Android Scripting Security - Ideas needed - G1 Q&A, Help & Troubleshooting

Hi all,
I'm currently in the planning period for an application which will need access to different things containing internet access, read/write contacts, read/write SMS and so on.
The application should be extensible through plugins, so I decided to implement a scripting language.
Since I dont want to write my own engine, I decided to use BeanShell which gives one a scripting platform with Java style code.
The problem is, in these scripts you can import _any_ java class. Since I run the script from my application, they have the same permissions as defined in AndroidManifest.xml.
Now I need a way to guarantee the user that the plugin/script he loads doesn't execute bad code.
Ideas were some sort of certification (I sign every version of every script and only the signed scripts are executable, I sign a single person who can sign his/her scripts, everyone can sign everything and the user has to be shure to trust the person who signed something, person a trusts person b - the user trusts person a so the user trusts person b also [what is it called - assurance web?]). But this creates also problems, if I would sign everything in the worst case (actually the best case for my app ^^) I would have to sign a big amount of scripts and updates which would be crap.
On the other side I know the most "normal users" just click on OK if they see a message a la "It's signed by [person]. Do you trust him?" so this is also somehow crap.
Another idea I had is to implement a permission system a la android itself. So the scripts would have to say what permissions they need and I would have to make shure that they cannot execute something else.
Well, I don't now, I'm not really happy with anything of this. So I wanted to ask you people out there for your opinions about that and for new ideas
Thanks to you all

Sorry for bumping...
No one any idea, suggestion or opinion?
Experimental ways are also welcome

Related

WM6 Programming Question

This is my first post, so to all of you out there, my name is Joe and I have been following this forum since I decided on buying an ATT Tilt (Kaiser) and you all have been a tremendous help in a lot of decisions I made with my phone.
Now onto the question at hand, I have some programming knowledge in the world of computers (C++, VB, etc...) but I was wondering the differences in trying to make a program for my phone. If someone can direct me to maybe a tutorial or another post that might help me, please do (I looked but couldn't find anything), I would like to start giving back to the forum that helped me out.
There isn't much difference between C++ and VB in general, just some prefer the less strict 'grammar' in VB and some prefer the clear 'grammar' in C++. Speed wise, if you were to be using M$'s classes, both ought to be the same, while if you were to write in pure C++ native language, C ought to be better compiled.
Another alternative would be the .Net thing. If I'm right (haven't been really using one), is a class package for both VB and C+ which seemingly make it easier to program.
Depends on what you have (i.e. the programming software), if you were to have Visual Studio 2003+ (or later, no sure), you can download the WM6 SDK, which includes tutorial on how to get started.
Well what I have on hand right now...nothing at all...I'm at work at the moment and in my freetime here would like to work on a few things, I've been analyzing some other pieces of software since I posted this and noticed the use of XML files for the setup.
I have no preference in what language I use (hell one I don't know yet would work for me...knowledge is a blessing in IT). Just wish to be able to take some of the programs I use at the moment (ex HTC Home, BatteryStatus) add a little more functionality for my own personal use since I really don't feel like copyright lawsuits.
Basically Hanmin, I guess it just boils down to what would you suggest to use with the available "tools" at hand or suggestions, I'm up for anything, new to this game, I figured I would get wisdom from the pros here to make myself useful in my downtime
"There isn't much difference between C++ and VB in general," - now there's a statement to launch a major debate! But I'll resist the temptation and move on to a more constructive response - PPL. PPL (Pocket Programming Language) is a great little package which gives you an IDE for developing pocket pc apps in a C like language on either the pocket pc itself or on a pc. Read about it and get a free trial download here:
http://www.arianesoft.ca/

Android Access Database

Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me. Now understanding that Microsoft and Android are two completely different beasts, what I really am looking for is the ability to take the tables (I use all Back-end database so all my tables are in a completely separate file then all my forms, queries, and reports) and the data with me and be able to run them in a program on Android that keeps the relationships and fields and all of that sort of stuff.
Now what would be great is the ability to use forms (even if special forms for android need to be made), run queries, and even be able to run reports and print as PDFs.
now I know how to code in VBA, hence the extensive coding I have done in Access, so anybody willing to WORK WITH in creating an Android Program to basically be an extension of Microsoft Access please contact me. Please not I use the words WORK WITH loosely, while I am trying to learn how to Program for Android, I currently do not have a computer that I can use to develop programs for android on, and well I would be only able to create the "Hello World" starter program and this project seems a slight bit more complicated. But what I can bring to the table is real world experience in testing and using the program day in and day out, a number of already existing Microsoft Access Databases ranging from Complex to Simple that I use every day. Really a program that can run Microsoft Access Tables on Android would be really useful to me and I am willing to do anything to help make this happen.
kronos82 said:
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me. Now understanding that Microsoft and Android are two completely different beasts, what I really am looking for is the ability to take the tables (I use all Back-end database so all my tables are in a completely separate file then all my forms, queries, and reports) and the data with me and be able to run them in a program on Android that keeps the relationships and fields and all of that sort of stuff.
Now what would be great is the ability to use forms (even if special forms for android need to be made), run queries, and even be able to run reports and print as PDFs.
now I know how to code in VBA, hence the extensive coding I have done in Access, so anybody willing to WORK WITH in creating an Android Program to basically be an extension of Microsoft Access please contact me. Please not I use the words WORK WITH loosely, while I am trying to learn how to Program for Android, I currently do not have a computer that I can use to develop programs for android on, and well I would be only able to create the "Hello World" starter program and this project seems a slight bit more complicated. But what I can bring to the table is real world experience in testing and using the program day in and day out, a number of already existing Microsoft Access Databases ranging from Complex to Simple that I use every day. Really a program that can run Microsoft Access Tables on Android would be really useful to me and I am willing to do anything to help make this happen.
Click to expand...
Click to collapse
I think we must have the same job
Android utilizes an sqlite database engine and it looks like sqlite already offers a conversion utility HERE. The real question would be how to get the data in and out of the phone. Regarding forms, they definitely would need to be custom built.
Thanks this is deffenetly a start, From what I can tell this This Looks to be the most promising, It looks like all you would have to do is put a MS Access Database file on your SD CARD and have a program access it. That way you copy it back and forth. Unfortunately it doesn't support Access 2003, but I can save down. I also got a lot of learning to do in programing Java programs.
Forms would be as simply as making a program, this is great thanks much
kronos82 said:
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me....
Click to expand...
Click to collapse
I would like to say, "yes, please!" to this idea. I currently use Smart List to Go (the descendant of ThinkDB) on my Palm TX. The TX is dying, and I've been shopping for a replacement. HanDBase exists for the iPhone, but I don't want an iPhone. So I've been focused on WinMo - not by choice as much as by necessity.
And android option would be very welcome around my computers.
benmyers2941 said:
I think we must have the same job
Android utilizes an sqlite database engine and it looks like sqlite already offers a conversion utility HERE. The real question would be how to get the data in and out of the phone. Regarding forms, they definitely would need to be custom built.
Click to expand...
Click to collapse
androids sqlite its for applications to access and store data using java code.
try the pocket office app
Freedomcaller said:
androids sqlite its for applications to access and store data using java code.
try the pocket office app
Click to expand...
Click to collapse
Exactly and we're talking about creating an app that would enable manipulation of an sqlite database. Essentially all that would be needed would be to create a ui framework wrapper for the existing api in android. Not the least monumental task I've heard of an individual taking on but not the most either.
The versions of pocket office that I've seen for android do not currently support Access databases as far as I'm aware. If I'm wrong could you post a link and save everyone some trouble?
aaaaaaaaaaaaaaaaaaa
kronos82 said:
Thanks this is deffenetly a start, From what I can tell this looks to be the most promising, It looks like all you would have to do is put a MS Access Database file on your SD CARD and have a program access it. That way you copy it back and forth. Unfortunately it doesn't support Access 2003, but I can save down. I also got a lot of learning to do in programing Java programs.
Click to expand...
Click to collapse
Jackcess library is now patched to support android (will be in 1.2.2 release). Also seems to support 2000, 2003 and 2007 formats now.
Works great for me.
View jackcess site. Couldn't find anything on support for android. I'm using htc desire and would really like to find program to view ms access file. Can you tell me how you do it?
As I remember reading worked as on PC, while writing had some problems.
This forum prevents me from linking directly, but if you click tracker/patches on Jackcess project, check Android Compatibility Fix - ID: 3101578
The changes are in trunk and will be in the 1.2.2 release. I've added some
notes which will eventually make it to the FAQ page on the website
detailing the compatibility steps:
- Set the system property "com.healthmarketscience.jackcess.broken
Nio=true"
- Set the system property "com.healthmarketscience.jackcess.resour
cePath=res/raw/"
- Copy the *.txt, *.mdb, and *.accdb files from the
"com/healthmarketscience/jackcess/" directory in the Jackcess jar to the
"/res/raw" Android application directory.
- Before executing any Jackcess code, set the current Thread's context
classloader, e.g.
"Thread.currentThread().setContextClassLoader(Database.class.getClassLoader())".
Click to expand...
Click to collapse
Until this version (1.2.2) is released you need to build lib yourself.
You also need commons-lang and commons-logging from apache commons.
Before you use Jackcess in Android code, you set
Thread.currentThread().setContextClassLoader(
getClass().getClassLoader());
System.setProperty(
"com.healthmarketscience.jackcess.brokenNio",
"true");
System.setProperty(
"com.healthmarketscience.jackcess.resourcePath",
"res/raw/");
Click to expand...
Click to collapse
and copy those resource files to res/raw
Then you can work as on PC, for example open /sdcard/yourprogram/file.mdb
Jackcess has no GUI, it's a library to read/write access files.
Getting an Access file into Android
I keep a lot of information on a Psion Revo, which has just turned its face to the wall and is giving up the ghost, and have always backed the information up on to my pc as an Access file. It looks easier to get this into a format acceptable to Android by converting the Access .mbx file into an Excel .xls file. This can be searched readily by Column and Values. Maybe this deals with too simple a need for most enquirers to the forum, but if it helps somebody then so much the better.
hi all i have beenlooking for something the same for some time now and just the other day i came accross this site cellica.com
the android app is free and the desktop application has a 5 day trial period or its $50 to buy it works great the only thing you can not do is create a report from the phone
i have emailed support team and they said they will be adding it on in the future.
Any Updates???
I currently build and use databases in MS Access and was wondering if there are any updates on this topic now that Tablets are in use now. Looking to get the Motorola Xoom (2nd version) in the future, but would love to be able to use a program that I would be able to access my MS Access databases while "on-the-go".
Anyone? This would be huge (I believe), since we now have tablets.
Thanks a bunch,
~Kilch~
Access to MS Access by Android
Hi,
I'm also looking to get on-the-go access to my Access databases on my Android HTC Tattoo.
The file is on it, I just need a tool to access it in read-only / search mode, but judging from the previous comments, there doesn't seem to be an oversupply in applications.
The "convert to Excel format" may be OK for me. I want to use a 3 language Access DB (dictionary) on my phone, so I'll try the Excel solution.
It would be nice if we had an ACCESS reader though...
John
Panacea Database
I know XDA frowns upon excessively hawking your own products here, but I do seem to be directly answering more than one of the reply questions, it just happens that the answer is an application my company released.
The Panacea Database application can handle Access from Access 2000 to Access 2007. It has also worked so far on every Access 2010 database we've tested, and we've received no complaints in that department yet. We release updates from time to time as we improve its functionality and features, often guided in our priorities by user e-mail and market comments. Our next update will be focused on improving screen layout for a variety of Android devices - from small QVGA smartphones, to large WXGA tablets. After that we may move onto other functionality.
In the interest of fairness, I'll point out arafa1209's post. He mentions Celicca Database, which is the only other application that I know of that deals with Access databases on Android. It has features Panacea does not have (yet) - ability to work with forms, ability to create and modify databases, ability to connect to your PC etc. Like us, they also send out updates improving their app regularly. So you can compare the apps, and use which one fits your needs better (or use both). If anyone knows of any others they can post here as well, but these are the only two I know of currently.
Just tried Panacea. Although it is more basic and annoyingly doesn't remember the last files you'be opened necessitating finding the file each time you open the app I prefer it for the simple reason you don't have to convert the Access database to another format.
amwebby said:
doesn't remember the last files you'be opened necessitating finding the file each time you open the app
Click to expand...
Click to collapse
If you update the app, this should be fixed, the last version should have this feature.
Got the update last week. Certainly goes a long way to making it more user-friendly. Keep up the great work!
Since the last update it seems to be broken. Although it remembers the last database I cannot open a table within any database.
Edit: It appears the file was corrupted. Loaded a new file and all working again.
Any news in this topic.
I tried panacea Database, works fine. But not very effective. Searching data is a must for me however I didnt manage to find a search option. When I search for tables, it cant even locate the tables by names.

Google Maps / Earth : automated plotting from DB

Hi XDA!
I know the forum is mostly aimed at mobile dev but the people here are so good i thought it the best place to ask a question regarding dev in general.
I have a database (mySQL) with rows that contain latitude/longitude values representing the locations of customer complaints. I'd like to plot these on Google Maps / Earth and put up a dashboard so that we can see if there's any particular location that's a 'pain point'... any idea how to do this? I need the plotting step to be completely automated cos I already know how to automatically insert new rows into the mySQL table whenever a new complaint comes in.
I've done some Googling and i usually see people talking about manually importing an Excel file with the co-ordinates... This won't work for me cos we get thousands of calls coming in daily and the whole process needs to be completely automated for it to be practically feasible.
Ok, some background about me: I'm not a 'proper' developer... I've never worked in a structured dev environment. I'm just someone who knows a little bit about dev and I've had to write some code cos there was nobody else to do it
I can do some mid-level Java (I've written a few servlets that run on tomcat ...they listen for HTTP requests and respond with some XML... nothing hectic) and I know enough about mySQL to be able to work with it comfortably.
I'd really appreciate any help with my plotting question

WP8 Malware?

I was just reading an article concerning malware on Windows Phone 8
Google News Search "Windows Phone 8 Malware"
From the article
"A 16-year-old security researcher from India plans to present a malware application for Windows Phone 8 at the upcoming MalCon security conference in New Delhi, India, on Nov. 24.
According to a brief description of the presentation on the MalCon website, it will show approaches and techniques for infecting Windows Phone 8 devices and will demonstrate how the prototype malware can steal contacts, upload pictures, access text messages and more."
Will this affect WP8 sales...it certainly doesn;t look good for this to happen so close to the launch...will we need to install AV software on our phones now too?
"Stealing contacts" is not that hard to do, since your app can read the contacts (you don't need any hacking to do that).
But reading + sending them to your server will make the marketplace instantly reject the app. So i doubt there's a problem.
I also don't see how you can infect a windows phone, given that .Net and Secure Boot make it almost invulnerable to everything.
rob243 said:
I was just reading an article concerning malware on Windows Phone 8
Google News Search "Windows Phone 8 Malware"
From the article
"A 16-year-old security researcher from India plans to present a malware application for Windows Phone 8 at the upcoming MalCon security conference in New Delhi, India, on Nov. 24.
According to a brief description of the presentation on the MalCon website, it will show approaches and techniques for infecting Windows Phone 8 devices and will demonstrate how the prototype malware can steal contacts, upload pictures, access text messages and more."
Will this affect WP8 sales...it certainly doesn;t look good for this to happen so close to the launch...will we need to install AV software on our phones now too?
Click to expand...
Click to collapse
Unless you unlock the device and install that software by yourself, i don't believe it ever gonna pass marketplace check before it get online.
Well I am interested to see how its done, apparently the guy will present the proof of concept on the 24th
There are ways to get past checks run in the Marketplace ingestion. This has been previously demonstrated with PoC malware on iOS, which has similar protections. Don't assume it's impossible, especially if native code use is permitted.
Please note that there is a difference between native and unmanaged code, don't mix them up.
Native code has always run on Windows Phone. Both C++ and C# produce native code. The first is un-managed, whereas the second is managed.
Visual C++, the one we use in Windows Phone is, just like C#, a managed native language. It achieves almost the same performance as the standard C++,due to the more optimized compiler. It is possible to run standard C++ on Windows Phone, but it is very difficult to do so because the marketplace knows which compiler you used to make your app (if visual studio is not there, no no). The marketplace also knows which API you use (no Windows Phone API for C++, again a big NO for the submission).
Now, the difference between native and non-native code...
Native code always ends up as 1 and 0. The very code you write in C# will, at some point, end up as 1s and 0s. Same goes for C++(managed or not). The difference between C# and C++ is that the compiler inserts some failsafes into the code (lots of ifs) to check for exceptions. This does not happen in C++.
So the path for C# is like this:
C# code -> MSIL->Native code which is run on your devices (compilation is either done at install time, or in the clouds).
the C++ code we use in Windows Phone has basically the same path! However, the more mature compiler and the "no-failsafe policy unless instructed to" that all C++ variations enforce make the code faster while less safer.
A non-native language will never, ever get the code a developer writes compiled to 1s and 0s.
Such an example are web programming languages, and Java.
For Java, the process is like this
Java code -> various stages of compilation>byte code -> JVM interprets bytecode and then sends 1s and 0s to the CPU to execute-> CPU sends 1s and 0s results back to JVM which displays the results.
As such, Java is somewhat safer than C#, but also a lot slower.
The advantage of using an interpreted language is that you know the hardware capabilities of the device beforehand, and optimizations can be made on the spot.
Microsoft, however, took the middle road with C#. They gave it all the advantages of an intepreted language (due to the MSIL step, the .Net always knows how hardware it runs on, so the MSIL will always target all the hardware capabilities for your CPU, GPU and RAM), while also running on native code, which makes it very fast. They also decided to push in the same failsafe checks Java inserts in its code. This resulted in a slightly slower code when compared to C++.
As a developer, I think the reason for dropping XNA development by Microsoft wasn't its speed. C# could easily run games, and the thousand XNA games we have on the marketplace bear testimony to that. They brought C++ on board because porting apps from one platform to another would be easier this way, especially for apps coming from android or iOS).
Anyway, having said that, the C++ we use on phones does not have the capabilities to access the hardware or the system the same way it has on desktop. It doesn't have more power than C# already did. It is just used there for other reasons. I don't think it will pose any threat to security. Desktop evolved in a different way. Microsoft learned the lesson of system protection a long time ago. They won't repeat the same mistakes now. It wouldn't surprise me if they actually had some sort of AV software built in, just to be sure.
There are so many factual errors in the above post I don't even know where to begin...
"Native" in this sense refers to apps written in a language which gets built ("compiled" although that technically involves compiling, assembling, and linking) directly into machine code ("0s and 1s" is a silly way to describe it, since *everything* on a computer, from programs to plain text files to MSIL or Java bytecode are all binary). Machine code means a binary sequence that the processor can directly execute. This is also referred to as native code, i.e. code which executes on the processor without needing an intermediary layer.
Although technically "native" and "unmanaged" mean different things, the difference is not what you think it is, and it's not very relevant to this discussion. It's entirely possible to have a native managed language ("D" was supposed to be such a thing; I'm not sure to what degree managed C++ qualifies) and to have intermediate-compiled unmanaged languages (you could, for example, distribute unmanaged programs compiled to LLVM bytecode; some systems might actually be doing so). However, MS themselves typically use "native" to mean "not managed", as evidenced by things like debugger modes.
These days, almost everything gets JIT (Just In Time) compiled to machine code even if the build tool didn't produce native machine code itself. This applies to .NET code (gets built as MSIL), Java (gets built to Java bytecode or Dalvik bytecode if on Android), JavaScript (doesn't go through a build process at all, but modern browsers JIT compile it to native before execution nonetheless), and many other languages. Interpreting is slow and requires a lot of memory overhead as well (you have to run the interpreter in parallel with the program actually being executed).
Although it is possible to invoke managed code from native code (only a little messy) and vice-versa (very common, see P/Invoke or COM interop for .NET, or JNI for Java), this should not be confused with them being the same thing. Yes, by the time they reach the CPU instruction decoder they're the same, but the process of loading the program, and the "runtime" environment that it interacts with, are very different indeed. Managed code uses a memory manager (hence the name), which takes care of things like defragmenting and freeing memory (via the garbage collector). This fundamentally violates a number of assumptions common to unmanaged code, such as that the address of data in memory will never change on its own, and that once allocated, a block of memory on the heap remains reserved until manually freed.
Another important difference is that managed languages must use abstractions of function pointers (for example, .NET delegates). In native languages it is possible (though generally unwise) to specify an absolute address (0x040C7F06 or some such) as a function pointer, and call that "function" (which results in the processor attempting to execute instructions starting from that memory address). In practice, this kind of thing is almost never done in PC software; it's bug-prone, completely un-portable, incompatible with security features like ASLR, very difficult to debug (this is the kind of thing that malware might use to make reverse engineering it harder), and there's typically no reason at all to do so.
However, the fact that it's *possible* is a Big Freaking Deal for somebody looking to work around a runtime security check. Consider this: Sliverlight on WP7 doesn't allow arbitrary LoadLibrary (or Assembly.Load, or similar) calls. The APIs available to your app are the ones included in its DLLs, and the ones in the Silverlight for WP7 runtime libraries. Even though the desired functions exist on the OS, and are even linked into program memory, you can't call them because there's no way to get a delegate for them. Now, compare this to native code, where you can literally just scan the code section of your app's memory until you find the entry point for the function you want, then treat that address as a function pointer and jump right into it.
Now, to be fair, I haven't actually written any official WP8 C++ yet. However, I can tell you that the trick mentioned above works just fine in Windows Runtime C++ on both Win8 and Windows RT, which are also supposed to lack APIs like LoadLibrary, and I therefore suspect it will work fine on WP8. Some experimentation is due, in any case.
GoodDayToDie said:
There are so many factual errors in the above post I don't even know where to begin...
"Native" in this sense refers to apps written in a language which gets built ("compiled" although that technically involves compiling, assembling, and linking) directly into machine code ("0s and 1s" is a silly way to describe it, since *everything* on a computer, from programs to plain text files to MSIL or Java bytecode are all binary). Machine code means a binary sequence that the processor can directly execute. This is also referred to as native code, i.e. code which executes on the processor without needing an intermediary layer.
Although technically "native" and "unmanaged" mean different things, the difference is not what you think it is, and it's not very relevant to this discussion. It's entirely possible to have a native managed language ("D" was supposed to be such a thing; I'm not sure to what degree managed C++ qualifies) and to have intermediate-compiled unmanaged languages (you could, for example, distribute unmanaged programs compiled to LLVM bytecode; some systems might actually be doing so). However, MS themselves typically use "native" to mean "not managed", as evidenced by things like debugger modes.
These days, almost everything gets JIT (Just In Time) compiled to machine code even if the build tool didn't produce native machine code itself. This applies to .NET code (gets built as MSIL), Java (gets built to Java bytecode or Dalvik bytecode if on Android), JavaScript (doesn't go through a build process at all, but modern browsers JIT compile it to native before execution nonetheless), and many other languages. Interpreting is slow and requires a lot of memory overhead as well (you have to run the interpreter in parallel with the program actually being executed).
Although it is possible to invoke managed code from native code (only a little messy) and vice-versa (very common, see P/Invoke or COM interop for .NET, or JNI for Java), this should not be confused with them being the same thing. Yes, by the time they reach the CPU instruction decoder they're the same, but the process of loading the program, and the "runtime" environment that it interacts with, are very different indeed. Managed code uses a memory manager (hence the name), which takes care of things like defragmenting and freeing memory (via the garbage collector). This fundamentally violates a number of assumptions common to unmanaged code, such as that the address of data in memory will never change on its own, and that once allocated, a block of memory on the heap remains reserved until manually freed.
Another important difference is that managed languages must use abstractions of function pointers (for example, .NET delegates). In native languages it is possible (though generally unwise) to specify an absolute address (0x040C7F06 or some such) as a function pointer, and call that "function" (which results in the processor attempting to execute instructions starting from that memory address). In practice, this kind of thing is almost never done in PC software; it's bug-prone, completely un-portable, incompatible with security features like ASLR, very difficult to debug (this is the kind of thing that malware might use to make reverse engineering it harder), and there's typically no reason at all to do so.
However, the fact that it's *possible* is a Big Freaking Deal for somebody looking to work around a runtime security check. Consider this: Sliverlight on WP7 doesn't allow arbitrary LoadLibrary (or Assembly.Load, or similar) calls. The APIs available to your app are the ones included in its DLLs, and the ones in the Silverlight for WP7 runtime libraries. Even though the desired functions exist on the OS, and are even linked into program memory, you can't call them because there's no way to get a delegate for them. Now, compare this to native code, where you can literally just scan the code section of your app's memory until you find the entry point for the function you want, then treat that address as a function pointer and jump right into it.
Now, to be fair, I haven't actually written any official WP8 C++ yet. However, I can tell you that the trick mentioned above works just fine in Windows Runtime C++ on both Win8 and Windows RT, which are also supposed to lack APIs like LoadLibrary, and I therefore suspect it will work fine on WP8. Some experimentation is due, in any case.
Click to expand...
Click to collapse
Well, I was just trying to get a "basic picture" of the thing, but thanks for going into much more details.
As I said, the C++ we use in Windows Phone, just like C# on Windows Phone, functions in a different way compared to Desktop or Tablet version(hell, with C# on desktop you can easily do the memory scan thing and find stuff in the OS, not only in your app, but that is generally not needed, since C# on desktop has a much boarder and less limited API) . Unlike the former two, you can't interact outside your application, because your application is sandboxed. Even if you did find the pointer to a system protected function, you wouldn't be able to do squat with it(the system protects itself). Which is why I said C++ can't do things C# already couldn't. In theory, yes you can do what you said, in fact, i expect it to be possible on rooted rooms, but for the average joe...well...it very unlikely to happen, unless he does something stupid.
As for the JIT story, well, yes, Java does use JIT. However, it does so because it doesn't know before hand on what hardware it will run. The same happens with C# and .Net on desktop, and this is due to hardware variations. Right now, for windows phone, the "JIT" occurs directly in the clouds, or at install time, as all Windows Phones (8) use snapdragon chips.
I didn't say there were no differences between the code C# and C++ create at run time. The abstraction layers inserted by the compiler fall under the "failsafes inserted in code that slow things down", which C++ doesn't have. Also the more mature compiler (C++has like 40 years of xp, C# barely made 10, and only 3 on Windows Phone), the "true native" (happy now?) code it generates (which is very close to assembler language) makes C++ faster than C#, but not fast enough nor safe enough to phase out C# entirely.
In fact, if we still have this board 10 years from now, we might C# eventually take down C++.
We should avoid getting into a technical talk in this thread. As you can see, there are non-developers coming by, and an answer such as yours will completely and utterly confuse them. What I attempted to provide was a very basic image they could understand, like JVM sending 1s and 0s to CPU is the same as JIT.
Let's wait and see what we will be presented with. Currently the only thing a WP8 Managed App can't do that was mentioned was reading the SMS-Storage. Everything else is part of the official APIs. It might be that similarily to several WP7 hacks OEM drivers are being used to gain access.
The only thing that would really worry me was if he was able to provide a way to install his Malware bypassing the Marketplace. It might be interesting though for the Jailbreak community, given that any jailbreak bascially means exploiting a security vulnerability to elevate the rights of the current process to allow for those unlocks.

[Q] Altering Shutdown Message

Good Evening Guys,
A few quick questions for you this Wednesday evening; looking to make some customizations to my Windows Phone. I would like to alter the word "Goodbye" when the phone turns off to display alternative text.
Question 1: Is anyone familiar where these settings are stored in the root offhand?
Question 2: Can anyone confirm if this is simply text or a prerendered image?
Questin 2: Has anyone ever tried anything like this before?
Best Regards!
Device Type
Almost forgot:
Nokia 1020
OS:8.0.10521.155
Um... we can't even made the smallest of changes to the Lumia file system (outside of the user documents/media folders and the app folders) or registry. Trying to change system stuff like this is pretty out of the question.
Since you ask, though: to the best of my knowledge, nobody has found that even on the Samsung Ativ phones, for which we have most of a working "jailbreak".
The string that is displayed is probably pulled from a .MUI file.
Thanks for the feedback guys. If I make any headway, I will post back. Would love to have the device power down with "Will I dream?" from 2010 The Year We Made Contact.
That would indeed be cool. You've got an uphill battle, though. If it is, in fact, a .MUI file then it's probably signed (MUIs are technically DLLs, and although they are usually just loaded as resource files they can contain executable code so I expect Microsoft signs and enforces signature checks on them). Thus even if you get filesystem write access, it may not work.
A true custom ROM, where you could remove the signature check requirements, would probably work. That's no simple thing to ask for, though!
Shut Down Message
GoodDayToDie said:
That would indeed be cool. You've got an uphill battle, though. If it is, in fact, a .MUI file then it's probably signed (MUIs are technically DLLs, and although they are usually just loaded as resource files they can contain executable code so I expect Microsoft signs and enforces signature checks on them). Thus even if you get filesystem write access, it may not work.
A true custom ROM, where you could remove the signature check requirements, would probably work. That's no simple thing to ask for, though!
Click to expand...
Click to collapse
What is free time for if not to obsess over little niggly things? Thanks for the feedback

Categories

Resources