none
Hooking set/get date time API functions RRS feed

  • Question

  • Hi there, WinEC700.

    For security reasons I'd like to intercept the API calls to Set/GetSystemTime or Set/GetLocalTime().

    Is there a way to get them?


    SteMMo


    PS: maybe better: where is the code that handle them ...
    • Edited by SteMMo Friday, March 1, 2013 4:41 PM
    Friday, March 1, 2013 4:40 PM

All replies

  • > where is the code that handle them

    Please serach for PRIVATE source codes.

    Those functions were found in the PRIVATE source code.

    Sunday, March 3, 2013 9:19 AM
  • check these files,

    \WINCE600\PRIVATE\WINCEOS\COREOS\CORE\DLL\time.c - you can see the API here

    \WINCE600\PRIVATE\WINCEOS\COREOS\NK\KERNEL\time.c - and the above API will call the functions and finally it will call OEMRTC functions.


    Vinoth.R

    www.e-consystems.com

    http://vinoth-vinothblog.blogspot.com

    Monday, March 4, 2013 6:24 AM
  • Yes, i also found that the OAL RTC functions are located in

    C:\WINCE700\platform\common\src\soc\MX51_FSL_V3\OAL\RTC\rtc.c

    that is not a private source but anyway is a common source for Freescale's MX51s.

    I need to save the current date/time in other location than the RTC module of the micro, but I don't know how to insert my code. In the rtc.c source thare is no BSP* call then i don't have any point where to add my custom code ...


    SteMMo

    Monday, March 4, 2013 8:54 AM
  • Set/GetSystemTime() APIs finally call the OEM RTC functions, which is in the BSP.

    What you are trying to achieve can you elaborate it?


    Vinoth.R

    www.e-consystems.com

    http://vinoth-vinothblog.blogspot.com

    Monday, March 4, 2013 9:32 AM
  • I need to track the changes of the date/time of the system, and check them.

    So far, my solution is listening the NOTIFICATION_EVENT_TIME_CHANGE event in a custm service, so there is no needs to change the BSP files (common or not!).

    Of course this check is not 'so strict' as the BSP modifications, but it works!


    SteMMo

    Tuesday, March 5, 2013 3:00 PM
  • I've saved and performed various date/time operations at the BSP level as described by Vinoth. If you want the base-level access to the information this is the correct place. You could also prevent time changes, etc. in this function by simply not setting the RTC hardware to the new time. If your present solution is insufficient OEMSetRealTime() is your next step.

    Paul T.

    Tuesday, March 5, 2013 11:10 PM
  • I'm in a trouble:

    - first method is no more running, the event is not fired and I don't know why: i modified the OS stripping the console, active sync and explorer and the notification does not arrive.

    - i try the second method, modifying the OEMSetRealTime but in the new routine i need to talk with a driver and save a file. With the APIs I used i receive the errors:

    PID:00400002 TID:009D0006 +OEMSetRealTime(2013/3/15 10:31:3.000)
    PID:00400002 TID:009D0006 !! ERROR - SECURIIY VIOLATION !! ----------------------------------------------------------------------
    PID:00400002 TID:009D0006 !! ERROR - SECURIIY VIOLATION !! Running user code in kernel Mode (0x40031648), Thread terminated!!
    PID:00400002 TID:009D0006 !! ERROR - SECURIIY VIOLATION !! ----------------------------------------------------------------------
    PID:00400002 TID:009D0006 Exception 'Raised Exception' (0x5): Thread-Id=009d0006(pth=c0406198), Proc-Id=00400002(pprc=82d5f5e0) 'NK.EXE', VM-active=014e0022(pprc=c0417ab0) 'udevice.exe'
    PID:00400002 TID:009D0006 PC=40031648(coredll.dll+0x00021648) RA=8024962c(kernel.dll+0x0000e62c) SP=cc61e2d4, BVA=00000000

    PID:00400002 TID:009D0006 Exception 'Raised Exception' (0x116): Thread-Id=009d0006(pth=c0406198), Proc-Id=00400002(pprc=82d5f5e0) 'NK.EXE', VM-active=014e0022(pprc=c0417ab0) 'udevice.exe'
    PID:00400002 TID:009D0006 PC=eff6ec00(k.coredll.dll+0x0001ec00) RA=8024962c(kernel.dll+0x0000e62c) SP=cc61da00, BVA=ffffffff

    I added the coredll.lib and my guess this is the error but which functions can i use to save a file?


    SteMMo

    Friday, March 15, 2013 9:40 AM
  • you are not supposed to do any API call from kernel code (OAL) expect the functions supported in the kernel through OEMGLOBAL, NKGLOBAL structures.

    Vinoth.R

    www.e-consystems.com

    http://vinoth-vinothblog.blogspot.com

    Friday, March 15, 2013 10:05 AM
  • Then i cannot write a file or segnal an event ???   :(


    SteMMo

    Friday, March 15, 2013 10:39 AM