Develop Bugs

[UPDATE 18.12.10] Shared Homebrew projects

let me start a thread where you all can drop your shared homebrew app's.
For homebrew app's we first need to unlock:
iridium21 said:
As people may know, Chevron have removed their unlocker download for WP7 so I thought I'd archive it and make it available for everyone here still:
http://www.megaupload.com/?d=Q1T7WQMK
EDIT: Thanks to Cendaryn we also have the required security certificate - the easiest way (thanks to Talys) to install the cert and unlock your WP7 is to do as follows:
1. Unzip file, and attach chevronwp7.cer (see below for file) to an e-mail to yourself
2. Open email in WP7
3. Tap attachment once, turns it into a shield, tap it again, goes to install certificate screen with white letters on black screen
4. Click install at the bottom
5. Make sure registry is modified:
Code:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsPhone\ProxyPorts]“DeviceReg”=dword:000069C5
I think the WP7 developer tools from MS does this, but you can add it in manually (it's a 32bit DWORD)
6. Plug in phone and leave Zune running
7. Run chevronwp7.exe, click both checkboxes
8. Click unlock
Excellent video tutorial here thanks to Jaxbot
[Edit 8th Dec 2010]
Worried that Microsoft has relocked your phone? They haven't, look here
Hope this helps someone.
Click to expand...
Click to collapse
Or unlock using a modded version by hounsell .
hounsell said:
Been able to remove the sideload limit, I was able to install 11 apps by my count, though I'd appreciate a third-party confirmation to be honest.
http://thounsell.co.uk/2010/12/chevronwp7-now-without-the-sideload-limit/
Click to expand...
Click to collapse
After unlocking we want some custom ringtones ofcourse:
ShadowLegion said:
I didnt see a thread so i just thought i would let people who did already know that ChevronWP7 released their Custom Ringtone Manager Today
you can Find It Here http://www.chevronwp7.com/
download: http://walshie.me/ChevronWP7.RingtoneInstaller.zip
Source code:http://blog.walshie.me/2010/12/source-code-to-the-chevronwp7-ringtone-editor/
Click to expand...
Click to collapse
Lets look at the file system:
hounsell said:
FileBrowser
Source
Still very basic, not the most stable either, but at least you can browse the Windows folder, and read text files.
I'll probably put more effort in once I've got further with my SevenIRC App.
Click to expand...
Click to collapse
We need a .reg viewer to:
(nico) said:
I've managed to create a basic Registry Viewer, readonly for the moment.
For now, I didn't manage to get access to root path, so the first 2 levels are hardcoded.
Download it here: (link removed, see below)
Edit:
Updated version here: http://bit.ly/ed1Sz1
and a direct link:http://www.xda-developers.ch/download/?a=d&i=4227279264
Click to expand...
Click to collapse
And to get this all on the phone a nice way:
tom_codon said:
Hi all !
For all devices unlocked with ChevronWP7 Unlocker , we're can easy install custom ringtones or applications .XAP format via Application Deployment , but everytimes need open start menu --> Application Deployment then browser .xap to tool for install take too much times and almost make some in us crazy
That why i decided to write Tom XAP installer , basicly Tom XAP installer and Application Deployment are the same ( Alow install custom .xap to device and emulator windows phone 7 ) But Tom XAP installer a lot convenience , it's alow you install .xap with double click to file or simple just right click --> install xap
How to :
Download exe and put it somewhere in PC, run it , it will automatic add registry path of application and add menu , icon to .XAP files
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Then just close it and now double click to custom ringtones , or any .xap format files , the Tom XAP installer will automatic open and give you some details ( App name , Version , Author , Size , Description of XAP ) then select where you will install xap ( device or emulator )
Press Install and wait it finish.
Notices :
1. Tom XAP installer Requires .NET 4.0 Framework and Windows Phone 7 SDK
2. If you install xap to device
- Please make sure your device was unlocked with ChevronWP7 Unlocker ( Here is guide how to unlock )
- Make sure your device was connected with PC and Zune lauched
- Make sure your device not in sleep mode
3. If you move Tom XAP installer.exe to other location in PC , you should run it again one time for registry again location of application
4. If you don't like this software , just run Tom XAP installer.exe and uncheck " Enable Tom XAP installer" it will uninstall all registry of Tom XAP installer in your PC
Download: http://forum.xda-developers.com/attachment.php?attachmentid=456249&d=1291493842
Cheers !
Tom
Click to expand...
Click to collapse
Man I need a webserver on my phone.
davux said:
I've extended jmorrill's code to include the Winsock functions to listen. The example proves that one may listen on port 80.
One problem with this library right now is that it is IPv4 only. I tried to make things generic but that was quite hard, I'm also really not very familiar with native Winsock anyway.
dl.dropbox.com/u/12359/PhoneNetworkingSample_with_listen.zip
[edit] and here's a really simple (and really hacked together - you've been warned) webserver!
dl.dropbox.com/u/12359/wp7_webserver.zip
The code is definitely *preview quality* - I pulled it together just now because I don't think I'll be able to work on this for a few days, so it'd be a starting point but I'm sure it's buggy.
Click to expand...
Click to collapse
davux said:
I've enhanced my Webserver sample to support reading from the device (where allowed), as well as reading/writing IsolatedStorage
//dl.dropbox.com/u/12359/WP7Homebrew_Webserver.zip
The XAP is located in the Webserver project.
I am not finished, there are several issues:
- I have not implemented support for getting the local endpoint, so you need to know your phones IP address
- There is a bug somewhere that causes a problem when uploading larger files.
- There is no UI
- No authentication!
To access the webserver, open the app on your phone (it will disable the idle timer and run behind the lock screen)
//phone_ip/IsolatedStorage
//phone_ip/Windows
IsolatedStorage is a special case (virtual directory that uses the SDK IsolatedStore APIs), the filesystem is mounted at the root of the webserver. Note that if you navigate to //phone_ip/, you will not see anything, as we are not able to list the contents of the root directory.
I am working to create a real socket library that mimics System.Net/.Sockets, and System.IO for file access. TcpClient and TcpListener are in a mostly functional state already.
I'll add in registry and other capabilities once those two components are stable.
Most of the code came from jmorrill.
Click to expand...
Click to collapse

I'm thinking we could do with somewhere to place an open-source collection of homebrew apps.
Also, with the Chevron WP7 unlocker, you might want to include the version with the sideload limit removed

hounsell said:
I'm thinking we could do with somewhere to place an open-source collection of homebrew apps.
Also, with the Chevron WP7 unlocker, you might want to include the version with the sideload limit removed
Click to expand...
Click to collapse
good idea do you have some ideas
can you gif me the link of the unlocker you modded ?

The regviewer zip file contained projects not possible to open in VS2008 or VS2010. Could you check this?

ajhvdb said:
The regviewer zip file contained projects not possible to open in VS2008 or VS2010. Could you check this?
Click to expand...
Click to collapse
I will ask the maker of the regviewer.

What to you mean by not possible ?
The source contains multiple project:
- COM: Visual Studio 2008 C++ project using Windows Mobile 6 SDK
- Native : Visual Studio 2010 Solution containing the .Net / COM interface
- Registry Viewer: Visual studio 2010 Project containing the registry viewer app and also referencing Native project.
Everything works on my machine. You may need to fixe path to make it works on yours.

(nico) said:
What to you mean by not possible ?
The source contains multiple project:
- COM: Visual Studio 2008 C++ project using Windows Mobile 6 SDK
- Native : Visual Studio 2010 Solution containing the .Net / COM interface
- Registry Viewer: Visual studio 2010 Project containing the registry viewer app and also referencing Native project.
Everything works on my machine. You may need to fixe path to make it works on yours.
Click to expand...
Click to collapse
Sorry, most of the time when i rebuild a project all files are relative to the project, the references are not of course and i need to set the correct path. Could you give me a hint?
I download the 002 file. In this there is a native.zip. I unzipped it and got 2 folders:
1. COM
Renamed it to COM2008 and opened this in VS2008, did a rebuild. below is the output.
1>Compiling resources...
1>Microsoft (R) Windows (R) Resource Compiler Version 6.1.6723.1
1>Copyright (C) Microsoft Corporation. All rights reserved.
1>Linking...
1> Creating library Windows Mobile 6 Professional SDK (ARMV4I)\Release/Native.lib and object Windows Mobile 6 Professional SDK (ARMV4I)\Release/Native.exp
1>Performing Post-Build Event...
1> 1 file(s) copied.
1>The system cannot find the path specified.
1> 0 file(s) copied.
1>The system cannot find the path specified.
1> 0 file(s) copied.
1>The system cannot find the path specified.
1> 0 file(s) copied.
1>Project : error PRJ0019: A tool returned an error code from "Performing Post-Build Event..."
1>Build log was saved at "file://e:\_PROJECT\WP7\_Source\_Homebrew\RegistryViewer002\Native\Native\COM2008\Native\Windows Mobile 6 Professional SDK (ARMV4I)\Release\BuildLog.htm"
1>Native - 1 error(s), 0 warning(s)
Im not sure where to find this "path".
2. Nativelibrary

In the post build event of the COM project, I copy the output file to several projects of mine. Just remove post build events and copy the file manually to your own project.

(nico) said:
In the post build event of the COM project, I copy the output file to several projects of mine. Just remove post build events and copy the file manually to your own project.
Click to expand...
Click to collapse
Yup, it's working now.
In the registry viewer I only needed to change the project folder to the nativelibrary.

ceesheim, thanks..excellent

Updated the first post with a newer/better webserver

[RELEASE] Phone7Market for Windows PC v2.0 Alpha B2: finally Mango full support!

Phone7Market (previously Windows Phone 7 Marketplace) for Windows PC is an application suite. There is one application to search the Marketplace application catalog, other can download the xap packages and the last one can deploy any application to a WP7 device or emulator. Intended only for testing free apps and your own apps.
** Version 1.7 or older: To allow Mango applications in this app, read: http://forum.xda-developers.com/showpost.php?p=17427269&postcount=261
** Version 1.2 or newer: now display only fully free applications (not trials/paid/device branded apps) following the xda anti-piracy policy **
Features/updates:
Please see http://ried.cl/mobile/wp7desktopmarketplace.html for the changelog, also there is a quick video showing how to use the program here: http://www.screencast.com/t/9PkvJL50b
Requirements:
Windows Phone 7 device (unlocked) or emulator
Windows PC with Microsoft .NET Framework 4
It should require the Windows Phone SDK because the dependency of Microsoft.Smartdevice.Connectivity.dll assembly
Screenshot:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Download:
Setup program now available!:
Phone7Market v2.0 Alpha (setup)
The deployer application supports different commandline options (for batch operations for example):
Code:
wp7-deploy.exe path\to\xap\file.xap -destination[modifiers]
destination (required): is just one letter d=device, e=emulator
modifiers: up to 3 letters s=replace assemblies signatures, r=remove DRM, l=autolaunch
Example:
rem This deploys test.xap to the emulator and autolaunches the application
wp7-deploy.exe test.xap -el
rem This deploys mytest2.xap to the device replacing the signatures with your own certificate and removing the drm description file
wp7-deploy.exe c:\mytest2.xap -dsr
More info:
http://servicios.ried.cl/
Suggestions and todo:
Support for Mango 7.1 SDK! really soon (preview2?) Ready!! in the Alpha B2, search and deploy working now
Automatic updater Next priority... still
Smartpatcher functionality (to allow any "cracker" to make patches, for example to allow lg apps in other devices, etc) In progress...
Details panel (in search results)
Multi downloads/deploys?
Note:
Files attached in this post are just for backup. The most recent version will appear first in the link listed above. Please use attached files only for testing purposes.
Do not download the ATTACHED FILES if you want the latest release.

Thanks ! Now I can check the apps in the market place before I get my VZW WP7...

Does not deploy app. Tested on one of my developed applications.

microhaxo said:
Does not deploy app. Tested on one of my developed applications.
Click to expand...
Click to collapse
Any error message? Can I have you file to test it?

Says the file you tried to deploy is already installed retry?
BandWidth is the app - free in marketplace (i made sure to uninstall it on phone before deploy)

microhaxo said:
Says the file you tried to deploy is already installed retry?
BandWidth is the app - free in marketplace (i made sure to uninstall it on phone before deploy)
Click to expand...
Click to collapse
Works perfectly to me, look: http://screencast.com/t/v9yVuSiLU ... mmm that message can be a mistake, it the deployment hangs between the execution and the unninstallation it might show that message, so it can be a problem with the execution.
I don't know if for a unlocked physical device you must send the new certify by mail and install it in your phone.

Hmm, yea the video show's it working. Might have to do with my phone being a dev unlock device?
I'll try it again tomorrow.

microhaxo said:
Hmm, yea the video show's it working. Might have to do with my phone being a dev unlock device?
I'll try it again tomorrow.
Click to expand...
Click to collapse
But can you deploy your app to the emulator?

Working on Emulator
I tested it on Emulator and its working for me.

Check this out: http://www.youtube.com/user/vbguy2011
Seems to do something similar

do not work for me!
I want install in my device but got error, my phone is unlocked and zune lunched!

Thanks!
But this doesn't seem to find everything. E.g. the manufactor specific apps like LG's voice-to-text. Or also some normal stuff like "Mehr Gehirnjoggen"

all in one application, works perfectly for me! thanks!

sIiiS said:
do not work for me!
I want install in my device but got error, my phone is unlocked and zune lunched!
Click to expand...
Click to collapse
Did you receive an error description?
Hades32 said:
Thanks!
But this doesn't seem to find everything. E.g. the manufactor specific apps like LG's voice-to-text. Or also some normal stuff like "Mehr Gehirnjoggen"
Click to expand...
Click to collapse
Sorry but now its limited to fully free apps (xda piracy policy). So it does not work for brand exclusive apps, trials or paid apps.

Please add device branded apps, trying samsung apps on htc phone is not piracy

Great! Works without a problem. Make sure to check all checkboxes when deploying. Will use this until I can microsoft for my activation tomorrow morning

tbk21 said:
Please add device branded apps, trying samsung apps on htc phone is not piracy
Click to expand...
Click to collapse
Sorry but I will keep just the generic fully free apps for now. I am not sure about what you said, if is legal or not.

working perfect in emulator and the device.
thanks for the application.

i am getting error, on emulator is fine, but on device i am getting:
error deploying to the device. it seems to be a licensing problem with application
any help?
thx
SOLVED - something was messed up with certificate

Spirit81 said:
i am getting error, on emulator is fine, but on device i am getting:
error deploying to the device. it seems to be a licensing problem with application
any help?
thx
SOLVED - something was messed up with certificate
Click to expand...
Click to collapse
same problem
Can u tell me how did u fixed that please?

[UPDATED-06-APR-2011] New XAP installer, in-place app update, no dev tool and more...

Please download XAPDeployX-V0.9.zip, it is the latest and greatest version
If you have any of the 0x89xxxx errors, please download the attached "vs_sdeprolightup-enu.zip" file and run it.
Hi,
attached you'll find a new XAP installer which has quite a few unique selling points.
- In-place update on the phone: In-place update on the phone, e.g. if you already have Version 1.0.0.0 of an app installed on the phone and install 1.0.2.0 an in-place update will performed. No more full "uninstall-new install" cycle required. Your settings, custom files etc. won't be removed (same as marketplace update)
- CoreCon2 based, e.g. Phone Dev Tools are no longer required for application deployment!
- Deploy from file or URL: You can either specify a file or an URL. If you enter an URL the installer will automatically download the xap.
- Own protocol "wphome": Zune's one-click download for homebrew apps. Automatically install homebrew XAPs with a click on a hyperlink. If you want, you can register the application for the wphome protocol. The application will then be allowed to handle urls like wphome:www.test.com/test.xap and will automatically start as soon as you click on such a link.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
To be able to use "wphome" hyperlinks, you have to click on "Register protocol..." once.
wphome Testlink: wphome:http://www.nextbestgeek.com/wp-content/uploads/2011/03/helloworld.xap (for testing after you've installed the tool and registered it for the protocol)
After you've opened a XAP file, details will be shown in the top bar.
This is the first step in my plan to provide a homebrew marketplace.
Updated V0.6 - 1-APR-2011
+ Full Log
+ Multiple tweaks, bugfixes
Updated V0.7 - 2-APR-2011
+ CoreCon2 based, e.g. Phone Dev Tools are no longer required for application deployment! [*]
+ Drag'n'Drop support. Just drag and drop any xap from explorer to the tool.
[*] You need a working CoreCon2 installation. If CoreCon2 is not installed on your pc (normally only installed with the Phone Dev Tool) the tool will detect it and download a small installer.
Updated V0.8 - 2-APR-2011
+ Fixed "No addional data: Could not extract XAP file" Bug
+ XAP-Information is show much faster now
+ CoreCon2 Installer now online. You won't need the full Phone Dev Tools for this XAP Deployer
Updated V0.9 - 6-APR-2011
+ Selected Target will now be automatically saved
+ Deploy-Menu for XAP files. Registers a file handler for *.xap and provides a "Deploy" menu entry in file's context menu.
General Prerequisits
- Phone has to be unlocked (either dev, chevron or any other method)
- Zune has to be running and has to be connected to the phone
- Windows Vista or Windows 7, according to users: Windows XP
Regards,
-k

nice
+1 for this step into homebrew marketplace creating ;D
edit: some xaps show info, others dont show info and just say "done" when trying to deploy.

awsome job.
+1 as well

@diboze: Can you provide a xap which doesn't show info? (XNA Apps might not show an image but name, description, version & author should always be shown)
"Done" means -> Deployment finished
The app does currently not check if the Max Apps limit is reached. Therefore done means either "deployment finished" or "could not deploy because max apps is reached".
UPDATE V06 - 1-APR-2011:
- There is no "Done" anymore. You have a full-fledged activity log now.
- Max App error is now reported in log
-k

Thanks for your time.. hopefully this develops further. Your most recent was done on April 1, 2011 right? and not 2010..

Awesome stuff man!

I'm going to assume that in order to successfully deploy, you still need the Windows Phone Dev Tools installed, right?
Otherwise, it's a really great looking and convenient app. I look forward to more updates.

Fantastic... thanks, gonna try it

It shows "Done" but there's no App installed

clicheboy said:
It shows "Done" but there's no App installed
Click to expand...
Click to collapse
Can you send me the log (as seen in the third screen shot) or copy&paste it here?
-k

ChevronWP7 unlocker doesn't work on NoDo. In order for this to be useful beyond a niche number of users, there needs to be a way to easily unlock the phonse so that XAPs can be deployed.
I see no mention of that in the OP.
Why list a good app on that for free (if it's not free it will get pirated with the XAP being there for everyone) when you can just list it on Zune Market place for 99 cents and make some money. For responsible adults the fee to join the developer program isn't that bad.

V0.7 will only require CoreCon installed
Hi,
prjkthack said:
I'm going to assume that in order to successfully deploy, you still need the Windows Phone Dev Tools installed, right?
Click to expand...
Click to collapse
Glad you've asked. Version V0.7 will no longer use the SmartDevice.ConnectivityDll but will talk to CoreCon (ConMan2) direct. This way you'll only need a ~4MB download to deploy successfully and won't have to download the Dev Tools package.
-k

it says "No addional data: Could not extract XAP file".

linkju said:
it says "No addional data: Could not extract XAP file".
Click to expand...
Click to collapse
same problem here

kirimaru89 said:
same problem here
Click to expand...
Click to collapse
+1
,,,,,,,,,,,,,,,,

linkju said:
it says "No addional data: Could not extract XAP file".
Click to expand...
Click to collapse
Yes, looks like there are some XAPs around which have a different ZIP-Header value. Besides not showing the name, image & description this message shouldn't have influence to the deployment capabilities.
BUT: I've replaced the ZIP stack and now any XAP-file can be read. The reading is even a lot faster.
Therefore: FIXED
In addition:
CoreCon2 installer is also online -> if you don't have the Phone Dev Tools already installed you won't have to just for XAP deployment. XAPDeployX installs a minimal set of required files (< 1MB) on its own.
-k

Fable: Coin Golf error
I get the Following:
Deployment started Fable: Coin Golf
Connecting to device... success
Application Fable: Coin Golf not yet installed. Full-install cycle.
Deployment FAILED with the following ERROR:
Installation of the application failed. XAP package signature is not valid or the WP manifest file is invalid. Re-sign with valid signature and fix the manifest file.
_______________________________________________________________
Any ideas? How to fix that.

xdamir said:
Installation of the application failed. XAP package signature is not valid or the WP manifest file is invalid. Re-sign with valid signature and fix the manifest file.
_______________________________________________________________
Any ideas? How to fix that.
Click to expand...
Click to collapse
Based on the error message, you've tried to deploy a non-homebrew xap, e.g. a xap file downloaded from zune marketplace. These files are digitally signed and cannot be deployed as the tool does not remove any security measures.
-k

I have the following error. Some info wold be appreciated
Deployment started TouchXplorer
Connecting to device...
Deployment FAILED with the following ERROR:
0x89721508

wick3d00 said:
I have the following error. Some info wold be appreciated
Deployment started TouchXplorer
Connecting to device...
Deployment FAILED with the following ERROR:
0x89721508
Click to expand...
Click to collapse
Have the same problem with test XAP

[XAP] Native Debugger for WP7 (Requires full unlock)

Title says it all - it is a debugger for native apps.
How to use it?
Prerequisites:
You should have VS2008 and Windows Mobile 6 Pro SDK installed.
If you also have VS2010 + WP7SDK, most likely you won't be able to use debugger in VS2008. To fix this issue copy attached edm2.exe to C:\Program Files (x86)\Microsoft Visual Studio 10.0\SmartDevices\Debugger\target\wce400\armv4i (probably without x86 postfix in Program Files path)
(Just to note - this edm2.exe isn't "special for ce7". It works on WM6 device too)
You should have full unlock on your phone (not dev unlock! not interop unlock!)
What's then?
Sideload NativeDebugger.xap to phone
Run it, wait until ip list appears.
In VS2008: Tools->Options. Then change ip to 127.0.0.1. Screenshot:
Enjoy.
Limitations
You have to run xap after every soft reset
If you create UI, debugger "forgets" to detect app closing. However, breakpoints still work and debug log is still being received.
What else can this xap do?
Native debugging, as it was already mentioned
You can use almost all CE Remote Tools.
Limitations: CERemoteSpy can't setup a window hook (thanks MS for abandoning slot-based virtual memory system)
Process Viewer can't get list of processes
Screenshots:
P.S. If you want to compile native exe, don't forget to generate new coredll.lib

nice work, ultrashot

good work buddy

I'm a little confused here, what's the difference between 'full unlock' and 'interop unlock'

Briefcase said:
I'm a little confused here, what's the difference between 'full unlock' and 'interop unlock'
Click to expand...
Click to collapse
Read

Great!
Now can say bye-bye to a log file of debug!

ultrashot said:
Read
Click to expand...
Click to collapse
So basically it requires a custom ROM (read: HTC Only)?

ZeBond said:
So basically it requires a custom ROM (read: HTC Only)?
Click to expand...
Click to collapse
for now - yes.

The best app here. I am going to search old SDKs.

Hey @ultrashot, nice work man! Any chance you can see whether this can be used with the HtcRoot project (see my sig)? It would help a ton to be able to do debugging, both for improving HtcRoot and developing apps based on it, but I'm still using a stock ROM (and want to make HtcRoot usable for stock ROMs).
I'm not sure why the debugger doesn't work normally, but if it's some kind of permissions issue than HtcRoot should work around that quite well. It does require a working HtcUtility.dll driver, which not all custom ROMs have, by the way.

After hour of trying - I started Zune synchronisation and after it - "Connectin success".
Zoom in - OK.
Remote Spy - OK.
Remote Registry Editor - OK!!! (I will have 1/10 of work sometime)
Remote Heap Walker - OK.
Remote File Viewer - OK and very quick.
Remote Process Viewer - Nothing.
Thanks very much. I must repair process viewer and to learn debugging techniques on WM. M.

Martin7Pro said:
I must repair process viewer and to learn debugging techniques on WM.
Click to expand...
Click to collapse
It isn't supposed to work. I haven't tried to investigate why ms transport exe doesn't work.
GoodDayToDie said:
Hey @ultrashot, nice work man! Any chance you can see whether this can be used with the HtcRoot project (see my sig)? It would help a ton to be able to do debugging, both for improving HtcRoot and developing apps based on it, but I'm still using a stock ROM (and want to make HtcRoot usable for stock ROMs).
I'm not sure why the debugger doesn't work normally, but if it's some kind of permissions issue than HtcRoot should work around that quite well. It does require a working HtcUtility.dll driver, which not all custom ROMs have, by the way.
Click to expand...
Click to collapse
Hi. What's required:
1) ability to put files to \Windows\.
2) ability to load unsigned native code (because cmccdll.dll is a self-made coredll.dll wrapper; other files are signed by ms). That could be problematic even with tcb permissions
3) probably some policies should be changed.

1) Full read/write access to the whole filesystem - not a problem.
2) Developer-unlocked devices are allowed to do this, at least for DLLs. If they weren't, none of our native homebrew code would function (it's all unsigned). Not sure about EXEs though.
3) I think I can do this with the permissions I have - Heathcliff74 has mentioned mdifying the policies on his phone during WP7 Root Tools development - but I'd need to know which ones and what modifications are needed.

Hi guys. I want to discover my HTC7Pro hardware keyboard low level management to be able to customize any applications (my prepared filemanager etc.) to keyboard-only management, use smile key as ctrl etc. But, I could not use debugger correctly. Do you know, how I can see call stack and how can I step running processes? I can pause them, but I see everytime this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks, M.

GoodDayToDie said:
1) Full read/write access to the whole filesystem - not a problem.
2) Developer-unlocked devices are allowed to do this, at least for DLLs. If they weren't, none of our native homebrew code would function (it's all unsigned). Not sure about EXEs though.
3) I think I can do this with the permissions I have - Heathcliff74 has mentioned mdifying the policies on his phone during WP7 Root Tools development - but I'd need to know which ones and what modifications are needed.
Click to expand...
Click to collapse
2) yes, but it can be different for fully native exes (haven't checked further though).
3) the minimum required policies should be like those for built-in edm3.exe, ConManClient3.exe. The only difference is (again) absence of valid digital sign and it may prevent lvmod's authorization.
//Wondering if lvmod can be replaced (better to say, shadowed) without reflashing.
Martin7Pro said:
Hi guys. I want to discover my HTC7Pro hardware keyboard low level management to be able to customize any applications (my prepared filemanager etc.) to keyboard-only management, use smile key as ctrl etc. But, I could not use debugger correctly. Do you know, how I can see call stack and how can I step running processes? I can pause them, but I see everytime this:
Thanks, M.
Click to expand...
Click to collapse
I would rather say it isn't a good task for VS2008. It is meant to debug your libs/exes, not someone else's.
IDA always rocks but its wce debugger is currently not working, thanks to absent activesync connection.

ultrashot said:
I would rather say it isn't a good task for VS2008. It is meant to debug your libs/exes, not someone else's.
IDA always rocks but its wce debugger is currently not working, thanks to absent activesync connection.
Click to expand...
Click to collapse
Thanks for answer. Then I want to try debug my own applications. I foung your older post http://forum.xda-developers.com/showthread.php?t=1336137, which enables debugger using on custom ROMs, it is working good for me in WS 2010 Express. Then question: May I have opened VS 2010 Express with managed part + VS 2008 Professional with unmanaged part of any hybrid application to be able to debug it? How can I do it, when it is one application and process attaching does not work? Or those will two different process in one application, runnable independent? Or is possible to use VS 2008 for WP7 C# debugging? I am apologioze for probably basic questions. I am experienced C programmer, but totally new in mobile programming. M.

May I have opened VS 2010 Express with managed part + VS 2008 Professional with unmanaged part of any hybrid application to be able to debug it?
Click to expand...
Click to collapse
no, only managed part could be debugged (though, you can test your native library via native exe, but that's another story)
process attaching does not work
Click to expand...
Click to collapse
It was never working even in WM
Or those will two different process in one application, runnable independent?
Click to expand...
Click to collapse
both native and managed code run in the same taskhost context.
Or is possible to use VS 2008 for WP7 C# debugging?
Click to expand...
Click to collapse
no.

Thanks. I must learn more. If I understand, I can debug Silverlight, XNA and managed part of hybrid applications only in VS 2010 (unmanaged part debugging is impossible), native appplications in VS 2008 only.
Is normal to see more then one device in Registry viewer? I see today everytime only mobile, but now also desktop. On debugger launcher I have three different CoreCon IPs immediately now. Could not it be any attack from internet?

Is normal to see more then one device in Registry viewer?
Click to expand...
Click to collapse
Normal.
On debugger launcher I have three different CoreCon IPs immediately now.
Click to expand...
Click to collapse
that's because you can connect via different connection types. (such as wifi for example - btw, it is also possible, but you have to adjust ip every time)
Could not it be any attack from internet?
Click to expand...
Click to collapse
no.

This is amazing.
Thank you ultrashot.

[HACK] Using complete Windows API in Windows Store app (c++)

As we know, MS prohibits using most of standard Win32 API in Windows Store applications. Obviously there are lots of ways to overcome this limit and to call any API you like, if you are not going to publish your app on Windows Store. And here is one of them.
Idea is really simple and rather old (lots of viruses use it): search for kernel32.dll base in memory, then parse its exports for LoadLibraryA and GetProcAddress, call them - and get profit.
Writing here so this post can be indexed by google.
Partial code:
Code:
void DoThings()
{
char *Tmp=(char*)GetTickCount64;
Tmp=(char*)((~0xFFF)&(DWORD_PTR)Tmp);
while(Tmp)
{
__try
{
if(Tmp[0]=='M' && Tmp[1]=='Z')
break;
} __except(EXCEPTION_EXECUTE_HANDLER)
{
}
Tmp-=0x1000;
}
if(Tmp==0)
return;
LoadLibraryA=(t_LLA*)PeGetProcAddressA(Tmp,"LoadLibraryA");
GetProcAddressA=(t_GPA*)PeGetProcAddressA(Tmp,"GetProcAddress");
CreateProcessA=(t_CPA*)PeGetProcAddressA(Tmp,"CreateProcessA");
HMODULE hUser=LoadLibraryA("user32.dll");
MessageBoxA=(t_MBA*)GetProcAddressA(hUser,"MessageBoxA");
MessageBoxA(0,"A native MessageBox!","Test",MB_OK);
STARTUPINFO si;
memset(&si,0,sizeof(si));
si.cb=sizeof(si);
PROCESS_INFORMATION pi;
CreateProcessA("c:\\Windows\\system32\\cmd.exe",0,0,0,FALSE,0,0,0,&si,&pi);
}
Complete project is attached. It contains sources and compiled appx files for side-loading.
Code compiles fine for x86/x64 and ARM, tested on x86/x64. Can someone test it on ARM? Ability to sideload metro apps is required.
The application should output a MessageBox, then execute cmd.exe.
A note: Windows Store application runs in a sandbox and as a limited account, so most of API returns "access denied". You can check this in a launched CMD - it displays "access denied" even on a "dir" command because normally "modern ui" apps don't have even read access to c:\.
To overcome this - add "all application packages" full control to the directories/objects you like (for example to c:\).

Works perfectly on my Windows 8 x64 Tablet :good:... its not ARM based though ...

Can i use this to run a non-store app?
Here is the catch, I have managed to get the installed (not the installation) file from a kind member here on XDA. But when I paste the folder in:
C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe
The app isnt seen on the metro UI?
Any way to start a scanner of some sorts so that I can see the app in Metro.../?
THanx a ton!
Plz feel free to laugh a little at my noobish question...im stil learning..

Works perfectly on my surface RT!
but type dir in CMD returns "access denied".

There are no code signature checks from the command prompt that you launch.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Code:
#include <iostream>
void main()
{
std::cout << "Hello RT World!\n";
}
Compiled as an exe with info in http://stackoverflow.com/questions/...op-programs-be-built-using-visual-studio-2012

Open properties of your disk c:, go to the security tab and add "ALL APPLICATION PACKAGES" == full control. In this cage "dir" command would work, and your apps would be able to access whole filesystem.

Sorry if it's unrelated, but does RT check signatures for loaded DLLs too? Can one run regedit and change some system CLSID to point to unsigned library, will it be loaded?

Simplestas said:
Sorry if it's unrelated, but does RT check signatures for loaded DLLs too? Can one run regedit and change some system CLSID to point to unsigned library, will it be loaded?
Click to expand...
Click to collapse
Unless the dll is loading with a restricted security policy (such as through a Metro app) it is checked, yes.

Excellent work on the 'App1' technique of starting a cmd prompt from a modern app, and the fact it can run other unsigned cmd line apps.
Note that the cmd prompt still runs in the modern app container and probably has lots of restrictions
And also it only runs when the modern app is running and effectively freezes when the modern app goes into the background and suspends
Don't seem to be able to run win32 gui apps from the cmd prompt it starts -- they start but immediately terminate, presumably because the full win32 stuff cant initialise in a modern app container.
But can tum gui win32 api's, like the create dialog one, from the App1 modern app
Luckily we can also test, investigate and debug this on an intel Windows 8 system (dual monitor is best) when trying to work out what is going on, and then test on ARM after that.

@Simplestas: LoadLibrary is also blocked, I'm afraid. One fo the first things I tried was creating a DLL compatible with the built-in rundll.exe program and using that. It failed to load the third-party library.
@xsoliman3: Don't forget the debugger. You can't run it on the RT device right now, but there are (official) tools for debugging RT apps remotely. That should allow connecting to the child process and seeing what happens as it starts up.

GoodDayToDie said:
@Simplestas: LoadLibrary is also blocked, I'm afraid. One fo the first things I tried was creating a DLL compatible with the built-in rundll.exe program and using that. It failed to load the third-party library.
@xsoliman3: Don't forget the debugger. You can't run it on the RT device right now, but there are (official) tools for debugging RT apps remotely. That should allow connecting to the child process and seeing what happens as it starts up.
Click to expand...
Click to collapse
Great seeing you again!
Anyways, I determined from some work with the VS Remote Debugger that the integrity checks are enforced in ZwCreateUserProcess. But, I bet LoadLibrary has its integrity checks in user-mode, since it normally doesn't access any functions using a call-gate to the kernel on Windows 7, which would mean we can modify it to allow us to load unsigned DLL's.
However, with this vulnerability, I had a different. What about allowing a native application to open, such as Notepad, and before it reaches the entrypoint, remotely injecting a different application to be ran (this would involve some sort of custom LoadLibrary + CreateRemoteThread pair of functions)? With the VS Debugger, you can already attach to any native process in user-mode and modify running code, data, and even the context (e.g. registers and similar data).

That suggestion is possible, and for trivial operations (i.e. replacing some strings in a program, or causing it to take one branch instead of another) people have already done so. Doing a wholesale replacement would be tricky, but should be possible (perhaps aided with WinDBG scripts or similar).

GoodDayToDie said:
Doing a wholesale replacement would be tricky
Click to expand...
Click to collapse
Not so tricky, I've already made a prototype on desktop Win8. Just make an ARM DLL that implements a PE loader using only 2 WinAPI functions - LoadLibrary (used only to get kernel32 handle) and GetProcAddress. Inject that DLL code and data sections via debugger, fixup relocs (you can minimize their amount in your "loader DLL" by not using global variables, placing all code into one file, not using CRT at all, and so on, ARM makes it easy to create position-independent code), and call your injected code via debugger passing it the address of LoadLibrary and GetProcAddress as parameters. Your code than would do what you wish - load and execute an unsigned DLL that you specify.
With this trick you can load EXE files too, as all ARM EXEs contain relocs by default.
But this way is too inconvenient to the end-user, so should be avoided. I really think that MS left enough holes for us to "unlock" unsigned apps on retail WinRT devices.
I'm already thinking on buying an Asus tablet with 3G (instead of waiting for a better device that I wish), so after NY holidays I'll join your game

Ah, that's a much more clever approach than actually trying to load the full program using the debugger itself... if it works. LoadLibrary triggers the same signature check that CreateProcess does (or rather, the system calls that they do will perform that check; if it was user-mode we could bypass it with the debugger). Your method may work, but since the desktop doesn't have the signature check anyhow, prototyping it there doesn't actually mean it will work on RT. Try it out and let us know how it goes, and if it works, posting your source would be awesome!

GoodDayToDie said:
Ah, that's a much more clever approach than actually trying to load the full program using the debugger itself... if it works. LoadLibrary triggers the same signature check that CreateProcess does (or rather, the system calls that they do will perform that check; if it was user-mode we could bypass it with the debugger). Your method may work, but since the desktop doesn't have the signature check anyhow, prototyping it there doesn't actually mean it will work on RT. Try it out and let us know how it goes, and if it works, posting your source would be awesome!
Click to expand...
Click to collapse
He doesn't mean making a prototype and importing from kernel32.dll. He means manually mapping the PE file, then using either CreateRemoteThread or modifying the context of a thread already launched to run it once it's in the memory address of another process. It's basically DLL injection with our own implementation of LoadLibrary. It would work because LoadLibrary doesn't use any system calls except to map memory (and mapping memory doesn't have integrity checks of any sort, and it shouldn't be design -- e.g. VirtualAlloc).
A bigger problem I thought of is automating this. I took a quick peek with Wireshark at my remote debugging session and saw HTTP with what appeared to be a proprietary protocol. In order to automate this from another computer (or any mobile device for that matter), we would need to reverse engineer the protocol. Or, an alternative would be to hook into Visual Studio once the debugging session is launched (maybe just a nice VS plugin would work?).

mamaich said:
Code:
void DoThings()
{
char *Tmp=(char*)GetTickCount64;
Tmp=(char*)((~0xFFF)&(DWORD_PTR)Tmp);
while(Tmp)
{
__try
{
if(Tmp[0]=='M' && Tmp[1]=='Z')
break;
} __except(EXCEPTION_EXECUTE_HANDLER)
{
}
Tmp-=0x1000;
}
if(Tmp==0)
return;
Click to expand...
Click to collapse
I was looking through the provided sample -- wouldn't our own GetModuleHandleA implementation be a better way of doing this? I'm just thinking should the alignment be changed in kernel32.dll it may be better to have something like this:
Code:
522 if (!name)
523 {
524 ret = NtCurrentTeb()->Peb->ImageBaseAddress;
525 }
526 else if (flags & GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS)
527 {
528 void *dummy;
529 if (!(ret = RtlPcToFileHeader( (void *)name, &dummy ))) status = STATUS_DLL_NOT_FOUND;
530 }
Source: http://source.winehq.org/source/dlls/kernel32/module.c#L504
Grabbing the Peb (NtCurrentTeb()->Peb) would involve pulling from the FS register at offset 0x30. Implementing this on ARM could be trickier, as I'm not sure of the inline assembly or availability of intrinsics (not to mention, it would be stored somewhere else than the FS register).
Now, for the PC, it appears __readfsdword is available as an intrinsic, so this *should* work on x86 installations of Windows 8.

mamaich said:
Not so tricky, I've already made a prototype on desktop Win8. Just make an ARM DLL that implements a PE loader using only 2 WinAPI functions - LoadLibrary (used only to get kernel32 handle) and GetProcAddress. Inject that DLL code and data sections via debu
Click to expand...
Click to collapse
I think this approach (of injecting own loader as far as understand) has such problem(even if implemented & automated)
Loaded exe can have own dependant dlls(any complicated-usefull proj has) that it cant load because of signing checks (and even more problems if it uses dynamic loading of own dlls and getprocaddress)
Or do i miss somth in your idea?

Will I be able to read/write to a parallel port using this method? Do the limited store apps have sufficient permissions to do that? Writing to a parallel port requires calling
Code:
hndleLPT = CreateFile("LPT1",(GENERIC_READ | GENERIC_WRITE), 0, 0, OPEN_EXISTING, 0, 0);
. Will this succeed?
Will I be able to successfully load this: http://www.highrez.co.uk/Downloads/InpOut32/default.htm ?
---------- Post added at 03:01 PM ---------- Previous post was at 02:11 PM ----------
This looks like an improved method to get the base address:
http://tedwvc.wordpress.com/2013/07/19/finding-the-kernel32-dll-module-handle-in-a-windows-store-app-using-approved-apis/

You should be able to do that using CreateFile2, which is permitted in Store apps already (no need to use the rest of the Win32 API). As for the permissions, I don't know, but it will probably work.
I mean, assuming your computer *has* an LPT port. I haven't seen one of those in a while...

how about the other way round? can a desktop app have access to the full windows 8 api (including those reserved for win store apps only)?