Related
Hi,
I'm working on my first application for Windows Phone. I got a ZIP file which contains a huge amount of XML files and which has to be
updated through the app. So I declared the 'Build Action' of the file to 'Content'. Now I'm stuck opening the file for reading and extracting
a stream for a specific XML file.
I tried File.OpenRead but Visual Studio Express crashes when trying to debug this.
Do I need to use Application.GetResourceStream? If yes, can someone post a working example with a content ZIP file (not resource).
Can anyone help me?
Thank you,
toolsche
Try http://senssoft.com/ZipTest.zip
I've created that example project for Freda's developer.
Hi,
Unfortunately that doesn't help me.
1) U did set the file as "Resource" => it will not be updateable because it's within the assembly. If I'm wrong, please tell me...
2) U used an external library (SharpZipLib) which I hope it wouldn't be necessary.
1) I've used an embedded file (actually, epub == zip) to simplify the solution. It's just an example. U may copy the resource file to IsolatedStorageFile / download it from web/ whatever you want. I can't teach you how to use Silverlight for WP7 - buy some good book...
2) SharpZipLib IS NECESSARY! Other "zippers" looks like not a 100% compatible with WinZip/linux zippers (see Freda corresponding topic). SharpZipLib did the job very well.
Of course it up to you: what you want to use. But I gave you a 100% working and tested solution.
Hi,
I'm not in doubt that your solution is working and I thank you for your suggestion.
Maybe I'm on the wrong path, but what I think I need is a solution for opening
a zip file that is NOT part of the assembly (which I think it is if you declare it as
embedded resource).
My intention is to load one or more zip files from a server which the application
should be able parse/remove/replace if outdated. I tried to find a solution but had
no luck so far. MSDN has an example but I couldn't get it to work because I don't
know where the zip file should be located:
http://msdn.microsoft.com/en-us/library/cc190632(v=VS.95).aspx
Try to use IsolatedStorageFile and WebClient, something like this:
Code:
IsolatedStorageFile isf = IsolatedStorageFile.GetUserStoreForApplication();
WebClient downloader = new WebClient();
downloader.OpenReadCompleted += delegate(object sender, OpenReadCompletedEventArgs e)
{
if (e.Error == null)
{
using (IsolatedStorageFileStream stream = new IsolatedStorageFileStream("myfile.zip", FileMode.Create, isf))
{
Byte[] buffer = new Byte[e.Result.Length];
e.Result.Read(buffer, 0, buffer.Length);
stream.Write(buffer, 0, buffer.Length);
}
DoSomethingWithZip("myfile.zip");
}
};
downloader.OpenReadAsync(new Uri("http://mysite.com/archive.zip", null));
Thank you for the quick answer. I will try it as soon as possible and post the results.
EDIT: Thanks, it's working as suggested.
Code:
[U][SIZE="5"]new Microsoft.Xna.Framework.Game().Exit();[/SIZE][/U]
To exit app at any place in silverlight.
Add reference to:
> Microsoft.Xna.Framework.Game (.dll)
> Create class named eg Quit that inherits "Game" from XNA framework
Code:
public class Quit : Microsoft.Xna.Framework.Game { }
> Make random silverlight click handler or other that will capture the event
Code:
private void Root_Start_Click(object sender, RoutedEventArgs e)
{
new Quit().Exit();
}
OR
> Anywhere in the code there YOU want it to exit.
Code:
new Quit().Exit();
Explanation (complicated)
The XNA framework is based on a way that will make an infinitive loop where the "Exit();" ends the loop that get the !
Code:
private GameHost host;
! of XNA, the XNA and silverlight share the same base host,
the "taskhost.exe" %1 (args).
Now, to the point, the GameHost (host) includes a !void! that is completely !internal! witch calls the main taskhost, "yep im done, saved everything and you can now kill (shutdown) me (app/silverlight/XNA).
So, shorthanded.
> call
Code:
new Quit().Exit();
OR
> direct baseclass-call
Code:
new Microsoft.Xna.Framework.Game().Exit();
Goods:
-Passes Microsoft Application submission (no p/invoke what so ever)
-No GetMethods()[x].Invoke (CF 3.7 blocked))
-No need to make an "QuitException", submission fails probably.
Tested in emulator & [Europe] Omnia 7, Obi One Kanobie: "may the invokes be with someone else" (no, invokes) =D
If you use a QuitException the app will pass submission. That's the recommended method and my app passed just fine using it.
RustyGrom said:
If you use a QuitException the app will pass submission. That's the recommended method and my app passed just fine using it.
Click to expand...
Click to collapse
Its not recommended (source?), did you thought about Visual Studio 2010 catches all exceptions?, it gets extra anoying.
Rule: Do never burry exceptions and let them go unhandled.
Silverlight apps that use XNA methods and classes (and vice-versa) will fail certifications. It's in the guidelines:
4.2.5 The application must not call any APIs in the Microsoft.Xna.Framework.Game assembly or the Microsoft.Xna.Framework.Graphics assembly when using any methods from the System.Windows.Controls namespace
Click to expand...
Click to collapse
After the discovery of Contable of how to copy ProvXML files in Mango, we decided to make an application which will allow you to make registry edits and ProvXML files on the device.
We continued researching and analysing the provxml behaviour on Samsung Devices. After Snickler came up with a solution of bypassing the GPRS app, I continued investigating using provxml files from outside of the /provxml/ folder, and with some creative string codes I made it work on my device (tested it with reg edits, still need more people to confirm).
We added support for HTC and LG devices, LG is untested so Im not sure if it works, test at your own risk. If it does not work, could somebody explain me how provisioning on LGs works and volunteer as a tester.
HTC is tested but not very thoroughly, some things might (not) work.
If you have lost 3g connection after using: Go to settings --> cellular --> edit apn and fill in your providers apn. Add APN Manually before use.
Please follow these steps:
Phone should be fully unlocked: Devunlocked + MaxApps + Prevent Relock!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This version has limited LG support!! We are still investigating better support for LG devices. Any help is highly appreciated.
New icons/artwork thanks to MarysFetus!
Here some more informations about the updated version:
1. Copy PDF/Move PDF
Make sure you have installed the Adope Reader on your device.
=> With these functions you can copy/move .pdf files to \My Documents\ folder
You will find the copied/moved files in your Office Hub under locations => phone.
This will give you the following new possibilities by long pressing on the file name:
- send the file as email attachment
- upload the file to SkyDrive
- delete the file from Office Hub (\My Documents folder)
2. Copy/Move files from/to IsoStore
1. Download the attached "Ise_GUI_1.1.zip" file
2. Make sure you have the WP SDK 7.1 RC installed on your device, if not install it with the "vm_web2.exe" file from my package
3. Start the Isolated Storage Explorer (Ise_GUI_1.1 file from the package)
4. At the top type in the GUID of the app you want to access the Isolated Storage (e.g.: GUID DiagProvXML app: {566814df-f6b6-4154-8be5-9e65dce907c0})
4a. Press "Get Data" Button
5. Press "Download Data to my computer", create a new folder where the data from your device should be stored and download the data to your desktop
6. Inside the before created folder you will find a "IsolatedStore" folder, browse to this folder and add the files of your choice
7. Press "Upload folder to Isolated Storage", choose the "IsolatedStore" folder where you have added your files and upload them to your device
To add a custom Alert (will overwrite default sounds, so make sure you backup):
1. Make sure you have a ringtone stored in Iso Storage according to the method above (it needs to be in the iso storage root!).
2. Select the option Move (from Iso Storage) or Copy (from Iso Storage)
3. Type the destination path '\Windows\' and the filename should be Alert-XX.wma with XX: 01 - 10
Now you can your own custom alert sound will be available.
We plan to bake in more know registry tweaks and we need your help for this. If you want to have registry tweaks added, please post them in this form so we can directly add them to the app:
Code:
LineOne = "Enable 3G Toggle", LineTwo = "Display 3G Toggle in settings", Path = @"HKLM\Software\Microsoft\Connectivity\CellularCPL", Name = "DehydrateOnPause", Value = "1", DataType = "integer"
Where LineOne is the title, LineTwo is the subtitle both obligatory. All the others are optional. If they are filled in the user will not be able to edit them. If the user has to select a certain value than do this:
Code:
LineOne = "3G Toggle", LineTwo = "Disable or Enable 3G Toggle", Path = @"HKLM\Software\Microsoft\Connectivity\CellularCPL", Name = "DehydrateOnPause", Value = "", DataType = "integer"
Note that value now is empty, this will unlock the value field and the user can add a custom value now (1 to enable, 0 to disable).
A custom key would look like this
Code:
LineOne = "Custom", LineTwo = "Add custom key", Path = @"", Name = "", Value = "", DataType = ""
The user has to fill in all fields now.
So if you would like us to add certain keys, please type them in this form and we can quickly add them.
Thank you for donations:
rbrsddn confirmation number 0BD5899347870703A
BigwaveMx confirmation number 8CP346899B634894S
Marvin_S & Contable & Snickler
Update 0.91:
Added xml to quickly activate internet sharing (currently tested on omnia7 only, might work on other devices)
You can find it in the tab iso storage "Tap and Hold" Internet Sharing, click "execute" to apply.
Wow, sounds great! Will try it if I've got some free time Thanks!
Thanks again for the very good cooperation ! I hope we can extend it step by step...
Best regards, my friend
contable
This progress makes me ecstatic. I was thinking up a way to do the same thing but I was beat to it . Looks like I'm going back to nodo in order to try this out! Thanks!
Hey guys, nice work. Do you have a way of copying files from your Mango device to the desktop? Install Advanced Explorer, then use your app to copy a file to the isolated storage from Advanced Explorer and then use Advanced Explorer to send the file to the desktop. I ask this because I'm interested to analyze some files from a live Mango device.
Thanks,
Heathcliff74
PS. I don't have Mango myself, because I'm still very busy on developing on NoDo.
Heathcliff74 said:
Hey guys, nice work. Do you have a way of copying files from your Mango device to the desktop? Install Advanced Explorer, then use your app to copy a file to the isolated storage from Advanced Explorer and then use Advanced Explorer to send the file to the desktop. I ask this because I'm interested to analyze some files from a live Mango device.
Thanks,
Heathcliff74
PS. I don't have Mango myself, because I'm still very busy on developing on NoDo.
Click to expand...
Click to collapse
In theory yes, we will implement this soon. But it is possible. Indeed the advanced explorer is a great solution to transfer files back and forth.
Marvin_S said:
In theory yes, we will implement this soon. But it is possible. Indeed the advanced explorer is a great solution to transfer files back and forth.
Click to expand...
Click to collapse
Ok. If I would give you a small list of files (probably 3 files), would you be willing to get them from your device and mail them to me?
Thanks very much!
Heathcliff74
Sent from my OMNIA7 using XDA Windows Phone 7 App
Heathcliff74 said:
Hey guys, nice work. Do you have a way of copying files from your Mango device to the desktop? Install Advanced Explorer, then use your app to copy a file to the isolated storage from Advanced Explorer and then use Advanced Explorer to send the file to the desktop. I ask this because I'm interested to analyze some files from a live Mango device.
Thanks,
Heathcliff74
PS. I don't have Mango myself, because I'm still very busy on developing on NoDo.
Click to expand...
Click to collapse
Hi Heathcliff,
I allready found a way to copy files from device to desktop via email. Thanks for advanced Explorer hint. Just PM me the filenames with path and I will send you the Mango files asap.
Best regards
contable
Sent from my OMNIA7 using XDA Windows Phone 7 App
Is there anybody who has samsung specific code (which will still work on Mango) to copy files from the isolated storage to other parts of the phone. I will need this to prevent people from having to downgrade to NoDo first. It will be very helpfull, I know about semi-functional file explorers with samsung dlls which still work on Mango, but can we copy files with these dlls?
Marvin_S said:
Is there anybody who has samsung specific code (which will still work on Mango) to copy files from the isolated storage to other parts of the phone. I will need this to prevent people from having to downgrade to NoDo first. It will be very helpfull, I know about semi-functional file explorers with samsung dlls which still work on Mango, but can we copy files with these dlls?
Click to expand...
Click to collapse
As far as I know that is not possible.
Sent from my OMNIA7 using XDA Windows Phone 7 App
Heathcliff74 said:
As far as I know that is not possible.
Sent from my OMNIA7 using XDA Windows Phone 7 App
Click to expand...
Click to collapse
Oke, thats a bummer, but not a big problem.
Im working on the implementation of copy/delete now. Ill add copy to/from Advanced Explorer. Do you know the path to the files in advanced explorer? This will save me some time, since i have no file browse tools here.
Marvin_S said:
Oke, thats a bummer, but not a big problem.
Im working on the implementation of copy/delete now. Ill add copy to/from Advanced Explorer. Do you know the path to the files in advanced explorer? This will save me some time, since i have no file browse tools here.
Click to expand...
Click to collapse
This is the Isolated Storage folder of Advanced Explorer:
\Applications\Data\dea9333a-e91c-44ed-bb1f-2400cd9e824e\Data\IsolatedStore
My feedback of béta... OK, not problem to active registry tweak
I'll waiting for file explorer exploit with your magic app
Best thankx
poloche said:
My feedback of béta... OK, not problem to active registry tweak
I'll waiting for file explorer exploit with your magic app
Best thankx
Click to expand...
Click to collapse
Atm a file explorer extension isn´t possible, only File Operations can be added,
this means copy, move, rename and delete also MakeDir and RemoveDir.
The provxml capatilities are limited to that => see post #1 in my thread.
contable said:
Atm a file explorer extension isn´t possible, only File Operations can be added,
this means copy, move, rename and delete also MakeDir and RemoveDir.
The provxml capatilities are limited to that => see post #1 in my thread.
Click to expand...
Click to collapse
Yes of course...I said File explorer exploit.... but there is FileOperation with xml and app, not an app as wp7 root tools I know that it's not possible with Mango and restricitions
Kiss friends, good luck and good work !
EDIT : I can't replace these values keys -->
[HKLM\ControlPanel\Themes\1\ContrastColor]
[HKLM\ControlPanel\Themes\1\ListPickerBackgroundPressed]
[HKLM\ControlPanel\Themes\1\TextNeutralColor]
Actually, i have #FFFF6600 in value key and i want to restore #FFFFFFFF
But, with your apps and after activation of .xml, not change in my theme Dark (1) !
After, i have create my .xml manually with my pc and up in provxml dir.
Code:
<wap-provisioningdoc>
<!-- *** COMMENTO *** -->
<characteristic type="Registry">
<characteristic type="HKLM\ControlPanel\Themes\1">
<parm name="ContrastColor" value="#FFFFFFFF" datatype="string" />
<parm name="ListPickerBackgroundPressed" value="#FFFFFFFF" datatype="string" />
<parm name="TextNeutralColor" value="#FFFFFFFF" datatype="string" />
</characteristic>
</characteristic>
</wap-provisioningdoc>
... but not change after activation... my key are #FFFF6600 ! Why ?? These keys are protected ??
Oke Im making some good progress.
The main structure for the file operations has been implemented. Im working on the details now and contable is testing it.
Hopefully tomorrow we will have a working app with file operations.
link removed
is a preview. It can contain bugs and not everything works. but you can view it to get an idea.
Ill work on storing the variables so it will keep you where you have were when you resme the app.
you can use this "http://forum.xda-developers.com/showthread.php?t=1223619"
app to backup/restore your own app , so if you point your app to also look at the location where your own SIDELOADED app is lokated then you can copy es mutch .provxml files or .exe or .dll's as you want
just make a provxml that copy/past files .
I use that app to copy my provxml files on a htc and use touchexplorer to copy them on mango , but that isn't working on samsung , you would need a .provxml to do the copying , but that is easy to make
Problem ?
Hi Marvin_S ,
I have tested the file operation in your apps... i can't delete this file "customxml9.xml" in "provxml" dir !
I have selected : DELETE FILE
source : \provxml\
source file : customxml9.xml
- Add opp
- in provxml, i click on Publish
- I go to diagnosis and active UpdateDiagProXML.xml and close gprs
- I re-go in gprs and active DiagProXML.xml and close
- I re-go in gprs and ... my customxml9.xml is not deleted !
I'm neewbi or it's a bug ? lol
poloche said:
Yes of course...I said File explorer exploit.... but there is FileOperation with xml and app, not an app as wp7 root tools I know that it's not possible with Mango and restricitions
Kiss friends, good luck and good work !
EDIT : I can't replace these values keys -->
[HKLM\ControlPanel\Themes\1\ContrastColor]
[HKLM\ControlPanel\Themes\1\ListPickerBackgroundPressed]
[HKLM\ControlPanel\Themes\1\TextNeutralColor]
Actually, i have #FFFF6600 in value key and i want to restore #FFFFFFFF
But, with your apps and after activation of .xml, not change in my theme Dark (1) !
After, i have create my .xml manually with my pc and up in provxml dir.
Code:
<wap-provisioningdoc>
<!-- *** COMMENTO *** -->
<characteristic type="Registry">
<characteristic type="HKLM\ControlPanel\Themes\1">
<parm name="ContrastColor" value="#FFFFFFFF" datatype="string" />
<parm name="ListPickerBackgroundPressed" value="#FFFFFFFF" datatype="string" />
<parm name="TextNeutralColor" value="#FFFFFFFF" datatype="string" />
</characteristic>
</characteristic>
</wap-provisioningdoc>
... but not change after activation... my key are #FFFF6600 ! Why ?? These keys are protected ??
Click to expand...
Click to collapse
this is untested code. Dont mess with it until we say its ready, there are bugs in it. I just uploaded that version to see what we are working on. The xap on the first page is tested and works.
If you need help desiging a custom provxml you have to ask it elsewhere, i dont understand what you want to do as i have not looked into these regedits yet, i just copied them so its possible it does not work.
If you did find the correct keys to edit it, please let me know and ill change it in the app.
poloche said:
Hi Marvin_S ,
I have tested the file operation in your apps... i can't delete this file "customxml9.xml" in "provxml" dir !
I have selected : DELETE FILE
source : \provxml\
source file : customxml9.xml
- Add opp
- in provxml, i click on Publish
- I go to diagnosis and active UpdateDiagProXML.xml and close gprs
- I re-go in gprs and active DiagProXML.xml and close
- I re-go in gprs and ... my customxml9.xml is not deleted !
I'm neewbi or it's a bug ? lol
Click to expand...
Click to collapse
These features are not implemented.
And I advise you to leave the testing alone of the files on dropbox, since they were just for a visual impression, they are not yet implemented and contain bugs which can harm your device. When we tested it enough, ill post it here again.
As we know, MS prohibits using most of standard Win32 API in Windows Store applications. Obviously there are lots of ways to overcome this limit and to call any API you like, if you are not going to publish your app on Windows Store. And here is one of them.
Idea is really simple and rather old (lots of viruses use it): search for kernel32.dll base in memory, then parse its exports for LoadLibraryA and GetProcAddress, call them - and get profit.
Writing here so this post can be indexed by google.
Partial code:
Code:
void DoThings()
{
char *Tmp=(char*)GetTickCount64;
Tmp=(char*)((~0xFFF)&(DWORD_PTR)Tmp);
while(Tmp)
{
__try
{
if(Tmp[0]=='M' && Tmp[1]=='Z')
break;
} __except(EXCEPTION_EXECUTE_HANDLER)
{
}
Tmp-=0x1000;
}
if(Tmp==0)
return;
LoadLibraryA=(t_LLA*)PeGetProcAddressA(Tmp,"LoadLibraryA");
GetProcAddressA=(t_GPA*)PeGetProcAddressA(Tmp,"GetProcAddress");
CreateProcessA=(t_CPA*)PeGetProcAddressA(Tmp,"CreateProcessA");
HMODULE hUser=LoadLibraryA("user32.dll");
MessageBoxA=(t_MBA*)GetProcAddressA(hUser,"MessageBoxA");
MessageBoxA(0,"A native MessageBox!","Test",MB_OK);
STARTUPINFO si;
memset(&si,0,sizeof(si));
si.cb=sizeof(si);
PROCESS_INFORMATION pi;
CreateProcessA("c:\\Windows\\system32\\cmd.exe",0,0,0,FALSE,0,0,0,&si,&pi);
}
Complete project is attached. It contains sources and compiled appx files for side-loading.
Code compiles fine for x86/x64 and ARM, tested on x86/x64. Can someone test it on ARM? Ability to sideload metro apps is required.
The application should output a MessageBox, then execute cmd.exe.
A note: Windows Store application runs in a sandbox and as a limited account, so most of API returns "access denied". You can check this in a launched CMD - it displays "access denied" even on a "dir" command because normally "modern ui" apps don't have even read access to c:\.
To overcome this - add "all application packages" full control to the directories/objects you like (for example to c:\).
Works perfectly on my Windows 8 x64 Tablet :good:... its not ARM based though ...
Can i use this to run a non-store app?
Here is the catch, I have managed to get the installed (not the installation) file from a kind member here on XDA. But when I paste the folder in:
C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe
The app isnt seen on the metro UI?
Any way to start a scanner of some sorts so that I can see the app in Metro.../?
THanx a ton!
Plz feel free to laugh a little at my noobish question...im stil learning..
Works perfectly on my surface RT!
but type dir in CMD returns "access denied".
There are no code signature checks from the command prompt that you launch.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Code:
#include <iostream>
void main()
{
std::cout << "Hello RT World!\n";
}
Compiled as an exe with info in http://stackoverflow.com/questions/...op-programs-be-built-using-visual-studio-2012
Open properties of your disk c:, go to the security tab and add "ALL APPLICATION PACKAGES" == full control. In this cage "dir" command would work, and your apps would be able to access whole filesystem.
Sorry if it's unrelated, but does RT check signatures for loaded DLLs too? Can one run regedit and change some system CLSID to point to unsigned library, will it be loaded?
Simplestas said:
Sorry if it's unrelated, but does RT check signatures for loaded DLLs too? Can one run regedit and change some system CLSID to point to unsigned library, will it be loaded?
Click to expand...
Click to collapse
Unless the dll is loading with a restricted security policy (such as through a Metro app) it is checked, yes.
Excellent work on the 'App1' technique of starting a cmd prompt from a modern app, and the fact it can run other unsigned cmd line apps.
Note that the cmd prompt still runs in the modern app container and probably has lots of restrictions
And also it only runs when the modern app is running and effectively freezes when the modern app goes into the background and suspends
Don't seem to be able to run win32 gui apps from the cmd prompt it starts -- they start but immediately terminate, presumably because the full win32 stuff cant initialise in a modern app container.
But can tum gui win32 api's, like the create dialog one, from the App1 modern app
Luckily we can also test, investigate and debug this on an intel Windows 8 system (dual monitor is best) when trying to work out what is going on, and then test on ARM after that.
@Simplestas: LoadLibrary is also blocked, I'm afraid. One fo the first things I tried was creating a DLL compatible with the built-in rundll.exe program and using that. It failed to load the third-party library.
@xsoliman3: Don't forget the debugger. You can't run it on the RT device right now, but there are (official) tools for debugging RT apps remotely. That should allow connecting to the child process and seeing what happens as it starts up.
GoodDayToDie said:
@Simplestas: LoadLibrary is also blocked, I'm afraid. One fo the first things I tried was creating a DLL compatible with the built-in rundll.exe program and using that. It failed to load the third-party library.
@xsoliman3: Don't forget the debugger. You can't run it on the RT device right now, but there are (official) tools for debugging RT apps remotely. That should allow connecting to the child process and seeing what happens as it starts up.
Click to expand...
Click to collapse
Great seeing you again!
Anyways, I determined from some work with the VS Remote Debugger that the integrity checks are enforced in ZwCreateUserProcess. But, I bet LoadLibrary has its integrity checks in user-mode, since it normally doesn't access any functions using a call-gate to the kernel on Windows 7, which would mean we can modify it to allow us to load unsigned DLL's.
However, with this vulnerability, I had a different. What about allowing a native application to open, such as Notepad, and before it reaches the entrypoint, remotely injecting a different application to be ran (this would involve some sort of custom LoadLibrary + CreateRemoteThread pair of functions)? With the VS Debugger, you can already attach to any native process in user-mode and modify running code, data, and even the context (e.g. registers and similar data).
That suggestion is possible, and for trivial operations (i.e. replacing some strings in a program, or causing it to take one branch instead of another) people have already done so. Doing a wholesale replacement would be tricky, but should be possible (perhaps aided with WinDBG scripts or similar).
GoodDayToDie said:
Doing a wholesale replacement would be tricky
Click to expand...
Click to collapse
Not so tricky, I've already made a prototype on desktop Win8. Just make an ARM DLL that implements a PE loader using only 2 WinAPI functions - LoadLibrary (used only to get kernel32 handle) and GetProcAddress. Inject that DLL code and data sections via debugger, fixup relocs (you can minimize their amount in your "loader DLL" by not using global variables, placing all code into one file, not using CRT at all, and so on, ARM makes it easy to create position-independent code), and call your injected code via debugger passing it the address of LoadLibrary and GetProcAddress as parameters. Your code than would do what you wish - load and execute an unsigned DLL that you specify.
With this trick you can load EXE files too, as all ARM EXEs contain relocs by default.
But this way is too inconvenient to the end-user, so should be avoided. I really think that MS left enough holes for us to "unlock" unsigned apps on retail WinRT devices.
I'm already thinking on buying an Asus tablet with 3G (instead of waiting for a better device that I wish), so after NY holidays I'll join your game
Ah, that's a much more clever approach than actually trying to load the full program using the debugger itself... if it works. LoadLibrary triggers the same signature check that CreateProcess does (or rather, the system calls that they do will perform that check; if it was user-mode we could bypass it with the debugger). Your method may work, but since the desktop doesn't have the signature check anyhow, prototyping it there doesn't actually mean it will work on RT. Try it out and let us know how it goes, and if it works, posting your source would be awesome!
GoodDayToDie said:
Ah, that's a much more clever approach than actually trying to load the full program using the debugger itself... if it works. LoadLibrary triggers the same signature check that CreateProcess does (or rather, the system calls that they do will perform that check; if it was user-mode we could bypass it with the debugger). Your method may work, but since the desktop doesn't have the signature check anyhow, prototyping it there doesn't actually mean it will work on RT. Try it out and let us know how it goes, and if it works, posting your source would be awesome!
Click to expand...
Click to collapse
He doesn't mean making a prototype and importing from kernel32.dll. He means manually mapping the PE file, then using either CreateRemoteThread or modifying the context of a thread already launched to run it once it's in the memory address of another process. It's basically DLL injection with our own implementation of LoadLibrary. It would work because LoadLibrary doesn't use any system calls except to map memory (and mapping memory doesn't have integrity checks of any sort, and it shouldn't be design -- e.g. VirtualAlloc).
A bigger problem I thought of is automating this. I took a quick peek with Wireshark at my remote debugging session and saw HTTP with what appeared to be a proprietary protocol. In order to automate this from another computer (or any mobile device for that matter), we would need to reverse engineer the protocol. Or, an alternative would be to hook into Visual Studio once the debugging session is launched (maybe just a nice VS plugin would work?).
mamaich said:
Code:
void DoThings()
{
char *Tmp=(char*)GetTickCount64;
Tmp=(char*)((~0xFFF)&(DWORD_PTR)Tmp);
while(Tmp)
{
__try
{
if(Tmp[0]=='M' && Tmp[1]=='Z')
break;
} __except(EXCEPTION_EXECUTE_HANDLER)
{
}
Tmp-=0x1000;
}
if(Tmp==0)
return;
Click to expand...
Click to collapse
I was looking through the provided sample -- wouldn't our own GetModuleHandleA implementation be a better way of doing this? I'm just thinking should the alignment be changed in kernel32.dll it may be better to have something like this:
Code:
522 if (!name)
523 {
524 ret = NtCurrentTeb()->Peb->ImageBaseAddress;
525 }
526 else if (flags & GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS)
527 {
528 void *dummy;
529 if (!(ret = RtlPcToFileHeader( (void *)name, &dummy ))) status = STATUS_DLL_NOT_FOUND;
530 }
Source: http://source.winehq.org/source/dlls/kernel32/module.c#L504
Grabbing the Peb (NtCurrentTeb()->Peb) would involve pulling from the FS register at offset 0x30. Implementing this on ARM could be trickier, as I'm not sure of the inline assembly or availability of intrinsics (not to mention, it would be stored somewhere else than the FS register).
Now, for the PC, it appears __readfsdword is available as an intrinsic, so this *should* work on x86 installations of Windows 8.
mamaich said:
Not so tricky, I've already made a prototype on desktop Win8. Just make an ARM DLL that implements a PE loader using only 2 WinAPI functions - LoadLibrary (used only to get kernel32 handle) and GetProcAddress. Inject that DLL code and data sections via debu
Click to expand...
Click to collapse
I think this approach (of injecting own loader as far as understand) has such problem(even if implemented & automated)
Loaded exe can have own dependant dlls(any complicated-usefull proj has) that it cant load because of signing checks (and even more problems if it uses dynamic loading of own dlls and getprocaddress)
Or do i miss somth in your idea?
Will I be able to read/write to a parallel port using this method? Do the limited store apps have sufficient permissions to do that? Writing to a parallel port requires calling
Code:
hndleLPT = CreateFile("LPT1",(GENERIC_READ | GENERIC_WRITE), 0, 0, OPEN_EXISTING, 0, 0);
. Will this succeed?
Will I be able to successfully load this: http://www.highrez.co.uk/Downloads/InpOut32/default.htm ?
---------- Post added at 03:01 PM ---------- Previous post was at 02:11 PM ----------
This looks like an improved method to get the base address:
http://tedwvc.wordpress.com/2013/07/19/finding-the-kernel32-dll-module-handle-in-a-windows-store-app-using-approved-apis/
You should be able to do that using CreateFile2, which is permitted in Store apps already (no need to use the rest of the Win32 API). As for the permissions, I don't know, but it will probably work.
I mean, assuming your computer *has* an LPT port. I haven't seen one of those in a while...
how about the other way round? can a desktop app have access to the full windows 8 api (including those reserved for win store apps only)?
I made an phonegap app, which is using websql for storing data. Everything works fine, it is on Google Play. The problem is when I update it (from the market) it erases all of the data which is stored in the websql. My question is, how can I solve this problem? How can I solve it, not to erase all of the data, when I update is?
badcoke.com said:
I made an phonegap app, which is using websql for storing data. Everything works fine, it is on Google Play. The problem is when I update it (from the market) it erases all of the data which is stored in the websql. My question is, how can I solve this problem? How can I solve it, not to erase all of the data, when I update is?
Click to expand...
Click to collapse
The data associated with the app should only be deleted when you either uninstall the app or delete it manually (of course). Do you have anything in your code that initialises the database? I assume you create a database & table structure somewhere - are you sure you're not running that again?
Archer said:
The data associated with the app should only be deleted when you either uninstall the app or delete it manually (of course). Do you have anything in your code that initialises the database? I assume you create a database & table structure somewhere - are you sure you're not running that again?
Click to expand...
Click to collapse
I am sure, that that the database is not running again.
Here is my code:
Code:
function databaseFunction () {
var db,
len,
bx,
res = [];
this.open = function(levelDone) {
db = openDatabase('worderDd', '1.0', 'Test DB', 5 * 1024 * 1024);
var msg;
}
this.create = function() {
db.transaction(function (tx) {
tx.executeSql('CREATE TABLE IF NOT EXISTS worderDd (id INTEGER PRIMARY KEY AUTOINCREMENT, level)');
});
}
this.addData = function (levelDone) {
db.transaction(function (tx) {
tx.executeSql('INSERT INTO worderDd (level) VALUES (?)', [levelDone]);
alert('AWWWWWWESOME! LEVEL COMPLETED');
window.location.replace("index.html");
});
}
Unfortunately the stored data is missing from this section of the code when update it through the market