Related
I upgraded my XDA Exec with the new ROM 1.30.162 WWE and Activesync 4.1 but each time I sync, I get a "bad_pool_header" error on a blue background which crashes my machine.
I installed Activesync 4.1 on another laptop to check if this problem was due to drivers etc on my main laptop, and discovered that the device syncs with no problems. There is, therefore, a conflict between the new Activesync 4.1 or the new ROM, and something on my main laptop.
Has anyone come across this problem?
Thanks
The problem is definitely on your PC. Reinstall motherboard drivers, reflash bios, remove antivirus, reinstall windows, etc.
Thanks - pretty drastic...!
Is there a short cut? ie reinstalling drivers one by one? If so, which are likely to be the main culprits? Motherboard? Broadband modem? etc
The error code after reboot of the laptop is:
BC code 19 BCP1:00000020 BCP2: 89A76000 BCP3: 89A766C0 BCP4: 0AD8000
OS Ver 5_1_2600 SP: 2_0 Product 256_1
\WER22c7.dir00\Mini052506-06.dmp
\WER22c7.dir00\sysdata.xml
Does this reveal anything that could explain which driver?
Thanks
10860 said:
Does this reveal anything that could explain which driver?
Click to expand...
Click to collapse
no.
You should create a complete crash dump, and use microsoft debugging tools to find faulting driver. Or better reinstall windows.
I looked at the minidump file and used MS debugger, the readout is below. I am not sure if I did the debugging ok, or how to interpret it. Anything useful in the readout?
Thanks
Loading Dump File [C:\Mini052406-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Wed May 24 20:25:34.038 2006 (GMT+1)
System Uptime: 0 days 0:52:32.633
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.......................................................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, 88187000, 881876c0, ad80000}
Probably caused by : Unknown_Image ( nt!KeBugCheck2+4d4 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 88187000, The pool entry we were looking for within the page.
Arg3: 881876c0, The next pool entry.
Arg4: 0ad80000, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: 88187000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
LAST_CONTROL_TRANSFER: from 00000000 to 8053331e
STACK_TEXT:
f78cab74 00000000 00000000 00000000 00000000 nt!KeBugCheck2+0x4d4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeBugCheck2+4d4
8053331e ?? ???
FAULTING_SOURCE_CODE:
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!KeBugCheck2+4d4
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: ZEROED_STACK
MODULE_NAME: Unknown_Module
Followup: MachineOwner
---------
Nothing useful, minidump does not have enough information
It is very difficult to debug pool corruptions.
I'm trying to hook api function "NKDbgPrintfW" from coredll.dll.
I use import table in-memory patch. It works fine for main module (exe file).
It hooks all calls from exe, but does not from dll it uses.
I think root of problem is that exe and loaded dlls use own import table and I patch only exe's one.
I use next function to hook exe api calls:
Code:
DWORD ic_PatchProcImports ( HANDLE hProc, DWORD dFind, DWORD dReplace )
{
DWORD ret = 0;
/* GODMODE ON */
BOOL bOldKMode = SetKMode ( TRUE );
DWORD dOldPerms = SetProcPermissions ( 0xFFFFFFFF );
/* get process ptr prom handle */
HDATA * hProcHD = ( HDATA * ) ( 0x80000000 | ( ( DWORD ) hProc & HANDLE_ADDRESS_MASK ) );
PROCESS * prc = ( PROCESS * ) hProcHD->pvObj;
/* get imports sections */
struct ImpHdr * blockptr, * blockstart;
blockstart = ( struct ImpHdr * ) MapPtrProc ( prc->e32.e32_vbase + prc->e32.e32_unit[IMP].rva, prc );
/* iterate thru imports sections */
for ( blockptr = blockstart; blockptr->imp_lookup; ++blockptr )
{
DWORD dOldProtect, tmp;
/* get vectors ptr */
DWORD * vectors = ( DWORD * ) MapPtrProc ( prc->e32.e32_vbase + blockptr->imp_address, prc );
/* count vectors */
DWORD * vptr = vectors;
while ( * vptr ) ++vptr;
DWORD vcnt = ( vptr - vectors );
/* try to unlock imports section memory */
if ( VirtualProtect ( vectors, vcnt * sizeof ( DWORD ), PAGE_EXECUTE_READWRITE, &dOldProtect ) )
{
/* find&replace */
for ( UINT i = 0; i < vcnt; ++i )
{
if ( vectors[i] == dFind )
{
vectors[i] = dReplace;
++ret;
}
}
/* lock back */
VirtualProtect ( vectors, vcnt * sizeof ( DWORD ), dOldProtect, &tmp );
}
}
/* GODMODE OFF */
SetProcPermissions ( dOldPerms );
SetKMode ( bOldKMode );
/* */
return ret;
}
I tried to find import table in loaded dll module but failed.
Here is the code I used:
Code:
DWORD ic_PatchModuleImports ( HANDLE hProc, Module* mod, DWORD dFind, DWORD dReplace )
{
DWORD ret = 0;
/* GODMODE ON */
BOOL bOldKMode = SetKMode ( TRUE );
DWORD dOldPerms = SetProcPermissions ( 0xFFFFFFFF );
/* get process ptr prom handle */
HDATA * hProcHD = ( HDATA * ) ( 0x80000000 | ( ( DWORD ) hProc & HANDLE_ADDRESS_MASK ) );
PROCESS * prc = ( PROCESS * ) hProcHD->pvObj;
/* get imports sections */
ImpHdr *blockptr, *blockstart;
blockstart = ( ImpHdr * ) MapPtrProc(mod->e32.e32_vbase + mod->e32.e32_unit[IMP].rva, prc);
/* iterate thru imports sections */
for ( blockptr = blockstart; blockptr->imp_lookup; ++blockptr )
{
// NKDbgPrintfW(L"%s", blockptr->imp_dllname);
//DWORD dOldProtect, tmp;
/* get vectors ptr */
DWORD * vectors = ( DWORD * ) MapPtrProc(mod->e32.e32_vbase + blockptr->imp_address, prc);
/* count vectors */
DWORD * vptr = vectors;
while ( * vptr ) ++vptr;
DWORD vcnt = ( vptr - vectors );
/* try to unlock imports section memory */
//if ( VirtualProtect ( vectors, vcnt * sizeof ( DWORD ), PAGE_EXECUTE_READWRITE, &dOldProtect ) )
{
/* find&replace */
for ( UINT i = 0; i < vcnt; ++i )
{
NKDbgPrintfW(L"Serach for: %x; Found: %x", dFind, vectors[i]);
if ( vectors[i] == dFind )
{
vectors[i] = dReplace;
++ret;
}
}
/* lock back */
// VirtualProtect ( vectors, vcnt * sizeof ( DWORD ), dOldProtect, &tmp );
}
}
/* GODMODE OFF */
SetProcPermissions ( dOldPerms );
SetKMode ( bOldKMode );
/* */
return ret;
}
I'm looking for any way to hook this function, but I prefer in-memory import table patch..
Hello!
Perhaps this will help:
http://forum.xda-developers.com/showthread.php?t=372496
I am also working on a program that needs hooks. My problem right now is that I need to create the header with all the structure definitions (PROCESS, THREAD, ect). I found this but it is most likely for an older CE version as it was written in 2003:
http://nah6.com/~itsme/cvs-xdadevtools/itsutils/old/cenk.h
Do you have these definitions for wince 5.x?
I think, you can find it in Windows Mobile Platform SDK .
MS sells that SDK, but if you google it, you'll find a place where you can download it for free
I was working on a similar problem but I decided to make a generic hook that didn't rely only on import table. Thanks to itutils I was able to hook some functions until when I found out that there two methods for making api calls, the standard one and the "speedy" one. I wasn't able to hook any function that was using the second method and after a bit I gave up. How did you overcome this problem?
Any suggestion is welcome, thank you
I still have not solved my problem. I am trying to hook calls to keybd_event in coredll from keypad.dll. I think the root of the problem is that that keypad.dll is in ROM. Therefore the thunk table that is actually inside keypad.dll is not readable or writeable at runtime. I think there is a thunk table created in RAM somewhere else where the function pointers are actually stored. I can find it by analyzing keypad.dll and finding the hex location to where the runtime thunk table is, but I cant find a way to figure it out at runtime so that my hook will work with any dll.
I use the PerformCallback4 DLL hooking and it's working with ROM files. But I'd also be interested if there's a way to inject into a process without needing to load a separate DLL.
Well process injection is not my problem. I am trying to hook calls from a service dll. All I did was add my dll as a service and I am kindly loaded at boot. Its the hooking I cant get to work. How are you accomplishing the hook? I just want to hook all calls from other services to keybd_event.
What _exactly_ do you guys want to do? I may be able to assist.
I know the answers to most questions I see here, but I will simply not give out the code to do this, because it is "dangerous" code. By that I do not mean it is not somewhat reliable, but dangerous to commercial developers as these techniques allow you to crack pretty any commercial app with minimal effort...
(see my notice about having easily bypassed the MS Marketplace "advanced protection" on various news sites for an example of how bad this can be)
Actually I'd be curious to know how to hook an API that can use the kmode speedup, that is one that's using g_pKmodeEntries. I'm not interesting into cracking anything but at this point I'm curious to know how to go ahead.
Thanx for any help.
I heard that the DLL injection hooks won't work for WinCE 6.0 (--> WM 7) but what about the mentioned "kmode speedup"?
bbbird1 said:
Actually I'd be curious to know how to hook an API that can use the kmode speedup, that is one that's using g_pKmodeEntries. I'm not interesting into cracking anything but at this point I'm curious to know how to go ahead.
Thanx for any help.
Click to expand...
Click to collapse
Well there are various ways to patch functions out. The problem is that there are several ways that a kernel function can ultimately be called. Of course there are also various ways to go about patching these functions. To name a few:
(1) Patch the apiset tables and overwrite the function address the trap jumps to. If this is the same table and address are used for the g_pKmodeEntries jump I am not sure - you would have to do some IDA'ing / testing to figure that one out
(2) Patch the import tables of the executable / dll calling this function, if you have a specific target in mind (with some small trickery this can be adapted to also patch 'dynamic imports', i.e. GetProcAddress, even after the call was made)
(3) Patch the export table of coredll (actually if this one matches your wishes, I usually use 4 instead)
(4) Patch the function inside coredll directly by (saving first and then) overwriting the first few instructions with a jump to your code
(5) Patch the actual function inside nk or the other exe server (closely related to 4)
Each method has it's own pros and cons, injection/controlled-leak/code requirements and may or may not work with certain way of calling the function. Some of these patches are much more difficult to do than others...
You'd have to figure out for your function which method might actually work. For example I usually have great results with method 4, however it will not catch some ways of kernel-internal calls, so you have to confirm first with some heavy IDA'ing to see if internal calls exist (completely bypassing coredll, for most functions they actually don't). Unfortunately that I recall I have not tried patching any g_pKmodeEntries intentionally (as in I might have patched such functions, but not knowingly).
RAMMANN said:
I heard that the DLL injection hooks won't work for WinCE 6.0 (--> WM 7) but what about the mentioned "kmode speedup"?
Click to expand...
Click to collapse
Well we'd pretty much have to start from scratch again, figuring a lot of stuff out, but I'm sure we'll find new and exciting ways of hooking kmode speedup might still be there, though, but likely in a different form.
Chainfire said:
What _exactly_ do you guys want to do? I may be able to assist.
I know the answers to most questions I see here, but I will simply not give out the code to do this, because it is "dangerous" code. By that I do not mean it is not somewhat reliable, but dangerous to commercial developers as these techniques allow you to crack pretty any commercial app with minimal effort...
(see my notice about having easily bypassed the MS Marketplace "advanced protection" on various news sites for an example of how bad this can be)
Click to expand...
Click to collapse
Hello chainfire! I am trying to hook keyboard events comming from the keypad driver. There is a service that runs to detect key interrupts and when it does detect them it calls keybd_event to broadcast the event. keybd_event is in coredll. The keypad service is loaded from keypad.dll (in most ROMs). So I want to hook calls from keypad.dll to keybd_event in coredll. The problem is that I want it to work regardless of ROM version and there are different versions of keypad.dll, and some ROMs dont have it at all. Therefore I want to hook all calls to keybd_event from services. I added my dll as a service so injection method is not a problem. Now I need to hook.
Using IDA I found the address of the IAT in keypad, but the IAT that exists in the dll itself is not readable or writeable. It seems that there is a thunk table that gets created in RAM separate from where the dll is loaded. Each process seems to create it's own RAM thunk table for loaded dlls (my guess is just those in ROM). I dont know how to programmatically find these thunk tables.
Do I make sense? This is of course targeting WM6.x (wce5). I just need some way to hook calls to keybd_event from all dlls loaded in the current process. Some of those dlls may be in ROM but they need to be hooked too.
Chainfire said:
Well there are various ways to patch functions out. The problem is that there are several ways that a kernel function can ultimately be called. Of course there are also various ways to go about patching these functions. To name a few:
(1) Patch the apiset tables and overwrite the function address the trap jumps to. If this is the same table and address are used for the g_pKmodeEntries jump I am not sure - you would have to do some IDA'ing / testing to figure that one out
(2) Patch the import tables of the executable / dll calling this function, if you have a specific target in mind (with some small trickery this can be adapted to also patch 'dynamic imports', i.e. GetProcAddress, even after the call was made)
(3) Patch the export table of coredll (actually if this one matches your wishes, I usually use 4 instead)
(4) Patch the function inside coredll directly by (saving first and then) overwriting the first few instructions with a jump to your code
(5) Patch the actual function inside nk or the other exe server (closely related to 4)
Each method has it's own pros and cons, injection/controlled-leak/code requirements and may or may not work with certain way of calling the function. Some of these patches are much more difficult to do than others...
You'd have to figure out for your function which method might actually work. For example I usually have great results with method 4, however it will not catch some ways of kernel-internal calls, so you have to confirm first with some heavy IDA'ing to see if internal calls exist (completely bypassing coredll, for most functions they actually don't). Unfortunately that I recall I have not tried patching any g_pKmodeEntries intentionally (as in I might have patched such functions, but not knowingly).
Well we'd pretty much have to start from scratch again, figuring a lot of stuff out, but I'm sure we'll find new and exciting ways of hooking kmode speedup might still be there, though, but likely in a different form.
Click to expand...
Click to collapse
I like the sound of (3). Why Use (4) instead? How do you find the export table programmatically? If I use this method, as long as my service is loaded first it should work.
Ok I just tried something and it worked. It seems that these RAM thunk tables are always loaded at 0x01bb5000 for every process. The following code worked:
Code:
coremod = GetModuleHandle(L"coredll.dll");
o_keybd_event = (_keybd_event)GetProcAddress(coremod, L"keybd_event");
my_kbe = (DWORD)(my_keybd_event);
addr = (DWORD*)(0x01bb5000);
VirtualProtect(addr, 4, PAGE_READWRITE, NULL);
while(ReadProcessMemory(GetCurrentProcess(), addr, &dat, 4, NULL))
{
if(dat == (DWORD)o_keybd_event)
{
WriteProcessMemory(GetCurrentProcess(), addr, &my_kbe, 4, NULL);
kbe_hkd = TRUE;
}
addr++;
VirtualProtect(addr, 4, PAGE_READWRITE, NULL);
}
The thunk tables seem to be back to back and ReadProcessMemory seems to always fail at the end of them, so the loop does not run too long. Chainfire, does this make sense to you?
JKingDev said:
...
Do I make sense? This is of course targeting WM6.x (wce5). I just need some way to hook calls to keybd_event from all dlls loaded in the current process. Some of those dlls may be in ROM but they need to be hooked too.
Click to expand...
Click to collapse
Using IAT patch to do this is certainly possible but a lengthy process as you'd have to keep track for all dll loads in services.exe and patch each and every dll as it loads. One of the other methods I described may fit better.
JKingDev said:
I like the sound of (3). Why Use (4) instead? How do you find the export table programmatically? If I use this method, as long as my service is loaded first it should work.
Click to expand...
Click to collapse
(3) is actually (IMHO) a very annoying patch to implement. It doesn't easily allow you to patch/unpatch at will. It doesn't cover coredll-internal jumps. The timing/load-order has to be perfect. It requires slightly more memory. And because you have to load it before anything else if you screw something up there's a good chance you'll need a hard-reset to recover (that's a real ***** with testing!). You can get the export table from the e32 structure of the module, though it isn't always easily patched
JKingDev said:
Ok I just tried something and it worked. It seems that these RAM thunk tables are always loaded at 0x01bb5000 for every process. The following code worked:
The thunk tables seem to be back to back and ReadProcessMemory seems to always fail at the end of them, so the loop does not run too long. Chainfire, does this make sense to you?
Click to expand...
Click to collapse
ROM DLLs create a seperate data section in memory for every process it is loaded into, the IAT is also stored there. Note that the addresses / virtual memory are the same across processes, but different physical memory is used for each process (same as data sections for normal DLLs, though those are located at the normal addresses). To figure out where this memory is look at the rwLow and rwHigh members of the PMODULE structure. (actually I'm surprised you found the location without this )
Chainfire said:
ROM DLLs create a seperate data section in memory for every process it is loaded into, the IAT is also stored there. Note that the addresses / virtual memory are the same across processes, but different physical memory is used for each process (same as data sections for normal DLLs, though those are located at the normal addresses). To figure out where this memory is look at the rwLow and rwHigh members of the PMODULE structure. (actually I'm surprised you found the location without this )
Click to expand...
Click to collapse
That is the vital info I needed! Quick question, do I start searching at rwLow and end at rwHigh, or start at rw Low and end at rwLow+rwHigh?
Thanks!
*edit* Answering my own question, start searching at rwLow and end at rwHigh. I was still having problems because my MODULE structure definition is incorrect, but I was able to find where the information I needed was so it doesnt really matter. Thanks so much!!
Intro:
This is an all-in-one tool for decompiling, compiling and comparing lua scripts found in Manila (TouchFLO 3D / Sense).
All this is a continuation of sztupy's original work: Lua 5.1 tools.
General:
LuaTool consists of 4 parts: Lua decompiler, Lua compiler, Lua compare utility and a Manila file type detection utility.
LuaDec 3.2 - Lua decompiler
Notes on latest version:
Major overhaul of the local finding algorithm. Most lua scripts can now be fully decompiled without a problem.
Manila 2.5.1921 has a total of 703 scripts (including embedded scripts). LuaDec can fully decompile 663 files. That's a success rate of 94.31%.
General notes:
LuaDec automatically checks if the output file was decompiled successfully.
If it wasn't, LuaDec will also output the disassembly and compare file.
In case the decompile was 100% good, LuaDec will only output the standard .lua file as before.
LuaC 1.2 - Lua compiler
Binary function replacement:
LuaC can directly replace functions in compiled luac files. This can be useful if the luac file can't be fully decompiled, but only a small part of the file needs to be edited. Some more info on function replacement.
Continue statement:
The "continue" statement has been added to the Lua Compiler.
Lua doesn't officially support continue statements, but it looks like HTC added it for their needs, so I'm following their lead.
Usage and versions:
Code:
LuaTool 1.2 by Co0kieMonster
Usage: LuaTool <task_select> [task_options] <task_input>
Tasks:
/decompile (or /d) -- Lua Decompiler
/compile (or /c) -- Lua Compiler
/compare (or /cr) -- Lua Compare utility
/detect (or /dt) -- Manila file type detect utility
LuaDec 3.2
Usage: LuaTool /decompile [options] <inputfile>
Available Options:
-o <filename> specify output file name
-dis don't decompile, just disassemble
-f <number> decompile/disassemble only function number (0 = global block)
LuaC 1.2
Usage: LuaTool /compile [options] <inputfile>
Available Options:
-o <filename> specify output file name
-s strip debug information
-r <n> <luac_file> replace function <n> in <luac_file> with <inputfile>
LuaCompare 1.2.1
Usage: LuaTool /compare [options] <original.luac> <newfile.lua(c)>
Available Options:
-o <filename> specify output file name
-s side by side file comparison
-du disable underline
ManilaDetect
Usage: LuaTool /detect <inputfile>
LuaTool changelog:
# LuaTool v1.2
-updated LuaDec to v3.2, LuaC to v1.2 and LuaCompare to v1.2.1
# LuaTool v1.1
-updated LuaDec to v3.1, LuaC to v1.1 and LuaCompare to v1.2
LuaDec changelog:
# LuaDec v3.2
-Local guesser improvements
---major overhaul - gives much better results
-Conditionals handling improvements
---fixed elseif not being recognised in some cases
---added partial support for complex inline boolean assingment
-General improvements
---fixed single function decompile
---fixed table assignments where there are more then 16 values
---better error handling
# LuaDec v3.1
-Conditionals handling improvements
---wrote a brand new algorithm for handling complex logic expressions
---fixed falsely detected generic for loops
---fixed misplaced if end, because of end-to-break optimization
-Local guesser improvements
---declarations at CALL before RETURN
-General improvements
---fixed indents not behaving properly in some cases
---fixed LOADNIL assignments where the destinations are local variables
---decompiler now displays success rate after decompile
---added SETLIST handling
# LuaDec v3.0.4
-General improvements:
---added back error messages
---fixed variable arguments handling
---fixed multiple inline assignments
---fixed a rare if ending misplacement
-Local guesser improvements at:
---inline bool assignments
---table in table situations
---TAILCALLs
---CALLs which return multiple results
---locals declared just before TEST ops
---SETTABLE where b isn't a constant
# LuaDec v3.0
-core rewrite and cleanup
-more accurate especially with conditionals and loops
-some miscellaneous accuracy improvements
-added extra info to script header (date, time, file name and manila name)
-LuaCompare updated to v1.0.1 (compatibility)
# LuaDec v2.1
- Less crashing:
--- added a failsafe for crashing on bad registers
--- fixed crash on SETUPVAL
--- fixed crash on SETLIST
- Better conditional handling:
--- fixed handling of deeper nested else and elseif
--- fixed handling of empty if-end and else-end blocks
--- added break handling
- Better table handling:
--- fixed inline table assignments
--- fixed handling of numerically indexed tables
- Adjustments to local guesser:
--- fixed guessing for inline table assignments
--- fixed guessing for SETGLOBAL and SETUPVAL at PC 1
LuaC changelog:
# LuaC v1.2
-added binary function replacement
# LuaC v1.1
-added "continue" statement
LuaCompare changelog:
# LuaCompare v1.2.1
-small change to support single function decompile
# LuaCompare v1.2
-pre-compare disassembly is now done internally instead of writing to disk and reading
-added a console message with match percentage
# LuaCompare v1.1
-initial version integrated in LuaTool
Go co0kiemonster! You da man!
boy oh boy ... cant believe that, thanks
time to get back to the keyboard and do some hack0r's stuff
see you guys
I like the new compare output a lot! Saves some lines in the manilatool.cmd as well. Do you plan on updating all the ruby tools or just the compare?
Muchos gracias
12aon said:
Do you plan on updating all the ruby tools or just the compare?
Click to expand...
Click to collapse
Probably all (except luadecguess, which is redundant because luadec has an internal guesser since version 2.0). But I hadn't planned on doing it any time soon - right now, luadec is keeping me pretty busy. I'm doing a semi-rewrite of it in order to inject some OOP love (port to C++) and then hopefully make a proper conditionals and loops engine.
I don't mind OOP love . Hey I somebody came with this idea about luadec but as it turned out I misunderstood him. He was actually talking about the m9editor. Nevertheless the idea is good. You tell me if it's doable.
Wouldn't it be a good idea to include the full manila name in the lines of code as well (If known). Going a bit further might it not be an even better idea to include some more diagnostic info there.
Thing I can think of are manila version (although I can't imagine a foolproof method), date, full manila path name maybe some diagnostics.
You know I'm going to keep you occupied right?
12aon said:
Wouldn't it be a good idea to include the full manila name in the lines of code as well (If known). Going a bit further might it not be an even better idea to include some more diagnostic info there.
Thing I can think of are manila version (although I can't imagine a foolproof method), date, full manila path name maybe some diagnostics.
Click to expand...
Click to collapse
Full manila name and date aren't a problem. I'll add them in the next release.
Manila version would have to be set by the user so that's a bit problematic. But it would be great to have. I'll try to think of good way to add it.
As for diagnostics: Did you mean adding something other than the "-- DECOMPILER ERROR: ... " lines, or just making those lines a bit more useful?
12aon said:
You know I'm going to keep you occupied right?
Click to expand...
Click to collapse
I'm counting on it
Co0kieMonster said:
Full manila name and date aren't a problem. I'll add them in the next release.
Manila version would have to be set by the user so that's a bit problematic. But it would be great to have. I'll try to think of good way to add it.
As for diagnostics: Did you mean adding something other than the "-- DECOMPILER ERROR: ... " lines, or just making those lines a bit more useful?
I'm counting on it
Click to expand...
Click to collapse
The version number can be found in a package here:
Code:
[HKEY_LOCAL_MACHINE\Software\HTC\Manila]
"Version"="2.1.19193517.0"
That's either the .reg or .rgu file
It can also sometimes be found in the package name. But these things are very unpredictable. In that sense it could only be used as an extra. I don't know if any of the exe's in the package hold the info.
By diagnostics I was referring to my lack to come up with anything else. I hoped your developer instincts would lead you to add in the rest for me. But now that I think of it maybe something amount of errors in the script or amount of opcodes, maybe the number of functions. I don't know why, or how it would be useful so probably just leave out that part. Unless you disagree of course,
12
12aon said:
You know I'm going to keep you occupied right?
Click to expand...
Click to collapse
LOL 12 has a new toy!
I guess it would be dumb to ask if you intend to use this in your Manila kitchen! LOL
Asphyx said:
LOL 12 has a new toy!
I guess it would be dumb to ask if you intend to use this in your Manila kitchen! LOL
Click to expand...
Click to collapse
It is already part of the kitchen , co0kie has been helping us for a while now. He is the one who added the lua scheme to notepad2
Ive been trying to use this on the lua files in the sprint hero but no matter what i try i get the error "Bad header in precompiled chunk"
Any thoughts/ideas?
You sure hero's got lua files? Would you mind sharing them?
12
pentace said:
Ive been trying to use this on the lua files in the sprint hero but no matter what i try i get the error "Bad header in precompiled chunk"
Any thoughts/ideas?
Click to expand...
Click to collapse
Might be a different encoding.
Can you upload a few of the files so I can check it out?
Version 3.0 is up
Some info:
Version 3.0 is a complete rewrite of LuaDec. It's more accurate then 2.1, especially when large loops are involved. It might just need a little bit more tweaking but conditional and loop handling is almost perfect. The next big thing to tackle is local guessing, and that will come in a later version.
LuaDec has also generally been cleaned up, so no more obsolete command line switches or memory leaks.
It can also retrieve the full manila name and add it to the file header. E.g.: if you decompile 0bd9db81_manila, LuaDec will add \windows\htc\people\scripts\people\peoplegroupdeta il.luac to the decompiled script header for better reference. For this to work you need to have the m9editor.names.txt file in the same folder as LuaDec.
Now that I've done this rewrite I should be able to accelerate development. And there are some cool new feature coming in future versions.
Decompile Luaplugins for lightroom
Hi,
I just wondering if it is possible to use this to decompile any lua files, the one i'm looking for is decompiling lightroom plugins
skrollster said:
Hi,
I just wondering if it is possible to use this to decompile any lua files, the one i'm looking for is decompiling lightroom plugins
Click to expand...
Click to collapse
LuaDec has been tuned specifically to HTC's Lua variant. Theoretically it should decompile any Lua 5.1 scripts, but it might be incompatible with the character and number encodings of non-HTC scripts. I'm not sure about the specifics, since those adaptation were done before my development efforts - see here for some of the details: http://forum.xda-developers.com/showpost.php?p=3466886&postcount=249
You can always give it a try and see what happens. It can't hurt
Co0kieMonster said:
LuaDec has been tuned specifically to HTC's Lua variant. Theoretically it should decompile any Lua 5.1 scripts, but it might be incompatible with the character and number encodings of non-HTC scripts. I'm not sure about the specifics, since those adaptation were done before my development efforts - see here for some of the details: http://forum.xda-developers.com/showpost.php?p=3466886&postcount=249
You can always give it a try and see what happens. It can't hurt
Click to expand...
Click to collapse
It just gave me an almost blank file, the only thing in it was some stuff i guess you add to all files
skrollster said:
It just gave me an almost blank file, the only thing in it was some stuff i guess you add to all files
Click to expand...
Click to collapse
Yeah, that's definitely because of the different encodings. Sorry, but I guess it's not going to work.
Too bad really, is it possible to create a decompiler for the encoding used for adobes applications? if so, is it much work to change it?
I'm not sure. Upload one or two lua files so I can take a look.
Purpose:
This purpose of this VBScript is to process and organize data in RGU/REG files to remove duplicates, identify faulty entries, and move entries to ascending alphabetical order (the same way it is displayed in a registry editor).
Requirements:
Windows Scripting Host (included in most versions of windows)
rgucomp.exe and cereg400.dll located somewhere in your path (same folder as the script probably won't work if the script is run from another folder)
.reg and .rgu files are expected to be UTF-16LE with BOM
Usage:
Drag a .rgu, .reg, or .hv onto RGUber.vbs OR run "wscript.exe RGUber.vbs example.rgu"
Details:
When an rgu|reg file is specified, RGUber will:
1) create backup of input file
2) rename input file to boot.rgu
3) use rgucomp to convert it to *.hv
4) use rgucomp to convert new .hv to original rgu path\name
5) Reorder all keys in ascending alphabetical order and all values for each key in ascending alphabetical order with default value first
When an hv file is specified, RGUber will:
1) use rgucomp to convert it to *.rgu
2) Reorder all keys in ascending alphabetical order and all values for each key in ascending alphabetical order with default value first
Options
Open RGUber.vbs in your favorite text editor. All options are set at the beginning with (hopefully) meaningful descriptions.
Code:
'//Path to rgucomp (leave this as default if rgucomp.exe is located in your system path)
Const RGUCOMP = "rgucomp.exe"
'//Path to notepad, only needed if %OPENAFTER% is true
Const NOTEPAD = "notepad.exe"
'//The following options can be set to True/False or 0/1
'//Organize registry entries in ascending alphabetical order
Const REORDER = True
'//Open in %NOTEPAD% after conversion is done
Const OPENAFTER = False
'//Save any errors from rgu -> hv conversion
Const LOGERRORS = True
'//Save a backup copy of %INPUTRGU% as "%INPUTRGU%_Backup.rgu"
Const BACKUPRGU = True
Other info
If target file already exists, RGUber will ask if you want to overwrite.
Text files (the MS way) typically contain CRLF for next line. Output from rgucomp.exe contains many CRCRLF. RGUber removes the extra CR.
I have very few comments in the code. If requested, I will upload another copy with as many detailed comments as I can manage.
I tried to code this as efficiently as VBScript can possibly be. I kept getting errors when trying to run 'rgucomp.exe -b -nologo' so instead of running it directly, RGUber creates a bat file, executes it, then deletes it.
On my AMD Phenom 9600 with Vista64 and 3 SATA in Raid5, RGUber completes rgu->hv->rgu of 2084 lines in <3s
RGUber always saves output from rgu->hv conversion but deletes the file if there were no errors.
RGUber crashes on files with no reg entries (e.g. empty app.reg in an EXT package that does not add any registry entries)
Changelog:
v1.21a
Values are now sorted in alphabetical order for each key
v1.2
Replaced Organize function with one from RGUOrder
Lost ability to reorder values for each key (To be readded in next version)
v1.1
Fixed a bug with removing hashdata from output (RGUber would mix data from two keys under one)
Changed sorting algorith with a much faster one
v1.02
Added option to remove RegistryUpdate key from rgucomp output
Fixed a typo where RGUber was not removing the system attribute from input rgu files
v1.01
Fixed typo where RGUber was waiting for backup file instead of log file
Change 'Done' msgbox to one that shows beginning time and ending time
v1.0
Initial Release
RGUOrder v1.4
This script will only reorder the contents of an rgu without processing with RGUComp, thereby keeping comments and delete key entries. RGUComp/cereg400.dll are not needed to use this app.
Changelog:
v1.4
Fixed a bug where if the original rgu did not end with a new line then the last entry after being sorted would be lost.
Fixed two bugs where only the first 25 tabs and first 25 spaces would be removed before sorting (This did not affect data integrity or performance, but the checksum would be different each time you run the output back through RGUOrder until all the original tabs/spaces were removed)
Added code to prevent multiple entries of the same key from being reordered
Fixed other miscellaneous bugs/oddities introduced with v1.3
v1.3
Added code to add a delete key for each subkey of a deleted key so that when reordered, the key deletion isn't broken
v1.2
Fixed a bug where the last key processed was being concatenated to another with no CRLF producing an invalid rgu file
I'm not sure if this relates to your app but I have a small question:
If a dumped a rom (raw, not kitchen type) and removed several apps/programs but did not clean the registry (very tedious), will this help me clean it up (remove dead paths, etc)?
And if so, how will it know just by dragging the .hv file? I mean how will your app know if a registry entry does not have the app/program included in the rom anymore?
Please forgive me if my question does not relate to your app
There is no way for my app to know, it isnt that smart
It would take an extensive app/database to know which keys are related to which apps.
Thanks for this post
updated to v1.1
v1.02 had a bug in the code which removed hash data from output which made it mix data from the key before it with the key after it
If I ever get around to updating again, I will use hvedit instead of rgucomp
I get an error.
Script: D:\RGUber.vbs
Line: 136
Char: 2
Error: File not found
Code: 800A0035
Source: Microsoft VBScript runtime error
Any reason why?
I attach the file i want to sort alphabetically.
I have no idea
It worked for me with no problem (file attached)
Please tell me the location of RGUber.vbs and of 51329f91-0017-4364-bcff-e032c5d45b01.rgu
Great application bro!!
Only limitation is that I have to put reg400.dll and rgucomp in C:\windows
c_shekhar said:
Great application bro!!
Only limitation is that I have to put reg400.dll and rgucomp in C:\windows
Click to expand...
Click to collapse
yeah, I tried to get around that but I didn't find anything feasible with vbscript :-/
Actually, they don't have to go in C:\windows
I reinstall windows regularly so I keep as many apps portable as I can. I have a bin folder on another partition that I add to the system path variable after a new install for stuff like this.
selyb said:
yeah, I tried to get around that but I didn't find anything feasible with vbscript :-/
Actually, they don't have to go in C:\windows
I reinstall windows regularly so I keep as many apps portable as I can. I have a bin folder on another partition that I add to the system path variable after a new install for stuff like this.
Click to expand...
Click to collapse
can you elaborate this a bit more. Because I too would like a similar arranfements...
My C:\ partition has Vista64
My F:\ partition has all my documents, downloads, music, movies, etc and a folder F:\bin\
F:\bin contains >100 downloaded command line programs and vbs scripts that I have written including
RGUber.vbs
lame.exe
rgucomp.exe
cereg400.dll
FixVTS.exe
faad.exe
nuerecmod.exe
Tag.exe
find Advanced System Properties (I can't remember how, it's different for XP/Vista/7) go to the Advanced tab and hit the Environment Variables button
Under system variables, scroll down to 'Path', double click it. This defines your 'system path'. It contains a list of folders separated by semicolon ";". At the end, add a semicolon and the path to the folder you want to add (e.g. ;F:\bin) after that, hit ok. XP may need to reboot to reflect the change but I'm not sure. Vista and 7 are affected immediately.
With this setup, you can open a command prompt in any folder on your computer and type "RGUber.vbs xyz.rgu" and it would work as if all the files are in that folder.
Thanks a lot bro!!!
I am grateful...
I'd really like to use this, but unfortunately I get this error regardless of the app.reg I drag onto the script:
Script: C:\RGUber\RGUber.vbs
Line: 232
Char: 3
Error: The system cannot find the path specified.
Code: 80070003
Source: (null)
Thanks if you can advise.
Quetzecotyl said:
I'd really like to use this, but unfortunately I get this error regardless of the app.reg I drag onto the script:
Script: C:\RGUber\RGUber.vbs
Line: 232
Char: 3
Error: The system cannot find the path specified.
Code: 80070003
Source: (null)
Thanks if you can advise.
Click to expand...
Click to collapse
Hmmm... this line asks the system for what is in the %temp% variable and attempts to change the working directory to the result.
Open RGUber.vbs in notepad and go to line 232
Modify
Code:
WSH.CurrentDirectory = WSH.Environment("SYSTEM")("temp")
to
Code:
WSH.CurrentDirectory = "C:\RGUber\"
then try again
Works great after your fix, selyb. Thank you for this useful app and your many helpful contributions to the Kaiser forums.
Quetzecotyl said:
Works great after your fix, selyb. Thank you for this useful app and your many helpful contributions to the Kaiser forums.
Click to expand...
Click to collapse
Yeah, I may relocate from Kaiser forums to Rhodium. I have an AT&T Tilt 2 in the mail to me ATM
Grats on getting a Rhodium. Found a question after using it for a while. This is just one example of such behavior, but why does:
Code:
[HKEY_CURRENT_USER\Software\HTC\TaskManager\ExclusiveList\System]
"CMBandSwitching.exe"=dword:0
get turned into:
Code:
"CMBandSwitching.exe"=dword:0
How do I make it regard CURRENT_USER keys?
Quetzecotyl said:
Grats on getting a Rhodium. Found a question after using it for a while. This is just one example of such behavior, but why does:
Code:
[HKEY_CURRENT_USER\Software\HTC\TaskManager\ExclusiveList\System]
"CMBandSwitching.exe"=dword:0
get turned into:
Code:
"CMBandSwitching.exe"=dword:0
How do I make it regard CURRENT_USER keys?
Click to expand...
Click to collapse
I had this problem with an earlier version. If you are using v1.1 then please attach the original rgu/reg. I have tried and I can't seem to reproduce it since I fixed it already.
Please, replace rgucomp with hvedit . I really need your help because rgucomp doesn't work for me . Thanks in advance .
tomcug said:
Please, replace rgucomp with hvedit . I really need your help because rgucomp doesn't work for me . Thanks in advance .
Click to expand...
Click to collapse
why doesn't rgucomp work? I would be surprised to learn that hvedit will work when rgucomp won't.
i dont know if anyone has noticed or if its even relevant but i just noticed that samsung has a link to wave s8600 source at
http://opensource.samsung.com/
1.
You know what Source Code is?
http://en.wikipedia.org/wiki/Source_code
human-readable computer language
Click to expand...
Click to collapse
Now check this file:
GT-S8600_OpenSource.zip
130 KB
2.
Use any kind of Editor... Text Editor is enough and look into dtrace.c:
Code:
* [B]DTrace[/B] - Dynamic Tracing for [B]Solaris[/B]
*
* This is the implementation of the Solaris Dynamic Tracing framework
* (DTrace). The user-visible interface to DTrace is described at length in
* the "Solaris Dynamic Tracing Guide". The interfaces between the libdtrace
* library, the in-kernel DTrace framework, and the DTrace providers are
* described in the block comments in the <sys/dtrace.h> header file. The
* internal architecture of DTrace is described in the block comments in the
* <sys/dtrace_impl.h> header file. The comments contained within the DTrace
* implementation very much assume mastery of all of these sources; if one has
* an unanswered question about the implementation, one should consult them
* first.
*
* The functions here are ordered roughly as follows:
*
* - Probe context functions
* - Probe hashing functions
* - Non-probe context utility functions
* - Matching functions
* - Provider-to-Framework API functions
* - Probe management functions
* - DIF object functions
* - Format functions
* - Predicate functions
* - ECB functions
* - Buffer functions
* - Enabling functions
* - DOF functions
* - Anonymous enabling functions
* - Consumer state functions
* - Helper functions
* - Hook functions
* - Driver cookbook functions
*
* Each group of functions begins with a block comment labelled the "DTrace
* [Group] Functions", allowing one to find each block by searching forward
* on capital-f functions.
Now Google dtrace or:
http://en.wikipedia.org/wiki/Dtrace
3.
I have this file since september...
This file is NOT new...
4.
Combine info from 1 and 2...
Btw.: Check out this:
GT-S5250_OpenSource.zip
CAUTION! 5 KB.
Best Regards
oops! i have no idea. i just know samsung releases its files on opensource.samsung.com and while i was browsing i came across it. did not download as my internet is very slow and thought file would be large.
can any mod please delete thread?
Its not your fault...
Few Blogs posted this "news" without unpack this file...
Best Regards
Here examples for Source Code of bada... not downloadable...
http://forum.xda-developers.com/showthread.php?t=1325713
Best Regards
Thread Closed per op request