5,597,354 Members 31,244 Now Online
XDA Developers Android and Mobile Development Forum

[PROJECT] HaRET on WP7

Tip us?
 
Martin7Pro
Old
(Last edited by Martin7Pro; 11th February 2013 at 04:30 PM.)
#211  
Senior Member
Thanks Meter 360
Posts: 377
Join Date: Oct 2011
Default Silverlight UI

Hi Friends.



It is not a fake, but I need co-operation here. I am working on non-blocking WPF managed/unmanaged interface, able to write strings (or do any more complicated UI management) to WPF objects by unmanaged functions calling. Are you anybody able to change actual non-ui HaRET version to simple dll with defined entry points? I will share interface with UI-related callbacks next weak. I have got too old HaRET version in VS2008 vorking only, newest versions have too different assembler, system calls and linking management opposite to 0.3.8. I have no time to port it or to install linux/GCC on my totally full computer. M.


____________________________

A question:

Are you able anybody change certificates to be this feature working on WP7?

_______________________

Do you anybody know CodeSourcery in relation to WM projects compiling? I tried Python script and GCC/G++ for compiling newest HaRET from Visual Studio, but compiling from downloaded CodeSourcery version seems not to be for WM, but for ARM Linux. Is CEGCC Necessary? I read CodeSourcery may be usable to WM/CE ARM compiling along.
But, VS scripting seems interesant, with Native/Managed TRACE system etc. it can allove to have FULL hybrid (Managed+Native) projects in VS 2010 for Windows Phone only, include debugging.
The Following 7 Users Say Thank You to Martin7Pro For This Useful Post: [ Click to Expand ]
 
Martin7Pro
Old
(Last edited by Martin7Pro; 14th February 2013 at 05:03 PM.)
#212  
Senior Member
Thanks Meter 360
Posts: 377
Join Date: Oct 2011
Is not this (and dependent the same author CE6/7 sources), what we need finally? Are you able anybody to sign it with a correspondent WP7 certificate? I mean little driver able to access processor(solved on link fully)/memory(need little add) hardware is better then rearranging all HaRet to driver etc.

If I understand good, we can:

1. To make "stream protocol driver" dll. This is the deepest driver level, enabling everytime kernel mode (second possibility is a "kernel part" of "device driver", I am not sure still, how to determine, which part is used for calling answer). This dll must export 6 strongly defined entry points.
2. To register "fake stream protocol".
3. To open "fake file" by "fake protocol" in our user mode application (or wrapper dll). This loads driver to memory, now we can call it's exported functions in the kernel mode.
4. To start kernel mode thread, communicating with application by synchronisation objects and (may be) able to call user callbacks in kernel mode (I am not sure, how can be params mapped between modes, but link above solves it).

I mean points 1..3 can be did by "normal" files and registry handling (see middle link of previous post). If not, we must use cab sender or WP7 kitchen to do points 1 and 2. May be Platform Builder is needed for point 1 (in link above it is wrote, we can use this nice feature), but I mean it is not needed, driver can be compiled as "normal" dll probably. May be "system ROM" bit could not be checked, then it can works simply on custom ROMs and with any certification hack on signed ROMs.

Will not bigger problem SD card filesystem? Have you got success with partition creating? I just go to replace my HTC7Pro SD card from 8GB class 2 to 32GB class 10, I will try to do some partitions management attempts.
The Following 7 Users Say Thank You to Martin7Pro For This Useful Post: [ Click to Expand ]
 
Kr3i0s
Old
#213  
Member
Thanks Meter 24
Posts: 86
Join Date: Jun 2011
Quote:
Originally Posted by Martin7Pro View Post
Is not this (and dependent the same author CE6/7 sources), what we need finally? Are you able anybody to sign it with a correspondent WP7 certificate? I mean little driver able to access processor(solved on link fully)/memory(need little add) hardware is better then rearranging all HaRet to driver etc............................................... ..............
Its good to see someone still working on this project after the big boys seem to have given up. Keep it up Martin7Pro.

I wish i could be of any assistance but have no programming language skills. Hope to get haret running on WP7 someday.
HTC 7 Pro on Dynamics 2.2
HTC Wildfire on CM 9.1
MMX Canvas 2 A110 on LegoIce™_Fusion_v2
Sony Xperia ZL Stock
 
Jaxbot
Old
#214  
Recognized Developer
Thanks Meter 542
Posts: 1,216
Join Date: Mar 2009

 
DONATE TO ME
Quote:
Originally Posted by Martin7Pro View Post
Is not this (and dependent the same author CE6/7 sources), what we need finally? Are you able anybody to sign it with a correspondent WP7 certificate? I mean little driver able to access processor(solved on link fully)/memory(need little add) hardware is better then rearranging all HaRet to driver etc.

If I understand good, we can:

1. To make "stream protocol driver" dll. This is the deepest driver level, enabling everytime kernel mode (second possibility is a "kernel part" of "device driver", I am not sure still, how to determine, which part is used for calling answer). This dll must export 6 strongly defined entry points.
2. To register "fake stream protocol".
3. To open "fake file" by "fake protocol" in our user mode application (or wrapper dll). This loads driver to memory, now we can call it's exported functions in the kernel mode.
4. To start kernel mode thread, communicating with application by synchronisation objects and (may be) able to call user callbacks in kernel mode (I am not sure, how can be params mapped between modes, but link above solves it).

I mean points 1..3 can be did by "normal" files and registry handling (see middle link of previous post). If not, we must use cab sender or WP7 kitchen to do points 1 and 2. May be Platform Builder is needed for point 1 (in link above it is wrote, we can use this nice feature), but I mean it is not needed, driver can be compiled as "normal" dll probably. May be "system ROM" bit could not be checked, then it can works simply on custom ROMs and with any certification hack on signed ROMs.

Will not bigger problem SD card filesystem? Have you got success with partition creating? I just go to replace my HTC7Pro SD card from 8GB class 2 to 32GB class 10, I will try to do some partitions management attempts.
That looks exactly like what we need. I came across something similar to that a while back, but I was unable to actually use it for anything, as my limited C++ knowledge resulted in me having no idea how to compile CE drivers.

As far as drivers go, it should be possible with full unlocked devices to use unsigned CE modules, as I'm pretty sure this is what DFT bluetooth does. I could be totally wrong, though. It's been a while.

Props to you, though!
That guy from Windows Phone Hacker, 2009-2013. Retired June 2013.
Personal Blog | Twitter | Youtube
The Following User Says Thank You to Jaxbot For This Useful Post: [ Click to Expand ]
 
Martin7Pro
Old
#215  
Senior Member
Thanks Meter 360
Posts: 377
Join Date: Oct 2011
Quote:
Originally Posted by spavlin View Post
http://msdn.microsoft.com/en-us/library/aa908734.aspx

UnlockPages
This function unlocks a specified range of pages in the virtual address space of a process, enabling the system to swap the pages out, if necessary. This function can be called only in kernel mode.

Syntax

BOOL UnlockPages(
LPVOID lpvAddress,
DWORD cbSize
);
Parameters
lpvAddress
[in] Address of the start of a region of committed pages that are to be unlocked.

cbSize
[in] Number of bytes to unlock.

Return Value
TRUE indicates success FALSE indicates failure. To get extended error information, call GetLastError.

Remarks
LockPages is referenced counted, so if the same thread does a LockPages twice, the second UnlockPages unlocks the pages.

Requirements
Header pkfuncs.h
Library coredll.lib
Windows Embedded CE Windows Embedded CE 6.0 and later

CeVirtualSharedAlloc

This function allocates read/write memory to the caller and read-only memory to other processes. This function is callable only in kernel mode.

Syntax

LPVOID CeVirtualSharedAlloc(
LPVOID lpvAddr,
DWORD cbSize,
DWORD fdwAction
);
Parameters
lpvAddr
[in] Starting address of the shared memory to be committed, or NULL if reserving shared memory.

cbSize
[in] Size, in bytes, of the memory reservation or allocation.

fdwAction
[in] Value that specifies the action.

This value must be a combination of MEM_RESERVE and MEM_COMMIT.

Value Description
MEM_COMMIT
Commits the memory specified by lpvAddr and cbSize, where lpvAddr must be an address previously reserved by CeVirtualSharedAlloc.
This value can also be NULL, which reserves and commits a region of size cbSize. This behaves like MEM_RESERVE|MEM_COMMIT.
MEM_RESERVE
Reserves a region in the shared read-only area. lpvAddr must be NULL.
Return Value
A pointer to the memory region that was reserved or committed indicates success. NULL indicates failure. To get extended error information, call GetLastError. If the caller is not fully trusted, the call fails with the error code ERROR_ACCESS_DENIED.

Remarks
You can free the memory region that was reserved or committed by CeVirtualSharedAlloc, using the VirtualFree function.

Freeing the memory allocated by CeVirtualSharedAlloc is similar to freeing memory allocated by the VirtualAlloc function.

Requirements
Header pkfuncs.h
Library coredll.lib
Windows Embedded CE Windows CE 5.0 and later

VirtualAllocCopyEx

This function reserves or commits a region of pages in the virtual address space of the specified destination process, hDstProc, and then dynamically creates an alias to the virtual memory given by the source process, hSrcProc, and the source address pAddr. Terminate the mapping by calling VirtualFreeEx. This function is callable only in kernel mode.

Syntax

LPVOID VirtualAllocCopyEx (
HANDLE hSrcProc,
HANDLE hDstProc,
LPVOID pAddr,
DWORD cbSize,
DWORD dwProtect
);
Parameters
hSrcProc
[in] Handle to the source process.

hDstProc
[in] Handle to the destination process.

pAddr
[in] Long pointer to the specified starting address in the source process, hSrcProc. This cannot be NULL.

cbSize
[in] Size in bytes of virtual allocation pointed to by pAddr in the hSrcProc process. This cannot be NULL.

dwProtect
[in] Type of access protection. If the pages are being committed, any one of a number of flags can be specified, along with the PAGE_GUARD and PAGE_NOCACHE, protection modifier flags.

For information about the possible flags for this parameter, see VirtualCopyEx.

Return Value
The base address of the allocated region of pages indicates success. NULL indicates failure. To get extended error information, call GetLastError.

Remarks
If you want to VirtualAllocCopy a physical or virtual buffer, if that buffer is not page-aligned then you will end up copying more data than you specified. If the start of the buffer is not page-aligned then you will also copy data before the start of the specified buffer, starting from the beginning of the page. If the end of the buffer is not page-aligned then you will also copy data after the end of the specified buffer, ending at the following page boundary.

This is a security issue if the copied buffer is ever passed to user mode. The user mode application will be able to access the surrounding data that is not part of the specified buffer. To protect the surrounding data, use a buffer that is page-aligned and an even multiple of pages in size. If that is not possible then passing the data to user mode puts it at risk.

For more information, see VirtualAllocEx and VirtualCopyEx.

Requirements
Header pkfuncs.h
Library coredll.lib
Windows Embedded CE Windows Embedded CE 6.0 and later

VirtualCopyEx

This function dynamically maps a virtual address to a physical address by creating a new page-table entry. Terminate the mapping by calling VirtualFree. This function is callable in kernel mode and in user mode, when the source and destination process handles are the active process.

Syntax

BOOL VirtualCopyEx(
HANDLE hDstProc,
LPVOID lpvDest,
HANDLE hSrcProc,
LPVOID lpvSrc,
DWORD cbSize,
DWORD fdwProtect
);
Parameters
hDstProc
[in] Handle to the destination process.

lpvDest
[in] Pointer to the destination memory, which must be reserved.

hSrcProc
[in] Handle to the source process.

lpvSrc
[in] Pointer to committed memory.

cbSize
[in] Size, in bytes, of the region. The allocated pages include all pages containing one or more bytes in the range from lpAddress to (lpAddress + cbSize). This means that a 2-byte range straddling a page boundary causes both pages to be included in the allocated region.

fdwProtect
[in] Type of access protection. If the pages are being committed, any one of a number of flags can be specified, along with the PAGE_GUARD and PAGE_NOCACHE, protection modifier flags. The following table shows the flags that can be specified.

For information about the available values for this parameter, see VirtualCopy.

Return Value
TRUE indicates success. FALSE indicates failure. To obtain extended error information, call GetLastError.

Remarks
This function is similar to VirtualCopy, except VirtualCopyEx requires handles to the source and destination process. For more information about this function, see VirtualCopy.

Requirements
Header pkfuncs.h
Library coredll.lib
Windows Embedded CE Windows Embedded CE 6.0 and later

VirtualSetAttributes

This function enables driver developers to change the per-page attributes for a range of virtual memory, which is usually copied from a physical location not known to the kernel. This function can be called only in kernel mode.

Syntax

BOOL VirtualSetAttributes(
LPVOID lpvAddress,
DWORD cbSize,
DWORD dwNewFlags,
DWORD dwMask,
LPDWORD lpdwOldFlags
);
Parameters
lpvAddress
[in] The start address of the virtual memory to be changed.

cbSize
[in] The length, in bytes, of the virtual memory to be changed.

dwNewFlags
[in] Specifies the new value of the bits to be set.

dwMask
[in] Specifies which bits are to be changed.

lpdwOldFlags
[in] If this parameter is not NULL, *lpdwOldFlags contains the original value of the page entry of the first page upon return.

Return Value
TRUE indicates success. FALSE indicates failure.

Remarks
The dwMask parameter specifies the bits to be changed. For example, if the original value is 0x00100010, dwMask is set to 0x30, and dwNewFlags is set to 0x030, the new value will be 0x00100030. The new value is calculated using the following formula:

newValue = (oldValue & ~dwMask)|(dwNewFlags & dwMask);
If dwMask is set to zero, it behaves like a query function. This means that nothing is changed, and the original page entry is returned through lpdwOldFlags.

Note:
Do not change the physical page number, which includes bits 10 through 31 for most CPUs. Otherwise, it causes unexpected system behavior.
The VirtualSetAttributes function changes the translation look-aside buffer (TLB) entry directly. The calling function should be aware of what CPU architecture it is running on and which attributes to change.

The VirtualSetAttributes function can be used on the x86 and XScale microprocessors to speed up the display buffer.

The VirtualSetAttributes function does not work on SHx processors.

Requirements
Header pkfuncs.h
Library coredll.lib
Windows Embedded CE Windows CE .NET 4.1 and later

---------- Post added at 09:52 PM ---------- Previous post was at 09:24 PM ----------

http://www.e-consystems.com/WindowsCE5vs6.asp
Hi spavlin. Have you got <pkfuncs.h> file for (any) WP7 device? I am working on kernel mode driver, but power functions etc. are OEM dependent. My first attemp (will enable physical memory access only) will use any little subset of pk functions designed inline in my own <pkfuncs.h>, but we need OEM originals probably for full device kernel access. M.
The Following 2 Users Say Thank You to Martin7Pro For This Useful Post: [ Click to Expand ]
 
Martin7Pro
Old
#216  
Senior Member
Thanks Meter 360
Posts: 377
Join Date: Oct 2011
Default Still no success

I created and deployed driver, setted registry values, restarted phone and tried to load driver by "fake stream" demanding. Driver is not loaded. When I use the same demand for any other builtin driver, all is OK. I created driver without PB and OEM libraries, only with /DRIVER linker flag. Is it possible? How can I get dll with System and Kernel flags setted? I will clean project code and publish here.
The Following 2 Users Say Thank You to Martin7Pro For This Useful Post: [ Click to Expand ]
 
ultrashot
Old
#217  
ultrashot's Avatar
Recognized Developer
Thanks Meter 2014
Posts: 1,469
Join Date: May 2009
Location: St.Petersburg
Quote:
Originally Posted by Martin7Pro View Post
I created and deployed driver, setted registry values, restarted phone and tried to load driver by "fake stream" demanding. Driver is not loaded. When I use the same demand for any other builtin driver, all is OK. I created driver without PB and OEM libraries, only with /DRIVER linker flag. Is it possible? How can I get dll with System and Kernel flags setted? I will clean project code and publish here.
You don't really need /DRIVER linker flag. Default DLL config is almost good, though you have to enable DEP support, set large address awareness and add WP7's coredll.lib to input static libs.
Nokia Lumia 920, Samsung Ativ S (T899 TMOUS, engineering), HTC 8X (partially broken)
Mozart and Titan: Dynamics v2.2 ROM
X1i and HD2: Dynamics v2.4 ROM
http://ultrashot.net
The Following 3 Users Say Thank You to ultrashot For This Useful Post: [ Click to Expand ]
 
Martin7Pro
Old
(Last edited by Martin7Pro; 26th February 2013 at 11:27 AM.)
#218  
Senior Member
Thanks Meter 360
Posts: 377
Join Date: Oct 2011
Default Kernel mode driver

Quote:
Originally Posted by ultrashot View Post
You don't really need /DRIVER linker flag. Default DLL config is almost good, though you have to enable DEP support, set large address awareness and add WP7's coredll.lib to input static libs.
Hi ultrashot. Thanks for a help. I do not understand exactly. Can you see (and repair, if will you have a time) attached code (VS2008+WM6SDK used)? Does not expect any certificates too? Driver registration can be also wrong:

[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\KMDriver]
"Order"=dword:00000004
"DeviceArrayIndex"=dword:00000002
"Flags"=dword:00000010
"IClass"=multi_sz:"{A32942B7-920C-486b-B0E6-92A702A99B35}"
"Prefix"="KMD"
"Dll"="KMDriver.dll"
"Index"=dword:1

This is based on IOCTL driver from post above, kernel mode callbacks are not finished now. Flags are setted to user mode now in registry settings (0x10), I am afraid to use kernel mode driver on unbackuped phone. After doing backup I will try "Flags"=0 and IOCTL/Physical memory functions calling.
I do not know, how to debug kernel or driver, there is simple diagnostic text file writing. By it KMD_Init is called from UDevice.exe, driver in user mode seems to be working. I forgot to add definition file to project settings, when cleaning code, this was all disfunction problem probably.

Output:

KMD_Init
pDriverContext->Instance 2
KMD_Init Success
KMD_Open
KMD_IoControl default, dwCode=1
KMD_IoControl default, dwCode=10303FF
KMD_IoControl default, dwCode=10303FF
KMD_Close
KMD_Open
KMD_IoControl default, dwCode=1
KMD_Close
KMD_Open
KMD_IoControl default, dwCode=1
KMD_Close

Do you know, who and why call XXX_IoControl function with dwCode=10303FF?
 
ultrashot
Old
#219  
ultrashot's Avatar
Recognized Developer
Thanks Meter 2014
Posts: 1,469
Join Date: May 2009
Location: St.Petersburg
Quote:
Originally Posted by Martin7Pro View Post
Do you know, who and why call XXX_IoControl function with dwCode=10303FF?
http://msdn.microsoft.com/ru-ru/library/ee478991.aspx
Nokia Lumia 920, Samsung Ativ S (T899 TMOUS, engineering), HTC 8X (partially broken)
Mozart and Titan: Dynamics v2.2 ROM
X1i and HD2: Dynamics v2.4 ROM
http://ultrashot.net
The Following 2 Users Say Thank You to ultrashot For This Useful Post: [ Click to Expand ]
 
Martin7Pro
Old
(Last edited by Martin7Pro; 27th February 2013 at 11:50 AM.)
#220  
Senior Member
Thanks Meter 360
Posts: 377
Join Date: Oct 2011
Quote:
Originally Posted by ultrashot View Post
Thanks. This is probably OK now, I forgot close stream handle in older version of calling application before new one creating, Can I prevent it within the driver?

Do you thing it is safe to try this driver (newest source attached) in kernel mode? What will occcure, when driver crashes in XXX_Init function? Does not it cause phone brick (repeated restarts), when all kernel drivers are launched from NK.exe? I am not sure, if kernel exception does not call restart automatically. Is this behaviour dependent on registry values (I seen something related in registry editor, but I do not remember where)?

Can I use any dwCode values for my own operations, or all values are predefined as IOCTL_PSL_NOTIFY? I found this list only.

Quote:
Originally Posted by ultrashot View Post
enable DEP support
How to do it, please? I could not find something related to WP/CE6, only desktop windows MSDN.

Quote:
Originally Posted by ultrashot View Post
set large address awareness
The same issue. How to do it on WP application? Is Platform Builder needed? Or is it some compiler/linker switch in project?

Quote:
Originally Posted by ultrashot View Post
add WP7's coredll.lib
May I use coredll7.lib from your OMXCDLL source? Is only one coredll.dll for both modes (I could not find kcoredll on my phone)? Or extract coredll.dll from Ansar's signed ROM and use impdef.exe or dumpbin.exe and lib.exe? Lib.exe seems not working on my computer for ARM compiled dlls. I designed project as WM6 dll. Will not any dupplications occure, when coredll.lib will be added?

Do you know, how to add extra partition to WP7 phone SD card?

EDIT: Attachment removed, actual source code is here.

Tags
haret wp7 htc
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes