My Application can be running in PocketPC2000 successful,But can not running in SmartPhone2000 ,who can tell me what's wrong?
In smartPhone ,ShowLastError=2 and RIL Handle=0; why?
(Full SourceCode in http://www.xda-developers.com/RIL/tstril.zip)
///////////////////////////////////Function//////////////
DWORD DoRIL(LPVOID lpvoid)
{
HRESULT result;
DWORD dwNotificationClasses = 0xFF0000;
LRESULT lresult;
TCHAR szString[256];
SendMessage(g_hwndEdit, LB_RESETCONTENT, 0, 0);
lresult = SendMessage(g_hwndEdit, LB_GETHORIZONTALEXTENT, 0, 0);
SendMessage(g_hwndEdit, LB_SETHORIZONTALEXTENT, 1000, 0);
result = RIL_Initialize(1, ResultCallback, NotifyCallback,
dwNotificationClasses, g_dwParam, &g_hRil);
DWORD ShowLastError=GetLastError();
wsprintf(szString, L"RIL Handle: %08X,result %08X Error:%d", g_hRil, result,ShowLastError);
SendMessage(g_hwndEdit, LB_ADDSTRING, 0, (LPARAM) szString);
while(1) {
Sleep(100);
//wsprintf(szString, L"%s",L"...");
//SendMessage(g_hwndEdit, LB_ADDSTRING, 0, (LPARAM) szString);
}
return 0;
}//////////////////////////
Perhaps it is a certificate problem,
In EVC with target "Smartphone 2002", choose "Settings" and in the "Security" Tab, select "Configure device to trust signed applications" and the "Privileged Certificate Store" button
If the "Security" tab don't exists, reinstalls the "Smartphone 2002" SDK
Thank you,may be you are right,I changed my smartphone to another one,it's work fine
artur said:
Perhaps it is a certificate problem,
In EVC with target "Smartphone 2002", choose "Settings" and in the "Security" Tab, select "Configure device to trust signed applications" and the "Privileged Certificate Store" button
If the "Security" tab don't exists, reinstalls the "Smartphone 2002" SDK
Click to expand...
Click to collapse
Have you unlock your device, iif your DLL works in a SPV the problem comes from your device, mainly the loperator certificate.
Related
Hi,
I have written a litte application (eMbedded Visual C++) for Pocket PC 2002
to copy an exe-file from the root-directory to the startmenu-directory.
It seems to work fine, but when I start the copied application (the exe-file) I get the message
"... is not a valid Pocket PC application"
What is wrong with this applcation?
Or does anyone know how to call Copy from an Pocket PC application directly?
Here is the code:
// Setup.cpp : Defines the entry point for the application.
//
#include "stdafx.h"
#define SOURCEFILE_NAME "\\banking.exe"
#define DESTINATIONFILE_NAME "\\Windows\\Start Menu\\banking.exe"
#define DESTINATIONFILE_NAME_GERMAN "\\Windows\\Startmenü\\banking.exe"
int WINAPI WinMain( HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
// TODO: Place code here.
BOOL german = FALSE;
FILE *file = 0;
FILE *rfile = 0;
rfile = fopen (SOURCEFILE_NAME, "rb");
if (!rfile)
{
MessageBox (0, TEXT("Error"), TEXT("Setup"), MB_TOPMOST);
return 1;
}
file = fopen (DESTINATIONFILE_NAME_GERMAN, "wb");
if (!file)
file = fopen (DESTINATIONFILE_NAME, "wb");
else
german = TRUE;
if (file)
{
char buffer [1000];
size_t num_read = 0;
size_t num_written = 0;
size_t num_read_tot = 0;
size_t num_written_tot = 0;
do
{
num_read = fread (buffer, sizeof (char), 1000, rfile);
if (feof(rfile))
break;
num_read_tot += num_read;
if (num_read > 0)
{
num_written= fwrite (buffer, sizeof (char), num_read, file);
num_written_tot += num_written;
}
else
break;
} while (1);
fclose (file);
}
fclose (rfile);
DWORD attr = 0;
BOOL rc = 0;
attr = GetFileAttributes (TEXT(SOURCEFILE_NAME));
if (german)
rc = SetFileAttributes (TEXT(DESTINATIONFILE_NAME_GERMAN), attr);
else
rc = SetFileAttributes (TEXT(DESTINATIONFILE_NAME), attr);
MessageBox (0, TEXT("Ready"), TEXT("Setup"), MB_TOPMOST);
return 0;
}
// END
Hello,
You are trying to reinvent the wheel by copying yourself the info from the file. Use the CopyFile function.
But your error
"... is not a valid Pocket PC application"
Click to expand...
Click to collapse
has probably appeared for another reason...
You should also look at SHFileOperation
It's not a good idea to copy *.exe files to start menu...
Create a shortcut with CECreateShortcut(...) instead.
If this is part of a application setup (in a cab file) just create the shortcut with the build in features:
...
[DefaultInstall]
...
CEShortcuts = Shortcuts
...
[Shortcuts]
BankingMenuText,0,banking.exe
...
John
John,
thank you for your comment.
Perhaps you ore someone else can tell me how to create a shortcut (for the banking.exe) from a Pocket PC - application ?
(The background is as follows:
I want to deliver my banking-application on SD-Card;
a little setup-application on the SD-Card copies the banking.exe from SD-Card into the program-directory of the Pocket PC.
And last but not least this setup-application shoult insert a shortcut for the copied banking.exe in the Start Menu.
OK,
cabwiz.exe does exactly the job.
One open question:
How can I achieve, that after executing the cab-file is N O T deleted?
Create Shortcut with SHCreateShortcut.
Not deleting cab file : mark it as read-only on the desktop (before copying) 8)
This may be better served in the development and hacking forum. Mods please move?
I am trying to hook the keybd_event API in the keypad. I have found the address of the import entry for keybd_event in the keypad.dll's IAT. I have done so by disassembling the keypad.dll and finding the offset from an exported function to that IAT entry. At runtime, I have added my own service (in order to get my dll loaded into services.exe). When loaded, I use GetModuleHandle and GetProcAddress to find that exported function then use the known offset to find the IAT entry. I have verified that I have the right memory location by comparing the pointer to the module's location using remote process viewer.
The problem is that I cannot read from or write to the IAT. My code crashes when I try. IsBadReadPtr and IsBadWritePtr tell me that I cant read or write to this memory location. Even a call to VirtualProtect to set it to PAGE_EXECUTE_READWRITE will not work. The call fails. How can I get access to this memory?
This simple test code exe shows that all the memory in the code section of keypad.dll is writeable. As soon as I hit section 2 which contains the IAT The call starts failing. Once I hit section 3 it succeeds again (the hard coded PID and address come from remote process viewer and my service dll; I debugged to find where the read calls fail).
Code:
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow)
{
DWORD PID = 239927214, addr = 2061766572, read = 0, sz = 0;
HANDLE pr;
BOOL ans1;
_SetKMode SetKMode;
SetKMode = (_SetKMode)GetProcAddress(GetModuleHandle(L"coredll.dll"), L"SetKMode");
ans1 = SetKMode(true);
pr = OpenProcess(0, 0, PID);
while(ReadProcessMemory(pr, (LPVOID)addr, &read, 4, &sz))
addr++;
while(!ReadProcessMemory(pr, (LPVOID)addr, &read, 4, &sz))
addr++;
while(ReadProcessMemory(pr, (LPVOID)addr, &read, 4, &sz))
addr++;
//ans4 = WriteProcessMemory(pr, ptr2, &mkep, 4, &p4);
CloseHandle(pr);
return 0;
}
What do I need to do to get access? Calls to VirtualProtect and SetKMode do nothing. Any ideas? Thanks!
Nevermind! It seems I was not modifying the correct location. I was trying to modify the table that simply lists imports. I found where the actual function pointer is stored.
i need an app to establish a gprs/edge connection because of a firmware bug of my mobile.
i own a meizu m8 (www.meizume.com) running windows ce 6 with a gui made by meizu.
i am not able to find any app on the net to make this so i try to make it myself.
it is my first .net cf app. i am java coder since 10 years.
i am now able to read the ras-book from the registry. i can copy entrys and edit them. but
i am not able to connect.
here is my code:
Code:
BOOL MakeRasDial (HWND hDlgWnd)
{
BOOL bPassword;
DWORD dwError;
TCHAR szBuffer[100];
// Set hRasConn to NULL before attempting to connect.
hRasConn = NULL;
// Initialize the structure.
memset(&RasDialParams, 0, sizeof(RASDIALPARAMS));
RasDialParams.dwSize = sizeof(RASDIALPARAMS);
// RasDialParams.szPhoneNumber[0] = TEXT('\0');
// RasDialParams.szCallbackNumber[0] = TEXT('\0');
wsprintf(RasDialParams.szEntryName, TEXT("Desktop @ 115200"));
wsprintf(RasDialParams.szUserName, TEXT("[email protected]"));
wsprintf(RasDialParams.szPassword, TEXT("ppp"));
wsprintf(RasDialParams.szDomain, TEXT("a1.net"));
// Try to establish a RAS connection.
if ((dwError = RasDial (
NULL, // Extension is not supported in Windows CE
NULL, // Phone book is in the registry
&RasDialParams, // RAS configuration for the connection
0xFFFFFFFF, // Must use this value for Windows CE
hDlgWnd, // Window receives the notification message
&hRasConn)) != 0) // Connection handle
{
printf("Could not connect using RAS. Error %x",dwError);
wsprintf (szBuffer, TEXT("Could not connect using RAS. Error %x"),
dwError);
MessageBox (hDlgWnd, szBuffer, szTitle, MB_OK);
return FALSE;
}
wsprintf (szBuffer, TEXT("Dialing %s..."), szRasEntryName);
// Set the dialing dialog box window name to szBuffer.
SetWindowText (hDlgWnd, szBuffer);
return TRUE;
}
but i get "Could not connect using RAS. Error 260" when i try to connect.
i do not find anyrhing about ras error 260 with google.
any ideas?
Hi there,
I'm having a big issue, when trying to remove an XElement from an XML file created in IsolatedStorage.
--------------------------------------------------------------------------------------------
Code to CREATE the XML file
Dim File_to_Create As String = "Tracks.xml"
Dim file As XDocument = <?xml version="1.0" encoding="UTF-8"?>
<dataroot xmlnsd="urn:schemas-microsoft-comfficedata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="Cartridges.xsd" generated="2010-11-23T14:26:55">
<Carts>
<CART_NAME>First</CART_NAME>
<CART_COLOR>White</CART_COLOR>
</Carts>
<Carts>
<CART_NAME>Second</CART_NAME>
<CART_COLOR>Black</CART_COLOR>
</Carts>
</dataroot>
Dim isoStore As IsolatedStorageFile = IsolatedStorageFile.GetUserStoreForApplication()
Try
If isoStore.FileExists(File_to_Create) Then
MessageBox.Show(File_to_Create + " TRUE")
Else
MessageBox.Show(File_to_Create + " FALSE")
Dim oStream As New IsolatedStorageFileStream(File_to_Create, FileMode.Create, isoStore)
Dim writer As New StreamWriter(oStream)
writer.WriteLine(file)
writer.Close()
MessageBox.Show("OK")
End If
Catch ex As Exception
MessageBox.Show(ex.Message)
Finally
'open selected file
Dim isoStream As IsolatedStorageFileStream
isoStream = New IsolatedStorageFileStream(File_to_Create, System.IO.FileMode.Open, System.IO.FileAccess.Read, isoStore)
Dim XML_File As XDocument = XDocument.Load(isoStream)
Dim Cart_Query As System.Collections.IEnumerable = From query In XML_File.Descendants("Carts") Order By _
CStr(query.Element("CART_NAME")) Descending, CStr(query.Element("CART_NAME"))
Select New Class_Cartridge_Data With {.Cart_Name = CStr(query.Element("CART_NAME")), _
.Cart_Color = CStr(query.Element("CART_COLOR"))}
Me.ListBox_Cartridges.ItemsSource = Cart_Query
isoStore.Dispose()
isoStream.Close()
End Try
--------------------------------------------------------------------------------------------
Code to ADD / EDIT XElement
Dim File_to_Create As String = "Tracks.xml"
Dim XML_IsolatedStorage = IsolatedStorageFile.GetUserStoreForApplication()
' Check that the file exists if not create it
If Not (XML_IsolatedStorage.FileExists(File_to_Create)) Then
Return
End If
Dim XML_StreamReader As New StreamReader(XML_IsolatedStorage.OpenFile(File_to_Create, FileMode.Open, FileAccess.Read))
Dim XML_Document As XDocument = XDocument.Parse(XML_StreamReader.ReadToEnd())
XML_StreamReader.Close()
' Update the element if it exist or create it if it doesn't
Dim XML_XElement As XElement = XML_Document.Descendants("Carts").Where(Function(c) c.Element("CART_NAME").Value.Equals("First")).FirstOrDefault()
If XML_XElement IsNot Nothing Then
XML_XElement.SetElementValue("CART_NAME", "Third")
Else
' Add new
Dim newProgress As New XElement("Cartridges", New XElement("CART_NAME", "Fourth"), New XElement("CART_COLOR", "Blue"))
Dim rootNode As XElement = XML_Document.Root
rootNode.Add(newProgress)
End If
Using XML_StreamWriter As New StreamWriter(XML_IsolatedStorage.OpenFile(File_to_Create, FileMode.Open, FileAccess.Write))
XML_StreamWriter.Write(XML_Document.ToString())
XML_StreamWriter.Close()
End Using
--------------------------------------------------------------------------------------------
Now my issue and request for some help!
If I use
XML_XElement.Remove
then the following exception is raised whenever I try to "refresh" the bounded ListBox
System.Xml.XmlException was unhandled
LineNumber=37
LinePosition=12
Message=Data at the root level is invalid. Line 37, position 12.
SourceUri=""
StackTrace:
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.Throw(Int32 res, String resString, String[] args)
at System.Xml.XmlTextReaderImpl.Throw(Int32 res, String resString)
at System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.Linq.XContainer.ReadContentFrom(XmlReader r)
at System.Xml.Linq.XContainer.ReadContentFrom(XmlReader r, LoadOptions o)
at System.Xml.Linq.XDocument.Load(XmlReader reader, LoadOptions options)
at System.Xml.Linq.XDocument.Load(Stream stream, LoadOptions options)
at System.Xml.Linq.XDocument.Load(Stream stream)
at ListBox_Data_from_XML_LINQ.MainPage.Button_Create_XML_Click(Object sender, RoutedEventArgs e)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(MouseButtonEventArgs e)
at System.Windows.Controls.Control.OnMouseLeftButtonUp(Control ctrl, EventArgs e)
at MS.Internal.JoltHelper.FireEvent(IntPtr unmanagedObj, IntPtr unmanagedObjArgs, Int32 argsTypeIndex, String eventName)
InnerException:
--------------------------------------------------------------------------------------------
In short, I can add or edit, but cannot DELETE an XElement...
Any ideas?
Thanks in advance!
Can you post the code you are using for XElement.Remove and use code tags so the formatting is right. Its the # button on the post toolbar.
Ren13B said:
Can you post the code you are using for XElement.Remove and use code tags so the formatting is right. Its the # button on the post toolbar.
Click to expand...
Click to collapse
Well, I did nothing special, just the XML_Element.remove, instead of adding a new xelement.
Then the error raises whenever I try to reopen the XML file.
My point is, how can I delete an specific xelement?
As far as I know, the following code should work
Code:
Dim XML_XElement As XElement = XML_Document.Descendants("Carts").Where(Function(c ) c.Element("CART_NAME").Value.Equals("First")).Firs tOrDefault()
If XML_XElement IsNot Nothing Then
XML_XElement.SetElementValue("CART_NAME", "Third")
Else
' remove the selected record
XML_XElement.Remove
End If
Honestly I don't know if the foregoing code is correct or if the issue is related to how WP7 handles the removal thus corrupting the original file.
Please let me know if you need anything else.
Any help is very appreciated!
PS: Thanks for the other replies, helped a lot!
Here's how I did it in c#. My xml file is very different than yours so the query will be different but the important parts are where you load and close the file streams and then write.
Code:
//Get users private store info
IsolatedStorageFile isoStore = IsolatedStorageFile.GetUserStoreForApplication();
IsolatedStorageFileStream isoStream;
//open selected file
isoStream = new IsolatedStorageFileStream(list, System.IO.FileMode.Open, System.IO.FileAccess.Read, isoStore);
XDocument xml = XDocument.Load(isoStream);
isoStream.Close();
//Find section
XElement sectionElement = xml.Descendants("section").Where(c => c.Attribute("name").Value.Equals(groupn)).FirstOrDefault();
//Find item and remove it
sectionElement.Elements("setting").Where(c => c.Attribute("name").Value.Equals(litem)).FirstOrDefault().Remove();
isoStream.Close(); //Seems unnecessary but it's needed.
//Write xml file
isoStream = new IsolatedStorageFileStream(list, FileMode.Create, FileAccess.Write, isoStore);
xml.Save(isoStream);
isoStream.Close();
Thanks again for your help, greatly appreciated.
However I'm still getting the same error.
Sorry for asking, but are you getting any errors when deleting in WP7 ?
My knowledge on XML is extremely new and I'm sure that I'm making some mistakes somewhere...
But so far, I cannot get past the same exception.
Seems that the XML gots "corrupted" after the delete operation.
On the other hand, if is not too much to ask for, using my current code, how will handle the delete of the selected record?
Thanks!
I have no problem at all removing elements in c#. I don't have vb support even installed right now. If you think it's a bug you should post on the forums at http://forums.create.msdn.com/forums/98.aspx
Ren13B said:
I have no problem at all removing elements in c#. I don't have vb support even installed right now. If you think it's a bug you should post on the forums at http://forums.create.msdn.com/forums/98.aspx
Click to expand...
Click to collapse
Problem is my country is not listed so I cannot register...
Here is the C# version of my current code for adding/editing
Code:
public static void ADD_XML_Record()
{
string File_to_Create = "Tracks.xml";
var XML_IsolatedStorage = IsolatedStorageFile.GetUserStoreForApplication();
// Check that the file exists if not create it
if (! (XML_IsolatedStorage.FileExists(File_to_Create)))
{
return;
}
StreamReader XML_StreamReader = new StreamReader(XML_IsolatedStorage.OpenFile(File_to_Create, FileMode.Open, FileAccess.Read));
XDocument XML_Document = XDocument.Parse(XML_StreamReader.ReadToEnd());
XML_StreamReader.Close();
// Update the element if it exist or create it if it doesn't
XElement XML_XElement = XML_Document.Descendants("Carts").Where((c) => c.Element["CART_NAME"].Value.Equals("dd")).FirstOrDefault();
if (XML_XElement != null)
{
XML_XElement.SetElementValue("CART_NAME", "bbbbb");
}
else
{
// Add new
XElement newProgress = new XElement("Carts", new XElement("CART_NAME", "dd"), new XElement("CART_COLOR", "ff"));
XElement rootNode = XML_Document.Root;
rootNode.Add(newProgress);
}
using (StreamWriter XML_StreamWriter = new StreamWriter(XML_IsolatedStorage.OpenFile(File_to_Create, FileMode.Open, FileAccess.Write)))
{
XML_StreamWriter.Write(XML_Document.ToString());
XML_StreamWriter.Close();
}
}
I tried your code but I'm having a bad time making it to work.
If not a big deal, please could you tell me how to modify it ?
I mean, if a record is found, instead of editing, to remove it?
Honestly I'm stuck and any help is more than apprecisted!
Ren13B said:
I have no problem at all removing elements in c#. I don't have vb support even installed right now. If you think it's a bug you should post on the forums at http://forums.create.msdn.com/forums/98.aspx
Click to expand...
Click to collapse
Ren,
Just to say thank you for your last code. I made a little mod and now it works ok!
Thanks a lot for helping me out!
Us T-Mobile users cannot flash Roms at the minute because the download mode button combo has been disabled.
Maybe there is a way to do this programatically or use a resistor accross certain USB pins like the Galaxy S method.
What's your opinion on this?
Sent from my OMNIA7 using Board Express
Yesterday I wasted some time playing around with the USB diagnostic port (enable in the Diagnosis app, it's the third USB mode option). Both PSAS and QPST can connect to and mess with the phone, so I think if someone knows his way around, the phone can be kicked into Download Mode.
(I only managed to crash the phone in many different ways, but I was really just monkeying around.)
If this can be done it would be great as this is the first phone I have owned where I cannot flash firmware myself.
Might be worth while seeing if everyone with a tmobile uk branded omnia 7 has this issue?
FYI I have included my firmware versions etc so we can try and collate a list of working/non working ones to see what the differences are if any.
os version 7.0.7004.0
firmware revision number 2424.10.10.6
hardware revision number 3.15.0.4
radio software version 2424.10.10.6
radio hardware version 0.0.0.800
bootloader version 4.10.1.9
chip soc version 0.36.2.0
KarmaXXK said:
Yesterday I wasted some time playing around with the USB diagnostic port (enable in the Diagnosis app, it's the third USB mode option). Both PSAS and QPST can connect to and mess with the phone, so I think if someone knows his way around, the phone can be kicked into Download Mode.
(I only managed to crash the phone in many different ways, but I was really just monkeying around.)
Click to expand...
Click to collapse
Yes, I tried the *#7284# code and changed the USB Path Control to "Modem, USB Diag" and my phone was recognised by the ROM Downloader but the phone was not in download mode.
I have stumbled upon something which may be what we are looking for though, after reverse engineering the Samsung Diagnosis app I notice there are codes to access 'Operator Specific' Admin areas in the app. Take a look at the attached image.
Now as you can see, the values listed cannot be typed into the Diagnosis app as there is a formula to decipher them. I have the formula but cannot get it to work.
Code:
Private Overloads Function GetHashCode(ByVal str As String) As UInteger
Dim num As UInteger = 0
For i As Integer = 0 To str.Length - 1
[B]num = ((num << 5) + num) + str(i)[/B]
Next
Return num
End Function
Now the bit highlighted in bold is the bit I cant get to work.
It gives the following error:
Operator '+' is not defined for types 'UInteger' and 'Char'.
Once someone can help to get this working, reversing the formula should in theory show us the correct *#000# code combination for each area.
Fingers crossed you can crack it!
lyriquidperfection said:
Yes, I tried the *#7284# code and changed the USB Path Control to "Modem, USB Diag" and my phone was recognised by the ROM Downloader but the phone was not in download mode.
I have stumbled upon something which may be what we are looking for though, after reverse engineering the Samsung Diagnosis app I notice there are codes to access 'Operator Specific' Admin areas in the app. Take a look at the attached image.
Now as you can see, the values listed cannot be typed into the Diagnosis app as there is a formula to decipher them. I have the formula but cannot get it to work.
Code:
Private Overloads Function GetHashCode(ByVal str As String) As UInteger
Dim num As UInteger = 0
For i As Integer = 0 To str.Length - 1
[B]num = ((num << 5) + num) + str(i)[/B]
Next
Return num
End Function
Now the bit highlighted in bold is the bit I cant get to work.
It gives the following error:
Operator '+' is not defined for types 'UInteger' and 'Char'.
Once someone can help to get this working, reversing the formula should in theory show us the correct *#000# code combination for each area.
Click to expand...
Click to collapse
I worked on this few days ago, I couldn't reverse the hash function but we had some brilliant ideas how to do it (see the stackoverflow thread about it http://stackoverflow.com/questions/4523553/reversing-a-hash-function)
but I used brute force and extracted some 60 diagnosis codes that you can find here http://www.martani.net/2010/12/windows-7-hacks-all-diagnosis-codes-you.html
and here http://www.martani.net/2010/12/windows-7-hacks-all-diagnosis-codes-you_26.html
This is great stuff martani if there is any way to decipher these ones, they may be worth looking at:
g_ADMIN_GENERIC = 3370684588
g_ADMIN_TMOBILE = 469486183
g_ADMIN_VODAFONE = 474092301
These ones indeed look very interesting and may offer a way to enable ADC or even the Download Mode some people like me have been looking for.
lyriquidperfection said:
This is great stuff martani if there is any way to decipher these ones, they may be worth looking at:
g_ADMIN_GENERIC = 3370684588
g_ADMIN_TMOBILE = 469486183
g_ADMIN_VODAFONE = 474092301
These ones indeed look very interesting and may offer a way to enable ADC or even the Download Mode some people like me have been looking for.
Click to expand...
Click to collapse
Actually the code is a little misleading, if you see closely, the enum HashCodeTable is used nowhere.
The app waits for user input, after each "tap" on a number it calls the function ParseDial() that hashes the input with GetHashCode then calls the function GetEnumFromList() on this hashed value.
In GetEnumFromList, there is no use of HashCodeTable and even the codes you provided are not hard-coded in this function. I am not sure why they are there but as far as I can tell, to access these parts of the diagnosis app, you need another method than dialing a code it seems
martani said:
Actually the code is a little misleading, if you see closely, the enum HashCodeTable is used nowhere.
The app waits for user input, after each "tap" on a number it calls the function ParseDial() that hashes the input with GetHashCode then calls the function GetEnumFromList() on this hashed value.
In GetEnumFromList, there is no use of HashCodeTable and even the codes you provided are not hard-coded in this function. I am not sure why they are there but as far as I can tell, to access these parts of the diagnosis app, you need another method than dialing a code it seems
Click to expand...
Click to collapse
Damn it! Looks like we are back to square one!
Have you seen also on the Samsung Galaxy S the Download mode is disabled on some devices, but some users made a jig where you bridge 2 pins with a certain resistor and it knocks the phone into download mode. Maybe this would work on the Omnia 7 also????
I am hoping for a software based fix rather than hacking together something.
**ALL** diagnostic codes for SAMSUNG devices
I reverse engineered the Diagnostic Menu Application. It contains a list of configuration "Titles" with corresponding hash-codes. I made a tool to reverse the hash-codes to dial-codes. The dial-codes may not be the same as some codes that were already known, but the dial-codes are absolutely correct for these menu. Differences are due to hash-collisions (same hash-code may have multiple possible dial-codes). I just used the shortest dial-codes for every menu.
The list of menu's is very long and I discovered that not all menu-codes were not actually implemented. I guess this list of codes is used for all Samsung devices (possibly also for Galaxy S and older Windows Mobile devices). So not all dial-codes may actually work on your device.
WARNING!! The menu's can configure low-level settings of your phone. And if you don't know what you're doing you may brick your device or maybe hard-reset the device and loose all your data and settings. Or you may faulty calibrate your sensors. Be very, very careful with experimenting!! I will not take any responsibility for damaging your device in any way.
I would personally be very interested if anyone finds a way to get the device in download-mode by using these menu's (I have a bad bootloader which does not let my Samsung Omnia 7 go into download-mode to flash it to a newer firmware).
By the way: the admin menu's are NOT implemented on the Omnia 7 :-(
This is the list with menu-titles, dial-codes and their hashcode:
Code:
FTAMain = 15 (0x686)
QUALCOMM TEST = *09# (0x17DB96)
TMOServiceMenu = *74*# (0x31710C2)
SMDINFO = *#03# (0x30C0953)
SIMPLE FUNCTION TEST = *#05# (0x30C0995)
IMEI NUMBER = *#06# (0x30C09B6)
VIEWHISTORYNW = *#07# (0x30C09D7)
LCDTEST = *#0*# (0x30C082A)
QWERTYTEST = *#1*# (0x30C0C6B)
BATT TEST = *#2*# (0x30C10AC)
BRIGHTNESS TEST = *#3*# (0x30C14ED)
TouchDelta 80 = *#80# (0x30C2AF8)
LIGHTTEST = *#12*# (0x648DBCDD)
BTLOGDUMP = *#232# (0x648E4E87)
WIFI FACTORY TEST = *#526# (0x648FEFED)
RILNETLOG = *#638# (0x649080D1)
RILDUMP = *#745# (0x64911110)
VPHONE770 = *#770# (0x64911D2E)
VPHONE771 = *#771# (0x64911D4F)
VPHONE772 = *#772# (0x64911D70)
VPHONE773 = *#773# (0x64911D91)
VPHONE774 = *#774# (0x64911DB2)
VPHONE775 = *#775# (0x64911DD3)
VPHONE776 = *#776# (0x64911DF4)
VPHONE777 = *#777# (0x64911E15)
VPHONE778 = *#778# (0x64911E36)
VPHONE779 = *#779# (0x64911E57)
SR TEST = *#780# (0x6491216F)
VT DUMP = *#938# (0x649225F4)
Disable Testbed = #12358# (0xFC28BE89)
Enable Testbed = *12358# (0x170067D0)
DEBUGMODE1 = *#0011# (0xF63246F2)
BATTERYINFO = *#0228# (0xF63364DC)
PHONELOOPBACKTEST = *#0283# (0xF6337DBD)
AUDIOTEST2 = *#0289# (0xF6337E83)
FMRADIORX = *#0368# (0xF6340241)
LIGHTSENSORTEST = *#0589# (0xF63523A6)
RRCVERSION = *#0599# (0xF63527E7)
AUDIOTEST = *#0673# (0xF635AB00)
SOUNDTEST = *#0675# (0xF635AB42)
RTC = *#0782# (0xF6363B81)
DEVICETEST = *#0842# (0xF636B6DE)
ILLUMINATIONTEST = *#0843# (0xF636B6FF)
MultiTouch = *#0987# (0xF63754E8)
SWversionFTA = *#1111# (0xF644EBD4)
MOUSETEST = *#121*# (0xF645774E)
SWversionEx = *#1234# (0xF645811A)
MOUSECAL = *#123*# (0xF6457FD0)
MOUSECAL06 = *#126*# (0xF6458C93)
GPSTEST = *#1575# (0xF6473762)
MICROUSB TEST = *#1793# (0xF6485864)
HWversionFTA = *#2222# (0xF6579518)
BANDSELECTION = *#2263# (0xF657A63D)
PHONEDUMP = *#2454# (0xF658BADF)
CAMERAUPDATE = *#2470# (0xF658C2DD)
CAMERADISABLE = *#2480# (0xF658C71E)
NAVIKEY TEST = *#2486# (0xF658C7E4)
INTEGRITY = *#2580# (0xF659537F)
TouchFirmare 2663 = *#2663# (0xF659D7C1)
TouchDelta 2664 = *#2664# (0xF659D7E2)
TouchDelta 2665 = *#2665# (0xF659D803)
RILNETLOG OFF = *#6380# (0xF6A09CC1)
RILNETLOG ON = *#6381# (0xF6A09CE2)
NETLOCK NETWORK = *#6955# (0xF6A3DAE9)
USBPATHCHANGE = *#7284# (0xF6B22965)
POWERONATTACH = *#7298# (0xF6B22E2A)
SELF DIAGNOSTIC MODE = *#7353# (0xF6B2A8E2)
DebugOption = *#7450# (0xF6B334E0)
ERROR REPORT ON = *#7451# (0xF6B33501)
ERROR REPORT VERIFY = *#7452# (0xF6B33522)
NETLOCK SERVICE = *#7755# (0xF6B4DAA8)
VPHONE DISABLED = *#77*0# (0xF6B4AB38)
VPHONE ENABLED = *#77*1# (0xF6B4AB59)
UARTCHANGER = *#9090# (0xF6D54562)
DEBUGDUMP = *#9900# (0xF6DA0E82)
PILEDUMP = *#9901# (0xF6DA0EA3)
NETLOG LOG START = *#9905# (0xF6DA0F27)
DEBUG RIL DUMP = *#9906# (0xF6DA0F48)
ERRORREPCAB INSTALL = *#9907# (0xF6DA0F69)
GUMITEST3G CAB INSTALL = *#9908# (0xF6DA0F8A)
SUWON3G CAB INSTALL = *#9909# (0xF6DA0FAB)
UARTPATH = *#9910# (0xF6DA12C3)
BATTERYMONITOR = *#9911# (0xF6DA12E4)
CONNECTION SETTING = *#9920# (0xF6DA1704)
VERIFYCOMPARE = *#9990# (0xF6DA34CB)
YSSHINTEST = *#9999# (0xF6DA35F4)
VersionScript = 19104#2* (0xD21FC43E)
BLUETOOTH LOG DISABLE = 20652609 (0x1598F3DE)
BLUETOOTH LOG ENABLE = 20652619 (0x1598F3FF)
BT SSPDEbugModeEnable = 20652629 (0x1598F420)
BT SSPDEbugModeDisable = 20652639 (0x1598F441)
OMADMCLIENT LOG DISABLE = 20653609 (0x1599803F)
OMADMCLIENT LOG ENABLE = 20653619 (0x15998060)
CELOG LOG DISABLE = 20654609 (0x159A0CA0)
CELOG LOG ENABLE = 20654619 (0x159A0CC1)
TOTALCALLTIME = 2934331* (0xC35403F3)
RESET CUSTOM = 35180948 (0x77496B66)
RESET FACTORY = 35190718 (0x775B7B02)
ERASE IMEIITEM = 35190728 (0x775B7B23)
IMEI ADJUST = 35190738 (0x775B7B44)
BLUETOOTH RF TEST = 3##65*88 (0xECE73A9E)
BLUETOOTH AUDIO TEST = 3##65*98 (0xECE73ABF)
AutoSimSetting = 40*047#3 (0xD1C556DF)
PVKKey = 40*549#3 (0xD21FD9E6)
RESET FACTORY WITHDEFAULTLANGUAGE = 76264513 (0x777E1362)
NONSLEEPCALL OFF = *#069*0# (0xBCEBFF49)
NONSLEEPCALL ON = *#069*1# (0xBCEBFF6A)
LEDTEST = *#14789# (0xBF1C1ADD)
DMSessionInit = *#15428# (0xBF2C7494)
CIPHERING = *#32489# (0xC3A095FA)
CAMERAUPDATESVC = *#32589# (0xC3A1225B)
LOGDUMPMGR = *#33284# (0xC3B19514)
SR DISABLED = *#780*0# (0xCD5F5D49)
SR ENABLED = *#780*1# (0xCD5F5D6A)
NETLOCK SUBSET = *#78255# (0xCD60A57B)
LAUNCH UAEDIT = *#92782# (0xD1A12DFC)
PdaBuildTime = *#99820# (0xD2204C1C)
VersionTime = *#99821# (0xD2204C3D)
WIFI TEST = 0373385#6 (0xECE73BA6)
EN LOCK NW = 074578132 (0xBBF27D35)
GCFTESTMODE ENTER = 086#58023 (0x1807BAE3)
FILE SYSTEM TEST = 089559715 (0x28F3F681)
AUDIOGAINCONTROL = 08#766104 (0x902D68E3)
DIS LOCK SUB NW = 17#991#3* (0x1D45A6AE)
PVKFileName = 18*357#25 (0x161B193C)
EN LOCK SUB NW = 193582504 (0xBC073A15)
GPSTESTTOOL = 1#8865#55 (0xF61EC09C)
EN LOCK CORP = 1*0273411 (0xF62C007D)
EN LOCK SVC = 1*0278411 (0xF62EBE62)
DIS LOCK NW = 20789802* (0x1D30E9CE)
SellOutSMS = 2615#0922 (0xD04CA8DE)
TFlashUnPairing = 30334*733 (0x51B892C4)
DIS LOCK SVC = 38025*93# (0xCA957BDB)
GPSTESTTOOL2 = 400#40*08 (0xB9F6D60D)
GPSTESTXTRA = 400#40*18 (0xB9F6D62E)
SerialNumber = 5317*0648 (0x6E256D8C)
EN LOCK SIM = 5494585*3 (0xBC051995)
SERVERURL = 553378683 (0xD8389060)
SLIDECOUNT = 584644021 (0xF0BF3052)
SellOutSMSTestMode = 597#*224# (0x96E7B26D)
APPSLAUNCHER = 5**6244*3 (0x33B0B76)
SLOGSERIAL M2 = 66#6757#1 (0x7050E07C)
AutoReceive Enable = 7160*5088 (0xEF2C5E0D)
TESTMODE = 718071#49 (0x8A09ACC8)
RESET SERVICE = 72673#00# (0xEC5B4BEF)
ReactivateSellOutSMS = 74201#086 (0x807DB65F)
AUDIOCODEC = 7#16#1#37 (0x902D68C2)
ADMIN GENERIC = 838*5448* (0xC8E890AC)
SLOGSERIAL ALL ON = 8644*3081 (0x705107AC)
VT MANUALSETTING = 8802*7*5# (0x104384B5)
DISLOCK SIM = 98217*243 (0x1D43862E)
DMTESTMENU = 9#7357764 (0x414D9633)
SLOGSERIAL ALL OFF = #22#6214# (0x7050E03A)
SLOGSERIAL M1 = #22#6215# (0x7050E05B)
SLOGSERIAL M3 = #22#6217# (0x7050E09D)
SLOGSERIAL M4 = #22#6218# (0x7050E0BE)
SLOGSERIAL M5 = #22#6219# (0x7050E0DF)
ADMIN VODAFONE = #75471648 (0x1C42130D)
DisableSellOutSMS = *4587*676 (0x903477AF)
BLUETOOTH SEARCH TEST = *#232333# (0xECE73AE0)
RANDOM BT MAC = *#232336# (0xECE73B43)
BLUETOOTH MAC VIEWER = *#232337# (0xECE73B64)
WIFI MAC VIEWER = *#232338# (0xECE73B85)
PRECONFIGURATION = *#638738# (0x213EF313)
SELF DIAGNOSTIC MODE DISABLE = *#7353*0# (0x6E008D7C)
SLOGSERIAL M6 = *#745*06# (0x7050E100)
DIS LOCK CORP = 00*2*2#524 (0xCA92BDF6)
ADMIN TMOBILE = 0612824763 (0x1BFBCA67)
AutoReceive Disable = 09925572#3 (0xD4B8217D)
SWversionIn = 1309653522 (0xECB23FC4)
GPSTTFFTESTTOOL = 154*068271 (0xF61EBC7C)
SellOutSMSProductionMode = 1#3341#5#0 (0x96D7C68A)
LOCK STATUS INFO = 28##**23*0 (0x7D8C72E3)
SWversionNewIn = 32456464#7 (0xFD58D7FC)
Heathcliff74 said:
I reverse engineered the Diagnostic Menu Application. It contains a list of configuration "Titles" with corresponding hash-codes. I made a tool to reverse the hash-codes to dial-codes. The dial-codes may not be the same as some codes that were already known, but the dial-codes are absolutely correct for these menu. Differences are due to hash-collisions (same hash-code may have multiple possible dial-codes). I just used the shortest dial-codes for every menu.
Click to expand...
Click to collapse
Can you share how did you reverse the hash function? I worked on this some time ago but finally just brute forced it to extract the keys.
I would also like to know how he reversed the hash codes! I tried for hours and had no luck!
Haha.. Well, I first tried to calculate the original dial-codes, but that seems to work only for dialcodes shorter than 8 digits (5 bits per digit, 32 bits hash-code = 32 / 5 = 7 digits + 1 digit for the extra add):
Code:
uint hash = 0; // enter hash here
string DialCode = "";
while (hash > 0)
{
uint digit = (hash % 33) + 33;
if (digit > hash)
hash = 0;
else
hash = (hash - digit) / 33;
DialCode = Convert.ToChar(digit) + DialCode;
}
return DialCode;
But this does not work for long dial-codes. So after that I just made a little program to brute-force it. I copied the enum with menu-titles and hash-codes to my project. Then I used reflection to populate a sortedlist. Then I started to brute-force and check all dialcodes for their hashcode and see if it exists in the list. If it exists, I add it to a textbox and remove the item from the list. That's it. So it is not really reversed, but my program took about an hour to get dial-codes for all the hashcodes in the enum.
Code:
SortedList<uint, string> hashCodes = new SortedList<uint, string>();
int l = typeof(HashCodeTable).GetEnumNames().Length;
string[] menunames = typeof(HashCodeTable).GetEnumNames();
for (int i = 0; i < l; i++)
{
try
{
hashCodes.Add(Convert.ToUInt32(Enum.Parse(typeof(HashCodeTable), menunames[i])), menunames[i].Substring(2).Replace('_', ' '));
}
catch { }
}
char[] chars = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '#', '*' };
for (int length = 1; length <= 20; length++)
{
ushort[] digits = new ushort[length];
for (int i = 0; i < length; i++) digits[i] = 0;
while (true)
{
// calc hash
uint hashCode = 0;
for (int i = 0; i < length; i++)
{
hashCode = ((hashCode << 5) + hashCode) + chars[digits[i]];
}
if (hashCodes.ContainsKey(hashCode))
{
int m = hashCodes.IndexOfKey(hashCode);
string str = "";
for (int j = 0; j < length; j++)
str = str + chars[digits[j]];
textBox1.Text = textBox1.Text + hashCodes.Values[m] + " = " + str + " (0x" + hashCode.ToString("X") + ")" + Environment.NewLine;
hashCodes.RemoveAt(m);
}
// increase
digits[length - 1]++;
for (int k = length - 1; k >= 0; k--)
{
if (digits[k] >= 12)
{
if (k == 0)
break;
else
{
digits[k] -= 12;
digits[k - 1]++;
}
}
}
if ((digits[0] >= 12) || (hashCodes.Count == 0)) break;
}
if (hashCodes.Count == 0) break;
}
Excellent stuff! Thank you for this very interesting code snippit!
WP7 diag codes
martani said:
Actually the code is a little misleading, if you see closely, the enum HashCodeTable is used nowhere.
Click to expand...
Click to collapse
This is because the compiler optimized out the switch statement and compiled the constants into the IL code for the hash codes.
Within the main switch statement where keypad entries are evaluated there are ~112 codes and I've reversed all of them. Writing hash algorithms is not straightforward and it's quite a simple one, since my app captured 2-3-4 variants of keycodes for the same hash value.
Regarding the most interesting entries at the top of the enum the ADMIN_ entries...those hash values are not handled by the application, maybe Samsung has another diag app or a different app which is using the same method.
The other thing I can think of is there are APIs in the diag app which one is sending the hash of a keycode to the given driver...I tried that but the ADMIN stuff did not worked that way either :-((
If anyone is interested I can post the resolved codes, but not sure if I can post it in the forum or not ;-)
Regsitry entry to enable SLDR mode
I found this definition in B44C7A84-5068-4b43-A1E5-F870A80F6FF8.rgu:
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\UsbFn]
...
"OsMode"=dword:0 ; 0 for Main OS, 1 for SLDR
....
Is the download mode == SLDR mode?
Since maybe we can set this entry "somehow", and upon next reboot we will get into download mode so we can flash the device?
So the question is, what is SLDR mode? Secure Loader mode? I don't know this, a more pro in this area should help out ;-)
UPDATE
I was able to read the value (0) and write it back (0). Did not tried to write 1 there
Hey guys. I know this thread is about programmatically enter downloadmode, but I wanted to try the 301k resistor trick and I can confirm it works on Samsung Omnia 7.
I used this guide. If you're gonna do that too, then you should pay attention to these things:
- The guide refers to pin 4 and 5 being closest to the headphone socket. But on the omnia 7, the headphone and micro-usb sockets are the other way around if you compare it to the Galaxy S. The guide is for the Galaxy S, so you should really pay attention to which pins you solder the resistor(s). This is the best picture on how you should solder the resistor(s).
- Many micro-usb cables have no wire for pin 4. Some connectors don't even have a pin 4. You should first verify that your connector has all 5 pins. If you only have 4 wires, then you have to dismantle the connector and solder directly on the back of the connector.
I switched off my Omnia 7. I plugged in my jig and it went to downloadmode immediately.
It's late now, so I will see tomorrow what I will be going to flash on it. There quite a few roms and I'm not sure which one I should use. I have to figure that out first.
If anyone has questions about how to make a jig, just ask. I know how to make one now.
You should post pictures, how to make such a cable. Thanks
FromOuterSpace said:
You should post pictures, how to make such a cable. Thanks
Click to expand...
Click to collapse
The picture I linked to in my previous post look pretty clear to me. It shows what pins you have to use. The guide I linked to contain all the other necessary details. If you have any specific questions about something that is still not clear, you can ask me.