[Q] Custom Device driver / KernelLibrary

---

Good day,

I am new to the forum so please forgive me if this is not the right place to ask.

I have been reading through some of the threads on the forum and is curious to know if there is a way to load custom kernel libraries or device drivers onto the phone.

If there is a way, is there a correct procedure? For example to load a custom device driver / kernel library, do I also have to have an entry in the registry? Does the dll file have to be in /Windows?

Thanks in advance.

Good questions. There's been only a little research on this so far. I can tell you waht I've found, though:

For a stock ROM, nobody has managed it yet, but it might be possible. You'll need to have your DLL signed, and the certificate added to the Code Integrity store on the phone (just mailing yourself the .cer is insufficient! That will put it in the wrong store). You'll probalby want the DLL to be in \Windows, although I'm not sure it's needed. You almost certainly will need to add registry entries; the current drivers seem to have them.

Good day,

thanks for your reply. And thanks for all the good research you have done.

So at the moment, the software approach is not working but for custom roms, is it possible to include custom device drivers / kernel libraries in them?

Thank you.

Quote:

Originally Posted by mousefish321

Good day,

thanks for your reply. And thanks for all the good research you have done.

So at the moment, the software approach is not working but for custom roms, is it possible to include custom device drivers / kernel libraries in them?

Thank you.

Well, it's possible. The HD2 Multitouch driver is an example that its somehow possible. Should be the same for the other devices (espacially HTC first gens)...

But don't know what you're getting at? Why would you need a custom driver?

Good day,

well, I just think that having a driver that acts like HTCUtility would make things convenient.

As for file operations, besides the application that Heathcliff has created (WP7RootTool), are there other applications that can do write operations to the /Windows folder?

What are the things that needs to be done before we can write to that folder?

Thank you.

Any app with Elevated or TCB privileges can write to \Windows, I think. Using HtcRoot project or WP7 Root Tools works (both elevate apps to TCB permissions, though using different methods). Also, using an OEM driver, such as HtcProvisionDrv or HtcFileUtility, works (although those two particular drivers were crippled in the 4.x firmware).

Good day,

thanks for the information. I tried the HtcRoot tool and it works. Thanks for the tool and the source that allows me to know how it works.

Can I assume that I would be able to have write access to the Certificate and Code Integrity store also?

I am also curious as to the workings of HTCFileUtility. A quick search on this turns up little information on its workings.

Furthermore, is there a guide to inserting custom certificates to the root Certificate and Code Integrity store? I have tried downloading the Certificates.zip file in http://forum.xda-developers.com/show....php?t=1236027 and test rom files in http://forum.xda-developers.com/show....php?t=1248799 hoping that they will shed some light but is unable to download them.

Any help is appreciated. Thank you.

Yes, installing your own cert into Code Integrity is possible (in several ways, actually, but I did it using HtcRoot just as an exercise). The certificates are actually stored in the registry, so any tool that can write to HKLM can add them. I believe that WP7 Root Tools will also let you choose the store for adding a certificate if you "open" the cert from the Root Tools filebrowser.

Although I don't know exactly how HtcFileUtility works, here's the basics. It's a software driver that exposes an interface - probably an IOCTL - which apps can use to perform filesystem operations. Since it runs with TCB permissions (it's probably kernel mode, though I haven't actually checked, but it's definitely in TCB) it can perform any operation that the filesystem supports. Of course, that doesn't mean that it exposes all those operations through the IOCTL... but it exposes enough of them for a pretty solid filebrowser implementation (that's how TouchXplorer and Advanced Explorer worked, although they used an OEM COM DLL that called into the driver rather than doing the IOCTL themselves).

The new version of it has very limited operations permitted; it will only list files in a few folders and so forth. It does still "work" within those limitations - Connection Setup, for example, uses it to check the folder that we use for interop-unlock on HTC - but it isn't useful for a general-purpose browser anymore.

It would be great to even figure out how to roll back the OEM drivers to earlier versions. For example, I've got WP7 Root Tools installed on my HD7, but I don't want to install HTC updates because they'll break my drivers such that if something ever goes wrong I won't be able to re-install Root Tools, or if a new hack is found (or developed; I'm working on some stuff with HtcRoot still) I won't be able to run it on my phone. Being able to use the advantages of the new firmware (Internet Sharing, compass in managed apps, hopefully an end to the damn music player freezing between songs...) while still having hackable OEM drivers would be reallllly nice...

Good day,

thanks for the information.

I noticed in the HTCRoot project thread where you mentioned that "It is not a true handle (no handle table, no handle data) but everything that checks for tokens also checks for this const value, and appears to pretty much skip all remaining permissions checks if it finds it".

Would you mind sharing some of the function names so that I could take a look at the code where the checking occurs?

Thanks.