locked
Reading a system file RRS feed

  • Question

  • Hello World!

    I found that is not possible ( at least for me, by now :) ) to open and read a file from the \Windows\ directory on Windows Mobile devices.

    I tried with fopen + fread and with CreateFile + ReadFile, and both mechanisms had the same effect: the functions are correctly executed and their return codes are  always successfull, but the data copied into the buffer and the size of the opened file are wrong; the buffer is almost completely zero-filled ( some bytes are not zeros and they change at every try ) and the size of the file is always 208 Bytes regardless of the real file's size.

    Trying with a CopyFile on a \Windows\ file i had an invalid return code (BOOL = 0) and a GetLastError() = 5 ( ACCESS_DENIED ), so the problem is easly found.

    My qusetions are:

     - Why the fopen + fread and CreateFile + ReadFile don't fail with an access denied last error, but instead they correctly work ( on uncorrect data ) ?

     - Why the CopyFile has a different bheaviour from the one of CreateFile ?

     - How can I get access to files stored under the \Windows\ directory?

     

    Thank u to everyone would help me with this issue.

    Wednesday, August 25, 2010 4:21 PM

Answers

  • On Wed, 1 Sep 2010 01:42:58 +0000, Cunctator wrote:

    Ok, so, how can a develper ( for instance: me ) access that data? :)

    If I'm correcct, you can't.


    The o.s. of course has it's internal way to do that, and i hope they ( the Microsoft's guys ) exposed those APIs to developers...

    If I'm correct, they didn't.

    • Marked as answer by Cunctator Wednesday, September 1, 2010 11:55 PM
    Wednesday, September 1, 2010 9:22 PM
  • Yep, I would say you can't and "they" didn't.

    Besides there's no need as "they" can just grab original file from PB output, no need whatsoever to extract it from OS image.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Cunctator Wednesday, September 1, 2010 11:55 PM
    Wednesday, September 1, 2010 10:24 PM

All replies

  • I relly cannot believe that no one knows how to do that...

     

    #include <stdio.h>
    
    int wmain( int argn , char** args ){
     FILE* f = fopen( "\\Windows\\ceshell.dll" , "rb" );
     if( f ){
      fseek( f , 0 , SEEK_END );
      unsigned long length = ftell( f ); // length always = 208
      fseek( f , 0 , SEEK_SET );
      unsigned char* buffer = (unsigned char*)malloc(length);
      if( buffer ){
       fread( buffer , 1 , length , f ); // the buffer is not the content of the file
       fclose( f );
       /* do something with the buffer */
       free( buffer );
      }
      else
       fclose( f );
     }
     return 0;
    }
    

     

    If someone will have the patience to try this little code, i would really apreciate it :)

     

    Tuesday, August 31, 2010 1:38 PM
  • What is your goal here? Generally you would never need to read a binary file in this manner. I would also guess you won't be able to do it in some cases such as if file is fixed up for in place execution (which is likely the case with most system binaries). You should be able to read data files such as icons or imaged though.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, August 31, 2010 3:59 PM
  • On Wed, 25 Aug 2010 16:21:57 +0000, Cunctator wrote:

    Hello World!

    I found that is not possible ( at least for me, by now :) ) to open and read a file from the \Windows\ directory on Windows Mobile devices.

    I think some of the system files are protected. Can't be copied.
    Maybe can't be read. Probably the files that are actually in ROM, but
    seem to be in \Windows.


    I tried with fopen + fread and with CreateFile + ReadFile, and both mechanisms had the same effect: the functions are correctly executed and their return codes are  always successfull, but the data copied into the buffer and the size of the opened file are wrong; the buffer is almost completely zero-filled ( some bytes are not zeros and they change at every try ) and the size of the file is always 208 Bytes regardless of the real file's size.

    Trying with a CopyFile on a \Windows\ file i had an invalid return code (BOOL = 0) and a GetLastError() = 5 ( ACCESS_DENIED ), so the problem is easly found.

    My qusetions are:

     - Why the fopen + fread and CreateFile + ReadFile don't fail with an access denied last error, but instead they correctly work ( on uncorrect data ) ?

     - Why the CopyFile has a different bheaviour from the one of CreateFile ?

     - How can I get access to files stored under the \Windows\ directory?

     

    Thank u to everyone would help me with this issue.

    • Proposed as answer by PaulH79 Wednesday, September 1, 2010 10:30 PM
    Tuesday, August 31, 2010 8:30 PM
  • Thank you both for ure answers :)

    @Ilya: my goal is to write a Portable Executable file analyzer for Windows Mobile, the code is already here, tested on various .exe and .dll files around the device, and also on a x86 machine ( the file format is the same ). The interesting thing is that on Windows 7 i can open (in read mode obviously) executables files located in system32 without problems. I can also open executable files on Windows mobile devices but only it they're not under the Windows directory.

    What do you mean for "fixed up for in place execution"?

    @BobZ2: Yhea i already thought :) it was possible, but the point still remain, how can i access those files?

     

    Again, any help would be precious!

    Tuesday, August 31, 2010 10:18 PM
  • I see... Sure, you can open anything on desktop as files are just files. CE is different though as there's OS image as oppose to bunch of files on the normal file system.

    Imagine DLL is loaded into specific memory location and all the addresses are adjusted for that location (fixed up). Then you dump memory content of that DLL. That's pretty much what would happen to a DLLs placed in XIP (execute in place) area. It is now a bunch or raw bytes ready to be executed.

    This should give you an idea on how memory on CE is organized:

    http://msdn.microsoft.com/en-us/library/ms836792.aspx

     

     


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, August 31, 2010 11:40 PM
  • Ok, so, how can a develper ( for instance: me ) access that data? :)

    The o.s. of course has it's internal way to do that, and i hope they ( the Microsoft's guys ) exposed those APIs to developers...

    Wednesday, September 1, 2010 1:42 AM
  • On Wed, 1 Sep 2010 01:42:58 +0000, Cunctator wrote:

    Ok, so, how can a develper ( for instance: me ) access that data? :)

    If I'm correcct, you can't.


    The o.s. of course has it's internal way to do that, and i hope they ( the Microsoft's guys ) exposed those APIs to developers...

    If I'm correct, they didn't.

    • Marked as answer by Cunctator Wednesday, September 1, 2010 11:55 PM
    Wednesday, September 1, 2010 9:22 PM
  • Yep, I would say you can't and "they" didn't.

    Besides there's no need as "they" can just grab original file from PB output, no need whatsoever to extract it from OS image.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Cunctator Wednesday, September 1, 2010 11:55 PM
    Wednesday, September 1, 2010 10:24 PM
  • Hmmm... cool.

    Ok. i'm gonna close this thread with a sad "No we can't!"

    Thank u all for ure support guys :)

    Wednesday, September 1, 2010 11:55 PM