there's the risk of bootloader issues. Then there's the lose-all-your-data-because-your-phone-gets-reformatted issue - until I have my backup app working fully, I prefer to avoid the last one in particular.
Edit: If you are looking for working attachments, please look at this posting.
@contable:
I need an unmodified version of WP7 for my master thesis. The other thing is that I don't want to play around with HSPL without having the original SPL or firmware. It's like GoodDayToDie said: I'm still hesitating of the said reasons.
@GoodDayToDie:
The HTC applications still work and they were not updated afaik. So they are using the same DLL files. If there would be some driver running in TCB or ECB and they changed something, then their applications should stop working too. However, they can still be executed without problems. I am not sure what DLLs are used by advancedexplorer, but I think it were also the HTC dlls. My own application which used the HTC dlls stopped also.
@Heathcliff:
I've tried your instructions and found some errors in it:
step 23: *OutpuString = SysAllocString(msg); instead of *OutputString = SysAllocString(msg);
step 25: ; missing after OutputString)
step 28: add \MyApp to path, because VS2010 Solutions always have a subfolder with the same name of the solution
step 36: [return : MarshalAs(UnmanagedType.BSTR)] should be [return : MarshalAs(UnmanagedType.BStr)]
step 37: result 2 needs a type => string result 2 = ...
on first run:
Error 1 Could not load the assembly file:///C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone71\Microsoft.Phone.InteropServices.dll. This assembly may have been downloaded from the Web. If an assembly has been downloaded from the Web, it is flagged by Windows as being a Web file, even if it resides on the local computer. This may prevent it from being used in your project. You can change this designation by changing the file properties. Only unblock assemblies that you trust. See http://go.microsoft.com/fwlink/?LinkId=179545 for more information. NativeTestApp
Click to expand...
Click to collapse
This is because you forgot to register the DLL first. Look here: http://thounsell.co.uk/2010/11/avoi...g-the-interopservices-library-to-the-wp7-sdk/ and then down in the comments:
You must open the visual studio 2010 command prompt as administrator and call:
SN -Vr Microsoft.Phone.InteropServices.dll
then close and reopen Visual Studio, now it should work
Click to expand...
Click to collapse
In addition that, you will have to unblock the file in Windows Explorer, Properties of the file. Otherwise you will get this error in Xaml view:
Could not load file or assembly 'Microsoft.Phone.InteropServices, Version=7.0.0.0, Culture=neutral, PublicKeyToken=24eec0d8c86cda1e' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)
Click to expand...
Click to collapse
This unblock will only work, if you use the Windows Explorer in administrator mode. The DLL file should be copied to a path were every user can access the file. Unblock it there and move it than back to the WindowsPhone71 folder. I've extracted it directly to the WindowsPhone71 folder and I couldn't change its properties there.
I've created a VS2008 and VS2010 sample project on your instructions and tried to add some comments to the sources. I've attached them to this post. Here are a few extra information to my project:
Interface-GUID: D28D8CB9-F8BC-4379-9D0A-FA77C87EF814
coclass-GUID: 7300CD4A-03F4-4569-B2D8-F1515385D46D
COM Class: NativeTestClass
INativeTestClass and CNativeTestClass
Always results in retval 0 and this exception:
System.MethodAccessException was unhandled
Message=Attempt to access the method failed: System.IO.FileInfo..ctor(System.String)
StackTrace:
at Microsoft.Phone.InteropServices.ComBridge.RegisterComDll(String dllFileName, Guid clsid)
at NativeTestApp.MainPage.actionButton_Click(Object sender, RoutedEventArgs e)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(MouseButtonEventArgs e)
at System.Windows.Controls.Control.OnMouseLeftButtonUp(Control ctrl, EventArgs e)
at MS.Internal.JoltHelper.FireEvent(IntPtr unmanagedObj, IntPtr unmanagedObjArgs, Int32 argsTypeIndex, Int32 actualArgsTypeIndex, String eventName)
Click to expand...
Click to collapse
I've rechecked every step but I am still stuck. The phone itself should be interop unlocked, otherwise I couldn't have deployed the app with the capability activated. Could you please look into it? I know this error from my earlier attempts to access the HTC dll directly, but then I used the NativeLibrary here from XDA which took care of all the GUID things etc.
The result of probably more than 100 hours of solo hackery: a working COM DLL for allowing any application to elevate itself to SYSTEM (root) permissions.
What you need:
An interop-unlocked HTC phone. Sorry second-gen and Arrive users.
A working HtcUtility driver. It's possible some HTC update at some point crippled this. It works for me; if it doesn't work for you let me know what updates you have.
What it does:
Allows changing the security token of any application to give that app unrestricted permissions. At this point, you can call any user-mode API, perform any operation, with full access.
It also allows you to read or write any value from memory, even kernel memory (this is how it modifes the security token).
What it can be used for:
Darn near anything. If it can be done while the phone is booted, you can do it.
What it can't be used for:
Modifying the ROM - the R and O stand for "read only" and they mean it.
Interop-unlocking a phone - it requires interop-unlock to get root in the first place.
How to use it:
In your app, include the HtcRoot.dll library.
Include the code from DriverAccessTest.cs in the test app (defines the COM API and enables using it).
Call the OpenHtcUtility function (will throw an exception if your device is incompatible).
Call the MakeMeRoot function (can also throw exceptions).
(OPTIONAL) Call the ReturnZeroIfRoot function to make sure your app is elevated (does not throw exceptions, will return an error code if you get one).
Do stuff with SYSTEM permissions (probably using another COM DLL, such as for registry or filesystem access).
Call the RestoreToken function (failure to do this *might* cause a kernel memory leak).
Call the CloseHtcUtility function (OS will probably handle this if program just exits).
What you can do right now:
Try the test app. It should pop up a series of messge boxes. Hopefully none of them say anything like "FAILURE".
Report any bugs or failures you discover.
Build things with this library, and publish them!
Breakdown of the download:
There are two folders in the ZIP, one for the Visual Studio 2010 C#/Silverlight XAP project, and one for the Visual Studio 2008 C++/COM DLL project.
The test XAP is in the HtcUtilityTest\bin\Debug folder.
The native (COM) DLL is also available in that folder, or under its own project.
If you want to mess with this, I'm going to assume you are already familiar with hybrid native/managed development for WP7. If not, Heathcliff74 has posted an excellent tutorial on this forum.
Special thanks to:
Heathcliff74 for the hybrid app tutorial and interop unlock info.
Paul_Hammons for the links and info about HtcUtility, the driver that makes this possible. Thread: http://forum.xda-developers.com/showthread.php?t=1434793
Supported devices / firmware versions / ROMs
All HTC devices (if interop-unlocked and with the right firmware numbers) should be compatible.
Some custom ROMs work, some do not. This will depend on the version of the firmware that the ROM's HtcUtility driver is taken from.
I believe I compiled the test app as Mango-only, but the native library doesn't care at all.
Compatible:
Stock ROMs with compatible firmware for HD7, Trophy, Mozart
HD2 (BttF [XBmod-Yuki] v2 SP1)
Not compatible:
Firmware version 2250.21.51004.401 or newer
Verizon Trophy firmware version 2305.13.20104.605 or newer
DFT ROM with build 8107, Firmware 5.10.401
Arrive (except on pre-Mango), Titan, Radar, Titan 2 (no interop-unlock)
Others are untested or results are incomplete.
Goals and future work:
Support more devices:
* Try and add support for newer firmware.
* Help ROM cookers ensure the library is supported.
* Look for similar openings in other OEM libraries.
Future-proofing:
* Allow installation of a mod to support this capability after known updates.
* Resilience against possible future updates.
* Allow users with incompatible devices to downgrade (possibly to NoDo), install the mod, and be able to use the phone after upgrading.
Improve the library:
* Fix some memory leaks.
* Clean up the code - remove dead code and improve comments.
* Allow reading/writing more than 4 bytes at a time from managed code.
* Add APIs to elevate other processes (by name or ID) to SYSTEM.
Develop homebrew around the library:
* Support accessing common APIs (filesystem, etc.).
* Resurrect the Advanced Explorer app, perhaps (registry and filesystem).
* Support native app launching on stock ROMs.
Also reserved
Reserved for OP #2
It does not work on HTC 7 Mozart (HTC Europe):
Error to Write the value 1337 to test address - System.Runtime.InteropServices.COMException (0x8007001F): A device attached to the system is not functioning
Click to expand...
Click to collapse
OS: 7.10.7740.16
Firmware: 2250.21.51101.401
Radio: 5.71.09.02a_22.51.50.21U
Boot: 5.11.2250.1(133487)
Please include the full error message or a description of what went wrong.
Failure on fully updated devices is unfortunately possible - my phone is (intentionally) a few updates behind. I'm looking into ways to make it work anyhow (either sending an older CAB update to roll back, or using the root acess to create an unlocker/root-enabler that survives subsequent updates). I'm going to look into how the full-unlock ROMs differ from standard ROMs, and see if I can do the same thing in running software.
Does it works with custom roms?
If the custom ROM has a working HtcUtility driver, then yes. My goal is to unlock the kind of capabilities normally restricted to custom ROMs on stock firmware, though.
@bleh815: Thanks for the report. That's frustrating; it looks like it is capable of doing read but not write. Write might just be restricted in what addresses is allowed, or it might be disabled entirely (the driver gives the same error code for every problem that I've encountered so far). Time to figure out
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
B) what restrictions that update introduces
C) how to work around those resrtictions (possibly by downgrading and then using root access to add something that will still work after upgrade).
GoodDayToDie said:
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
Click to expand...
Click to collapse
I've just downgraded a mozart of mine back to stock NoDo (TMOB-DE) to find out which OEM update breaks (actually fixes) it.
Cool, thanks! It's one of the post-Mango HTC updates; a Microsoft update wouldn't have modified an HTC driver, and my phone has all the pre-Mango HTC updates but it still works.
.
..........
Hi, at first it says "SUCCESS!", then it says "Trying to open a file gives error 1260" and then it says "Now opening a file gives error 0" and finally "Finally, opening a file gives error 1260".
System informations:
OS=7.10.7720.68
Firmwareversion=2250.21.12200.162
Radio=5.68.09.05a_22.50.50.21U
Bootloader=4.6.2250.0(129185)
HTC 7 Trophy.
That is *exactly* the sequence of messages it is supposed to give!!
In particular, the messages I need to see are the "SUCCESS" (the rest is potentially interesting info, but not very important) and then the "Now opening a file gives error 0".
The "SUCCESS" means that a sequence of read/write tests succeeded.
The "Now... error 0" means that the process has been elevated to full permissions.
The "Finally... error 1260" means that the security token was successfully restored at the end, so it was unable to open the file again. This is the expected and correct behavior.
I don't recognize your Firmware Version number; I'm guessing it's specific to your phone. What method did you use to upgrade to Mango?
how do i install it?
Tried on interop-unlocked HTC Surround, not working Tested any call in VS debug mode - no luck at all.
I can confirm that it works with any OS version, from 7004 to 8107.79
On a HTC 7 Mozart (TMOB-DE) it works with firmware 2250.21.13201.111 (Stock NoDo ROM) but the hole gets fixed with 2250.21.51101.111 (1st Post-Mango HTC Update).
You guys are gods taking programming to a hole new level!
I wish to see ms take you all more serious and not let wp7 fail like minmo6.5 did!
I wish I could get on your level!
I realy need some help lerning basic silverlight my self!
But I have read how hybrid working ant this is just fantastic!
conradulations on all your developments so far you guys are truly amazing!
Oh, that code, beautiful reading that!
Thanks for sharing this learnfull code!
I'd like to try it on my Verizon HTC Trophy, I would love to get file access back....
I downloaded the package and I even have VS 2010 installed but beyond that I have no idea as I am not a programmer.
Can someone post a compiled XAP for us to try to see if our phone works with it or not ?
Or some step by step VS 201 directions to try would also be helpful.
@Ttblondey: *FACEPALM* The path to the test XAP is given in the opening post. You install the XAP on your phone using any XAP deployment tool. It requires that your phone be interop-unlocked; Heathcliff74 has a nice long thread about that. The app is called called HtcUtilityTest. Run it, and report the results. If you want to actually *use* the DLL, the instructions for doing that are given too but you need to write some code.
@sensboston: PLEASE give a more complete report! Success and error messages, at the least. Also, your phone version info. Thanks!
@bleh815: THANK YOU! I mean, it's a little annoying to know how far back this was fixed ("First post-Mango HTC update" means the one that was included *with* Mango for most people, or the one after that?) but good to know. Now, to look at exactly what they changed...
@jackrabbit72380: Thanks man! As for working with it yourself, like I mention below, I'm planning to provide a universal homebrew library that people can easily use to do whatever they want.
@fiinix: You're welcome! Honestly, I didn't expect anybody to call my mess of debug-commented and mildly hacky C++ "beautiful" but that hack itself *is* pretty awesome. My only concern with using it is the risk of a context switch causing the wrong app's token to get overwritten, and I should probably look into that, but I think it's OK for the moment. There are bigger fish to fry.
In the meantime, it should open up a huge list of capabilities for tools like your DllImport project. I'm currently considering reviving Advanced Explorer (like TouchXplorer + Registry Editor, but open source; was never ported to Mango though) using the root access instead of using ComFileRW and the provxml driver. Let me know what you want to do with it!
One other thing I'd like to add is the ability to easily elevate *another* process; it's not hard to do but I haven't written it yet. This could be handy for apps where we don't have the source code (for example, elevate Schaps registry editor, which uses low-privilege native code for browsing, so it can read *all* registry locations instead of just some of them).
@DavidinCT: Well, running the test app is easy, just install the XAP. It just runs a battery of tests though, it doesn't actually *do* anything useful. To get filesystem access, you'll need to write some native code (which means using Visual Studio 2008 and the CE/Smart Device plug-in, see Heathcliff74's toturial on the subject). Basically, you would first use this DLL (accessed via COM, you can look at my own C# code for how to do that) to opent he driver handle and elevate the process to root. You could then write your own COM DLL that uses the standard Win32 filesystem APIs (CreateFile, etc. - all are documented on MSDN) and exposes those APIs, or the results of them, to managed code via COM. Then, back in your phone app (the one that called into my HtcRoot DLL) you can call into your own DLL to access the file system.
If that's too big a leap, don't worry. I plan to release a general-purpose high-privilege homebrew DLL that exposes some of the most-used functionality (filesystem, registry, provxml, and other things by request), is easily extensible (possibly using something like the DllImport project, where you just specify the function you want to call and the DLL it's located in right from C#), and that will be a lot easier to hack with. You'll still need to know C# and basic Silverlight, but it'll be a lot easier (and hopefully useful without knowing any C++ or COM).
GoodDayToDie, you are amazing, always keeping me interested!
When starting the test xap, I get the below, it then goes into the "Page Name" and that's it.
Device Info here, running a FullUnlock DFT Rom by a Chinese dev from the DFT Forum.
Nonetheless, top work on getting this started and can't wait to keep reading about the progress!
XeKToReX
UPDATE: Still working on a newer version of the webserver, but I've been distrcted by a number of other projects lately (including getting a new job). The most important news is that the Root Webserver works great with WP7 Root Tools; you don't need a full-unlocked ROM or HtcRoot compatibility anymore! Just mark the app as Trusted in the WP7 Root Tools policy pivot, and you're good to go.
Sorry for the long delay, I've been working on many different things. One of them is re-write of a substantial part of this app, to make it more modular and extensible and also to add more features. That re-write is far from done, any may end up being broken into a few smaller pieces once any of the new or re-written features reach release-quality without the whole app being unusably broken.
This project started out as a child of the HtcRoot project. It no longer requires HtcRoot; full-unlock or WP7 Root Tools work fine. It's also a child of the Functional Webserver / WebServer (Mango) projects, and builds on their open-source foundations. Its goal is to allow unfettered access to your phone through the convenience of a web browser.
Fifth release (v2.3.1)
Platform release, minor feature release, minor library update, bugfixes
Should now be compatible with fully unlocked custom ROMs, even if they can't use the HtcRoot project.
This release does not include NativeIO_Mango source, as it was not changed. If you need the source for this library, extract it from the 2.2.0 download.
Homebrew library (v1.6.3)
Better detection and reporting of exceptions due to not being root.
Should be safe to use the HtcRoot functionality on fully-unlocked ROMs.
Please see the changelog in the app for details and history
Note that this app requires a slight update to NativeIO_Mango from @fiinix's version. There were some bugs in the library that were making things difficult, so I fixed them. I also changed the return values of a couple functions (though the signatures are unchanged) to give the ability to return error codes from COM. Source code for both the managed Homebrew and COM NativeIO_Mango libraries is included, along with compiled binaries. Source code for the HtcUtility library can be downloaded from the HtcRoot proect.
Features:
View folder and ROM Module last-modified dates. (NEW 2.3.1)
File attribute info now presented better. (NEW 2.3.1)
Upload files anywhere. (2.2.0)
Create and delete directories anywhere. (2.2.0)
Delete writable files.
Add or Remove readonly attribute from files. (2.2.0)
See file size and attributes for any file.
Browse the entire filesystem.
Download any file (still not ROM modules, though).
Static HTML files in a "Content" folder for easier editing.
Easy link to browse (and add your own files) to Content folder (2.2.0)
All features of previous WebServer versions (IsoStore uploading, authentication, etc.)
Changelog
Bugfixes:
Fixed a case where setting file attributes or uploading a file would fail due to lacking permissions.
Fixed the potential for infinite loops on fully-unlocked ROMs compatibel with the HtcRoot project.
More effort to eliminate RootException / Error 1260.
Upcoming:
Access the registry as well as the filesystem.
Better access to installed application info and folders.
View, edit, move, and rename files.
Rename and move directories.
Server-side commands (process provxml, for example)?
Filesystem/Registry/Application search?
Known Bugs:
App may take several seconds to close; don't re-launch it immediately or weird things may happen.
Touching the screen while the app is in "root" mode appears to cause a crash, and posible resource leak.
Error 1260 (Least Privileged Chamber) may still occasionally appear on first access attempt or two... really wish I knew why.
Requirements:
Developer-unlocked phone (if you remove ID_CAP_INTEROPSERVICES it will work without root access, cutting off most of the filesystem).
For root access, you need *EITHER*
* A fully-unlocked ROM
* An interop-unlocked HTC phone with working HtcUtility driver
If your phone is compatible with the HtcRoot project, you're OK.
Thanks To:
Davux (original author of the "Functional Webserver" app)
Fiinix (Ported the NativeIO library and Webserver app to Mango)
MarysFetus (designed icons and graphics for the webserver app - site http://klaus-widraw.de)
Everybody who helped make the HtcRoot project possible.
Have fun!
Reserved for OP
Also reserved.
pretty neat
I'm not by my HTC HD2 but anybody know if will this work on it under the B.t.t.F ROM?
Awesome work GDTD!
EDIT: Doesn't work on a HTC HD2 on B.t.t.F v2.1 @ 8107 (no SP1) I get the following error when trying to connect from my PC:
Code:
Exception while getting the listing for /!
Homebrew.InteropException: Error listing subdirectories of ! GetLastError: 1260 at Homebrew.IO.DirectoryInfo.GetDirectories(String filter) at Homebrew.IO.DirectoryInfo.GetDirectories() at WebServer.MainPage.handler.BuildDirectoryListing(String dirPath) at WebServer.MainPage.handler.Process(RequestContext context) at HttpServer.Server.ProcessModules(RequestContext context) at HttpServer.Server.HandleRequest(RequestEventArgs e) at HttpServer.Server.OnRequest(Object sender, RequestEventArgs e) at HttpServer.HttpListener.OnRequest(Object sender, RequestEventArgs e) at HttpServer.HttpContext.OnRequest(Object sender, FactoryRequestEventArgs e) at HttpServer.Messages.MessageFactoryContext.OnMessageComplete(Object sender, EventArgs e) at HttpServer.Messages.Parser.HttpParser.OnComplete() at HttpServer.Messages.Parser.HttpParser.GetHeaderName() at HttpServer.Messages.Parser.HttpParser.Parse(Byte[] buffer, Int32 offset, Int32 count) at HttpServer.Messages.MessageFactoryContext.Parse(Byte[] buffer, Int32 offset, Int32 length) at HttpServer.HttpContext.ParseBuffer(Int32 bytesLeft) at HttpServer.HttpContext.OnReceive(Int32 bytesLeft) at HttpServer.HttpContext.b__a() at System.Threading.ThreadHelper.ThreadStartHelper(ThreadHelper t) at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStartHelper()
It is interop unlocked so I don't get the error.
NOOOO I AM CRYING !!! THIS IS WHAT I WANTED AND I CAN'T EVEN TRY IT !!
Kill me now ;_; sigh sob sigh
EDIT : good work and good luck
@voluptuary: If you can run the HtcUtilityTest app successfully (from the HtcRoot page) then yes, this will work.
On that thread, I have the following listed as compatible:
HD2 (BttF [XBmod-Yuki] v2 SP1)
That your ROM?
@Voluptuary:
To quote from the Known Bugs section:
First attempt to access the filesystem will often fail or take too long; hit refresh a couple times and it should work.
I don't know why it does this. I built in some delays and some automatic retries, and that improved things dramatically - it will *almost* always work on the first freresh attempt (or second click on the Filesystem link) now - but didn't eliminate the problem. I'm not sure what it is; on the test app the switch to SYSTEM token is effectively instant. Maybe it has to do with the number of threads or something?
Anyhow, give it another shot and it should work. I contemplated just putting in a 5-second auto-refresh on the error page...
GoodDayToDie said:
@Voluptuary:
To quote from the Known Bugs section:
First attempt to access the filesystem will often fail or take too long; hit refresh a couple times and it should work.
I don't know why it does this. I built in some delays and some automatic retries, and that improved things dramatically - it will *almost* always work on the first freresh attempt (or second click on the Filesystem link) now - but didn't eliminate the problem. I'm not sure what it is; on the test app the switch to SYSTEM token is effectively instant. Maybe it has to do with the number of threads or something?
Anyhow, give it another shot and it should work. I contemplated just putting in a 5-second auto-refresh on the error page...
Click to expand...
Click to collapse
Sorry, I should have read your post better. I hate when people do that to me in my threads, I should know better.
Anyways I got it working, kinda. It still gave the error at the top of the page but then it listed the directories anyways, then navigating to Windows always fails, just times out or stays loading forever. This is over Wifi, I guess it could be a latency problem but everything else on my network runs fine.
I install but it does nothing.It shows serial on usb, softwareloopback interface1,bcmsddhd1
I'm looking into ways to resolve the read error issue. Once it decides to work, I can leave the app running for hours (on USB power, idle detection disabled of course) and browse with no trouble, but when I first open the app it's ornery for a few minutes. Very weird (and annoying). I'm guessing it's due to a threading issue, which would technically be a bug in the HtcRoot library, but I'll need to explore more.
By the way, the Windows folder takes a moment to load (it's huge). It should work pretty reliably though (you can open it for reading without having root at all, actually) and it opens a lot faster on my version than it did on the earlier ones (StringBuilder + half as many FileSystem calls + eliminated one of the slowest calls).
@Ttblondey: Dude, it's a W E B S E R V E R app. It runs a web server on your phone. You browse it through a web browser. I literally don't know what else to tell you, except to go read the threads on the other web server apps.
New version uploaded!
This contains some bigfixes - in particular, the Error 1260 bug (failure to elevate to root before trying to access the filesystem) has been mitigated to the point where it shouldn't be a problem.
It also uses a new version of the Homebrew library, 1.6.0, which incorporates access to the HtcRoot project under the Homebrew.HtcRoot namespace. Previously, the HtcRoot project was tacked onto the webserver directly, which meant the Homebrew library was unaware of its existence.
Requirements and major features have not changes in this update. Source code is included.
Great work you are doing here man! Too bad i don't own a HTC
@Briefcase: Thanks! I wish I could support more phones. Heathcliff74 may be able to enable something for Samsung (gen1 at least) but he hasn't released a library for doing so yet.
FEATURE RELEASE 2.1.0 is out.
Major changes: File attributes information, file deletion.
You should talk with ROM chefs here to include read/write enabled HtcUtility in their roms because all recent ROMs unfortunately doesn't support your findings.
@Pr0xiMUS: That's a good point. This tool is potentially more powerful that TouchXplorer or Registry Editor from TouchXperience, but those are the primarily-targeted apps in custom ROMs.
I wonder if adding registry support will be as straighforward (and simultaneously frustrating, due to bugs) as filesystem support...
New version (2.2.0).
Some bugfixes, more file operations (uploading any file anywhere, adding and removing directories). Add your own files to the Content folder so you can serve them directly, if you want.
If anybody knows of a ready-made and Mango compatible registry COM library (that's open source, thanks a ton @schaps), this would save me some time. If not, I can either ports one from NoDo or write my own well enough.
I am not able to browse the File System getting the following error.
Exception while getting the listing for /!
System.Runtime.InteropServices.COMException (0x8007001F): A device attached to the system is not functioning.
Using DFT V3 rom on Htc 7 Pro (Gold)
@Kr3i0s: Your ROM is not compatible with the HtcRoot project, due to it having a crippled HtcUtility driver. If the ROM is updatable, it might be possible to downgrade the HtcUtility driver using a custom CAB. Otherwise, you'll need to wait for (or switch to) a ROM that has a working HtcUtility driver.
EDIT: Actually, a fully-unlocked ROM can probably use this app even without HtcRoot compatibility. I'll modify the app so that it detects Error 31 and tries to fall back on whatever permissions it already has.