Related
Got an epix/i907 and seem some of the builtins will not run. Seems to be completely app unlocked. Here is what I posted elsewhere and then though it to be of poor choice
"Anyone have a clue how to get soundtest.exe to run directly without having to use the *#0002*28346# code? I assume is expects a certain spawning process but not sure what or who in the RIL handles calling the internal proggies."
So is there a stub or commandline being sent or a special certificate signing? When executed, nothing happens but works fine from the keysequence. I searchfor string entries but never found an exe or dll housing the kequence or soundtest.exe. So what be up?
Alright, this may sound like a really stupid question, but...
I just started writing my first toy application for .NET CF and I got stuck with the following problem:
I'm trying to read a xml file using XmlReader, but the Read() method throws a NotSupportedException as soon as it encounters <!DOCTYPE... Apparently, in desktop .net, you can control this behavior with the ProhibitDtd property, but this option is missing in Compact Framework.
Surely there must be an easy way around this - I mean, reading xmls with embedded DTD is a common task, right?
It appears that the only way to get around this is to manually check your XML for a DOCTYPE and stripping that before you pass it to the XmlReader
Has anybody written one? I've seen lots of apps that include this binary, but they all use provisioning for registry writes and a homebrew WinCE DLL for registry reads. That's great, except that in Mango you can't use the homebrew DLLs anymore.
I'd like to write an app that can read and write specific values (the signed DLL doesn't appear to support browsing). The catch is, of course, no dependency on unsigned native code.
If somebody has already written an app or library that does this, and doesn't mind sharing the code (I'll open anything I write with it, of course) that would be awesome.
hm you don't need provisioning for registry editing with this HTC DLL, I think. The DLL provides functions that enable you to edit/read registry entries. The provision part is used for this provider specific configurations.
And there should be a way to use these homebrewn registry editors to use in Mango. People around here report that they installed the apps while running NoDo and then using Ansars method to upgrade to Mango. But unfortunately it didn't worked for me so far
If somebody is intrested we can make a port of our app (which generates on device provxml files) available for htc devices. Ill need somebody to help me out with some testing. It works already on samsung devices on mango, file operations and stuff.
i just need to know where the provxml needs to be installed to and i think we can find a way to make it work.
Pm me if you are intrested.
Marvin_S said:
If somebody is intrested we can make a port of our app (which generates on device provxml files) available for htc devices. Ill need somebody to help me out with some testing. It works already on samsung devices on mango, file operations and stuff.
i just need to know where the provxml needs to be installed to and i think we can find a way to make it work.
Pm me if you are intrested.
Click to expand...
Click to collapse
Let us talk about that when the Samsung version is finished. I also have a HD7.
The problem is that the HTC Connection Setup deletes the custclear.provxml file after executing...
Have a nice day.
contable said:
Let us talk about that when the Samsung version is finished. I also have a HD7.
The problem is that the HTC Connection Setup deletes the custclear.provxml file after executing...
Have a nice day.
Click to expand...
Click to collapse
yes i have heard. I think we can solve this by adding a copy command to replace itself again? If we are lucky this might work. Otherwise we have to look for file transfer tools. Thank you haha i will, talk to you tomorrow.
In theory will work but once ran connection setup in mango file transfer is available via touch explorer.
Sent from Ant's HTC Mozart using XDA Windows Phone 7 App
yes, file transfer should work, if you installed the tools before the mango update. However for newer phones that do not have NoDo firmware this won't be possible anymore :/
@rudelm: That's the point of my question. I know that the HTC DLLs supposedly allow registry access, the problem is I've never seen a working example, and my skill with COM is crap.
@Marvin_S: That's a cool idea, and I can show you how to make it work even easier on HTC (I've written apps in the past that used XML provisioning on HTC; you don't even need to use Connection Setup since we have a Mango-compatible DLL to do it). The catch is that you can't use them to *read* values.
Also, I've already tried chaining the CustClear.provxml file using Connection Setup. It doesn't work - I think the file gets deleted at the end, not the start. However, HTC has a working filesystem DLL that allows moving files anyhow, so not that important. It's the registry I'm concerned about right now.
Again, if anybody has an example of working code using a ComRegRW DLL from an HTC app, please let me know!
GoodDayToDie said:
@rudelm: That's the point of my question. I know that the HTC DLLs supposedly allow registry access, the problem is I've never seen a working example, and my skill with COM is crap.
It's the registry I'm concerned about right now.
Again, if anybody has an example of working code using a ComRegRW DLL from an HTC app, please let me know!
Click to expand...
Click to collapse
It's actually simple, if you use another library here from XDA. Its called NativeLibrary and was made bei (nico)
With his code I was able to access the registry to change an entry. Basically it looked like this:
Code:
// check for HTC Device
bool isHTC = false;
isHTC = Device.IsHTC();
if (isHTC)
{
Device.Registry.SetStringValue("HKLM", "Software\\HTC\\HTC_Weather", "AppVersion", "1337");
contentTextBlock.Text = Device.Registry.GetStringValue("HKLM", "Software\\HTC\\HTC_Weather", "AppVersion");
//NativeHTCFileSystem.Init();
//NativeHTCFileSystem.GetFileSize("/My Documents/Explore Excel.xlsx", out fileSize);
}
else
{
contentTextBlock.Text = "Found no HTC Device :D";
}
He wrote a wrapper for different devices and included most of their dll files, so you don't have to handle the COM part. This is what I'm trying to understand next... But I bet its really ugly I never got the COM part running just by looking at reversed HTC or Samsung XAPs and I am still wondering how (nico) did it, but anyways: he helped me a lot with his source
If you put this code into a button listener, you need to push the button two times to display the new registry value as my textbox did not get refreshed. But thats the smallest problem here
It's not that difficult actually if you know C++, COM, and .Net COM Bridge.
There is nothing here specific to Windows Phone, it's all pretty standard stuff.
BTW, this is not how you should use my lib, as it is supposed to handle the device check for you.
I've not updated this for a long time, so I don't think it work on LG nor Mango.
Here is an example:
Code:
var registry = NativeLibrary.Device.Registry;
var currenttheme = registry.GetStringValue("HKLM", @"ControlPanel\Themes", "CurrentTheme");
GoodDayToDie said:
@rudelm: That's the point of my question. I know that the HTC DLLs supposedly allow registry access, the problem is I've never seen a working example, and my skill with COM is crap.
@Marvin_S: That's a cool idea, and I can show you how to make it work even easier on HTC (I've written apps in the past that used XML provisioning on HTC; you don't even need to use Connection Setup since we have a Mango-compatible DLL to do it). The catch is that you can't use them to *read* values.
Also, I've already tried chaining the CustClear.provxml file using Connection Setup. It doesn't work - I think the file gets deleted at the end, not the start. However, HTC has a working filesystem DLL that allows moving files anyhow, so not that important. It's the registry I'm concerned about right now.
Again, if anybody has an example of working code using a ComRegRW DLL from an HTC app, please let me know!
Click to expand...
Click to collapse
This would be nice. Do you know if there is a similar .dll for samsung? So we will not have to go into the diagnosis menu everytime?
@Marvin_S: Yes, there's a similar app for Samsung - there's already a Samsung registry editor that works with Mango. It's nto a registry *browser* of course, but it can do read and write. I used it (at least, the writing portion) in my IE Search Switcher app too.
(nico) said:
BTW, this is not how you should use my lib, as it is supposed to handle the device check for you.
I've not updated this for a long time, so I don't think it work on LG nor Mango.
Here is an example:
Code:
var registry = NativeLibrary.Device.Registry;
var currenttheme = registry.GetStringValue("HKLM", @"ControlPanel\Themes", "CurrentTheme");
Click to expand...
Click to collapse
Ah ok, that looks better
I'm currently setting up my VM to look into this c++ and com things, but I guess its more complicated than I thought. You've got some links to help me here getting started for WP7?
@Marvin_s: there are the XAP packages of Samsungs apps here on XDA. You can just rename the files to zip and unpack. Then you will have the Samsung specific DLLs
In the past, Windows has had editions for consumers that did not include Remote Desktop enabled. Usually there was a patch to enable it. Recently it has been proved how there is almost no difference between Windows 8 and Windows RT and that RT is just a port of Windows 8. So what about all the system files? They can be changed just like x86 Windows. So what about enabling Remote Desktop, so we don't need a ARM remote app that we need to unlock Windows for, and we can use what comes with Windows. In the past we modified the termsrv.dll file and changed some registry settings. I've included the Windows 8 and the Windows RT versions of termsrv.dll so that maybe some clever ones might try and crack a solution to enabling it on Windows RT.
sionicion said:
In the past, Windows has had editions for consumers that did not include Remote Desktop enabled. Usually there was a patch to enable it. Recently it has been proved how there is almost no difference between Windows 8 and Windows RT and that RT is just a port of Windows 8. So what about all the system files? They can be changed just like x86 Windows. So what about enabling Remote Desktop, so we don't need a ARM remote app that we need to unlock Windows for, and we can use what comes with Windows. In the past we modified the termsrv.dll file and changed some registry settings. I've included the Windows 8 and the Windows RT versions of termsrv.dll so that maybe some clever ones might try and crack a solution to enabling it on Windows RT.
Click to expand...
Click to collapse
termsrv is a system service and how can we use a modified termsrv.dll before we use the Jailbreak tool?maybe we can edit termsrv.dll in the memory.
We can't, I suspect. Even after jailbreaking, the lack of a signature on a system file may be a problem. It's worth a shot, though.
termsrv.dll -should- be a usermode library that would be editable after the jailbreak.
I am able to take ownership of the file and replace it. But it won't use the termsrv.dll from my windows 8… I'm almost positive it is because the dll is different depending on architecture. But it should be as easily replaceable as any system file on windows 8, am I right? I don't see why it wouldn't but I could be wrong.
Yeah, pretty much. You definitely won't be able to use the Win8 version (x86 machine code, ARM processor, not gonna fly...) but a modified version of the Windows RT version might work. Bear in mind that since modifying the DLL will invalidate the signature, this won't work if the signature validation is enforced (i.e. you'll have to jailbreak).
Should be possible using the Remote Debugging Tools or, even better, cdb. Put it in a .cmd file in autorun and voila
clrokr said:
Should be possible using the Remote Debugging Tools or, even better, cdb. Put it in a .cmd file in autorun and voila
Click to expand...
Click to collapse
Please!! Remote desktop would be awesome enabled on the Surface RT, if someone could work on it I know a lot of people would be very grateful!
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
Can you share how you managed to get the rt joined to a domain?
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
Wouldn't both methods work though? Your method works by enabling features from other editions by telling Windows that's what edition it is running. It disables it when the Software Protection service restores it to the original template according to the edition. By patching the DLL file, you could trigger Remote Desktop to work without it needing to check in with the kernel policies.
I mean unless you have a way to modify these policies without all the extra occuring, it would work. But Bitlocker and the Software Protection service getting involved...it just sounds like a lot of extra work for something much bigger in the end, and I know there must be an easier way to force Remote Desktop to work without listening to these policies because it has been done in the past.
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
I tried to enable one of the Remote Desktop vars last night, allowRemoteConnections I think it was called, but I didn't get anything from it.
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
Again, please if you were able to join an RT to the domain. Please let me know what you did. Would love to not get prompted to log in into PowerShell.
apatcas said:
Again, please if you were able to join an RT to the domain. Please let me know what you did. Would love to not get prompted to log in into PowerShell.
Click to expand...
Click to collapse
As I've already wrote - use this method: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211
1. Edit registry:
Code:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
and reboot. You will enter the setup mode. You would not see the mouse cursor in this mode, and you'll need a hardware keyboard.
2. Open this reg_binary value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductPolicy. Look for unicode string "WorkstationService-DomainJoinEnabled", it is near offset 0x4000. Look at this screenshot:
http://imageshack.us/photo/my-images/526/35796208.png/
Select the "00" byte that follows the zero byte after the 64 (64 00 == unicode "d" letter) as you see on the screenshot. Overwrite it with 01. Be careful not to insert a byte, you need to overwrite the existing byte!
3. Rename sppsvc.exe to anything else so that it would not run on boot and reset ProductPolicy ("ren sppsvc.exe sppsvc.bak")
4. Reboot. Now the option to join the domain would be available.
I have not tried to add workstation to domain myself - try that and post here. After adding to domain you may try to rename sppsvc.bak back to sppsvc.exe as otherwise you'll get the "unactivated" Windows RT. I think that this would only remove the add to domain UI, but the RT would be still domain-joined.
I've tried to edit the remote desktop settings keys - this unblocked the corresponding options in the computer settings, but I was unable to connect. Maybe this is due to absence of RDP code in terminal server service - I don't see anyone listening port 3398 though TermServer service is running.
mamaich said:
As I've already wrote - use this method: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211
1. Edit registry:
Code:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
and reboot. You will enter the setup mode. You would not see the mouse cursor in this mode, and you'll need a hardware keyboard.
2. Open this reg_binary value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductPolicy. Look for unicode string "WorkstationService-DomainJoinEnabled", it is near offset 0x4000. Look at this screenshot:
http://imageshack.us/photo/my-images/526/35796208.png/
Select the "00" byte that follows the zero byte after the 64 (64 00 == unicode "d" letter) as you see on the screenshot. Overwrite it with 01. Be careful not to insert a byte, you need to overwrite the existing byte!
3. Rename sppsvc.exe to anything else so that it would not run on boot and reset ProductPolicy ("ren sppsvc.exe sppsvc.bak")
4. Reboot. Now the option to join the domain would be available.
I have not tried to add workstation to domain myself - try that and post here. After adding to domain you may try to rename sppsvc.bak back to sppsvc.exe as otherwise you'll get the "unactivated" Windows RT. I think that this would only remove the add to domain UI, but the RT would be still domain-joined.
I've tried to edit the remote desktop settings keys - this unblocked the corresponding options in the computer settings, but I was unable to connect. Maybe this is due to absence of RDP code in terminal server service - I don't see anyone listening port 3398 though TermServer service is running.
Click to expand...
Click to collapse
Joined... Nice find.
apatcas said:
Joined... Nice find.
Click to expand...
Click to collapse
Have it remained domain-joined after restoring the original sppsvc.exe?
You have to return it back, otherwise you'll be annoyed with the activation reminders.
mamaich said:
Have it remained domain-joined after restoring the original sppsvc.exe?
You have to return it back, otherwise you'll be annoyed with the activation reminders.
Click to expand...
Click to collapse
We could possibly patch sppsvc to not check, then start the service up after jailbreaking it.
I'm honestly not sure if this would be considered piracy or not, though.
Edit: I used the program to set every value to 1 in setup mode (The latest jailbreak tool works in setup mode), and I didn't see any change for anything dealing with RDP.
Edit 2: Perhaps I shouldn't have set 'Disable' to 1. Regardless, I set it to 0 and the options popped up, but I can't get anything to go. As mamaich stated, I'm not seeing anything listening on port 3389. netstat -a -b on a desktop with it enabled says it's opened by CryptSvc, but I'm not seeing anything with CryptSvc that's not there on the tablet. That could just be netstat guessing which service running under svchost is actually running it, too.
netham45 said:
We could possibly patch sppsvc to not check, then start the service up after jailbreaking it.
I'm honestly not sure if this would be considered piracy or not, though.
Edit: I used the program to set every value to 1 in setup mode (The latest jailbreak tool works in setup mode), and I didn't see any change for anything dealing with RDP.
Edit 2: Perhaps I shouldn't have set 'Disable' to 1. Regardless, I set it to 0 and the options popped up, but I can't get anything to go. As mamaich stated, I'm not seeing anything listening on port 3389. netstat -a -b on a desktop with it enabled says it's opened by CryptSvc, but I'm not seeing anything with CryptSvc that's not there on the tablet. That could just be netstat guessing which service running under svchost is actually running it, too.
Click to expand...
Click to collapse
I think we must hack the dll file.But I find when I edit a byte in the dll,the service was not able to start.
apatcas said:
Joined... Nice find.
Click to expand...
Click to collapse
So is it true? that your device stays domain-joined after you restore sppsvc.exe?
@ Netham45, you could try to open up W81x86 termsrv.dll and go to these hex locations to find out what functions needed patching.
Hashes
File: W81x86\termsrv.dll
CRC-32: 202cd912
MD4: a879d39b8fbcd968b525af05a66aaf2c
MD5: 7a8e1158291cf4c8d8474a2091b9bf6d
SHA-1: e10028b074d24605e05b5e0bafd42f6a93ac01ad
1550F-15520
17428
A1B29
Then go into WinRT termsrv.dll, jump to those functions by name (because offsets will be different between x86 and RT) and Jmp or Nop as needed for WinRT. Afterwords it could be added via CDB / KD on-the-fly.
Hi!
I've been using Xposed for a long time and now i started to make Xposed modules, but it seems i'm doing something wrong because hooked methods' hooks never gets called.
What did i done?
-disabled instant run
-written code (you can check it here)
-created assets folder beside java and res and put here the xposed_init file (and i've written com.mpeter.asd.Tutorial in it)
-installed app to phone
-enabled module (framework is already enabled)
-rebooted
-searched for mistakes
-searched for the log - no errors (in Android Studio "Logcat" menu i filtered for "xposed:") (ok, there were errors, but they are coming from an other module)
-lost my hair
Interesting that when i tried to hook a class or a method which didn't exist in the package i wanted to hook to than i got the errors, but now i dont get any.
Hi! I recently searched some time for the xposed logs via adb logcat, too...
Check out the Logs Tab in the XposedModuleInstaller UI.
Maybe you will find your missing information there.
Good luck!
MPeti1 said:
Hi!
I've been using Xposed for a long time and now i started to make Xposed modules, but it seems i'm doing something wrong because hooked methods' hooks never gets called.
What did i done?
-disabled instant run
-written code (you can check it here)
-created assets folder beside java and res and put here the xposed_init file (and i've written com.mpeter.asd.Tutorial in it)
-installed app to phone
-enabled module (framework is already enabled)
-rebooted
-searched for mistakes
-searched for the log - no errors (in Android Studio "Logcat" menu i filtered for "xposed:") (ok, there were errors, but they are coming from an other module)
-lost my hair
Interesting that when i tried to hook a class or a method which didn't exist in the package i wanted to hook to than i got the errors, but now i dont get any.
Click to expand...
Click to collapse
Try this.
Code:
if (!lpparam.packageName.equals("com.john.xmessengerprivacypremium")
&& !lpparam.packageName.equals("com.mpeter.asd"))
return;
This is equivalent to
Code:
!(lpparam.packageName.equals("com.john.xmessengerprivacypremium")
|| lpparam.packageName.equals("com.mpeter.asd"))
Note how I changed || to && (De Morgan's laws). The code below never got executed, as the packageName couldn't have two different values at once.
Edit: just noticed this was several months old so you've probably already fixed it, but leaving this here in case anyone needs it.