Related
You’ve installed a new application and, now, can’t boot in your Pocket PC? Ever wondered how you can boot into a Safe Mode similar to the desktop Windows Safe Mode to disable all third-party applications and services? Read this!
1. A quick (executive) summary
If you don’t want to read the article in its entirety (I DO recommend the latter – it contains a LOT of never-before-published tips and plain English explanations of what is happening behind the scenes!), here’s what you should do:
depending on your preferences, get either Spb Pocket Plus or iLauncher, install it
if you encounter boot-in problems (the device wouldn’t boot after installing a new application and resetting the device), make sure you quickly (in less than one minute after the first reset attempt) reset the device so that the Safe Mode boot message is triggered and displayed
when the above-mentioned message is displayed, tap the screen area; Spb Pocket Plus / iLauncher will boot in Safe Mode
now, simply go to Settings/System/Remove Programs and remove the application
finally, click the “Reset” button on Spb Pocket Plus / iLauncher. It’ll reboot in the standard (non-safe) mode – now, without the offending application.
1.1 Non-bootable Pocket PC’s?
However much the Windows Mobile operating system is much safer than many desktop operating systems, there may be cases when things just go wrong and you just won’t be able to boot in: after resetting the device, it will just hang at the boot splash screen.
This is particularly true of cases when you install new software. There are some well-known software products (or unlucky combinations of them) that are bound to cause sometimes severe, reset-time problems. Just two of the well known “dangerous” cases:
some old(er) ThinkOutside StowAway drivers (for example, version 4.3) installed on some specific Pocket PC models (for example, the Fujitsu-Siemens Pocket Loox 720): after the (self)-reset upon installation, the device, in general (particularly if you don’t enable Bluetooth before starting the install), most probably just hangs and not even subsequent resets help in most cases.
trying to install the two great Pocket Internet Explorer / Internet Explorer Mobile plug-ins MultiIE and PIEPlus on the same time (not all the time, mostly when it’s not a clean device). In these cases, if you’re unlucky enough, the device is rendered unbootable and you will need to do a hard reset if there are no other chances to make it work again. (Note that alone these plug-ins cause no problems at all. Also note that this is the case with all the versions I’ve tested – even the latest ones.)
In this article, I explain how, with which applications you can fight all these problems. First, I provide a generic overview of the booting sequence of the Windows Mobile operating system so that you know where things can go wrong. Note that you don’t need to understand it: if you don’t, it’s no problem, you will still understand the rest of this article. However, it casts light on a lot of issues discussed in the article and, therefore, is highly recommended.
2. The booting sequence
In this section, I explain the sequence the Windows Mobile operating system executes software during booting in. Software also means third-party software – that is, software like the above-mentioned MultiIE, PIEPlus or the StowAway unified driver. Note that I don’t explain how system software is booted in as it’s irrelevant in this case: I only pay attention to explaining how third-party software is executed. Again, it’s user-installed third-party software that causes unbootability problems.
2.1 HKEY_LOCAL_MACHINE\ init\
The first place Windows Mobile can run into user-installed software is the executable list stored in the Registry, under the HKEY_LOCAL_MACHINE\ init key. (I’ll also refer to HKEY_LOCAL_MACHINE as HKLM.)
This list (to put it simply) contains values named LaunchX with the value of an EXE file contained in \Windows. The name, LaunchX, ends in a number (here, denoted by an X); in general, it’s between 1 and 80…90 and can take any value in between. The smaller the number, the more early the execution of the given application. For example, if, say, the systems executable gwes.exe is Launch30 and, say, the third-party executable SafeMode.exe is Launch49, then, you can be sure it’s gwes.exe that executes first and only after this follows the execution of SafeMode.exe.
2.1.1 HKEY_CLASSES_ROOT\CLSID DLL’s
In this section, not only direct execution is possible: it’s also now that the (executable), in the HKEY_CLASSES_ROOT\CLSID (I’ll also refer to HKEY_CLASSES_ROOT as HKCR) section registered DLL files are (indirectly) executed. For example, both MultiIE and PIEPlus (as far as the current versions are concerned; older versions still used the “traditional” \Windows\ Startup directory to start them) are initialized this way.
This also means you can only avoid problems caused by DLL’s listed under HKEY_CLASSES_ROOT\CLSID if you use a Safe Mode application that is loaded before the latter DLL’s are loaded. Only Safe Mode applications that are loaded in the first stage (that is, from HKEY_LOCAL_MACHINE\ init) are capable of this – in our case, Spb Pocket Plus only.
2.1.1.1 Third-party Software Input Panels
Third-party Software Input Panels (SIPs for short) may also cause lock-up problems. Therefore, it may also be advantageous for a Safe Mode application to disable all the non-standard SIP’s to allow for booting in the device. SIP’s are also stored under HKEY_CLASSES_ROOT\CLSID and are a special class of executables.
2.2 HKEY_LOCAL_MACHINE\ Services
After the HKEY_LOCAL_MACHINE\ init executable files and the HKEY_CLASSES_ROOT\CLSID DLL’s have been loaded / initialized, the operating system loads the services listed in HKEY_LOCAL_MACHINE\ Services, also in the Registry.
In addition to systems applications and services (for example, the OBEX driver), many Today plug-ins (for example, two of the reviewed Safe Mode applications, the non-Safe Mode related services of Spb Pocket Plus etc) and drivers (for example, the ThinkOutside drivers) register themselves in there. Therefore, it’s essential to have a Safe Mode application that is able to disable at least third-party applications in this section. Fortunately, all the available Safe Mode applications are capable of this, unlike with stopping the execution of the above-discussed executable third-party apps.
2.3 \Windows\ Startup
The most widely known place that contain autostart applications is the \Windows\ Startup directory in the file system. Not the Registry: it’s the only stage of loading third-party applications that they are directly stored in the file system. Many (much more than in the first three cases) applications are started from here (for example, the StowAway auto-starting configuration dialog after the install). Therefore, it’s essential for a Safe Mode application to disable all the applications that are stored or linked from \Windows\ Startup.
2.4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Today
Finally, the Today plug-ins are loaded. Their list is stored in the Registry, under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Today key.
2.5 A quick note on the DB_notify_events database
Note that the “NOTIFICATION_EVENT_WAKEUP”, that is, the “The device woke up” event (which is sent via CeEventHasOccurred) is only sent when the device is powered up, NOT after a soft reset (there is no “callback after a soft reset” notification in WindowsCE as can also be seen in here).
This means Safe Mode applications need not disable any kind of events in DB_notify_events. (See Why ActiveSync- or Remove Programs-based uninstalling may not be sufficient? for more information on this database if interested. Note that as of version 2.0+ and 4.1+ (respectively), Skype and eWallet no longer register themselves in DB_notify_events.)
3. How do Safe Mode software products work?
3.1 Invocation, auto-timing
They are in common in that they ask the user whether he or she wants to boot into “safe mode”. To do this, the latter needs to either tap the screen (in a given region) or press a given hardware button (with one of the applications, mCube, this can be even configured; with the two other applications, only the Action button can be used for this.)
Two of the Safe Mode applications also offer a really decent feature: timing features. This mean they only present a “do you want to boot into safe mode” message if the last reset was less than one (with Spb Pocket Plus) or two (with iLauncher) minutes ago. Particularly with Spb Pocket Plus, where displaying the dialog may, on some (not all!) Pocket PC models, mean a six-seven-second long additional pause in the booting sequence, this is a big advantage over the “message is always displayed” case.
In most cases, using the timing feature will prove really useful. After all, if you have boot-time incompatibility problems, you are likely to reset your device quickly one after another. Even with the slowest-to-boot WM5 devices, this may mean consequent resets in under one minute. While Safe Mode apps operated in this mode won’t display the switch message (and won’t actively listen to the user input) during the first reset, they will do so upon encountering the second if it’s done really soon (as you would do when struggling with un-bootability problems).
3.2 Renaming / moving files and/or Registry keys/values
When the user instructs the given Safe Mode application to boot into Safe Mode, it, after doing some housekeeping (of which I’ll elaborate in this very section), it restarts (soft resets) the device again – now, already in Safe Mode.
To understand what happens during this is actually very easy and logical, particularly if you look at what two (mCube, iLauncher) of the three Safe Mode applications do. That is, they just move away the links/ executables from \Windows\ Startup to another directory in the file system and modify the Registry (SIP’s, Today plug-ins and HKLM\ Services) so that the system won’t be able to access these. Then, they just reboot the PC and let it just boot in as if it booted normally – now, without additional SIP’s, Today plug-ins, \Windows\ Startup applications and HKLM\ Services; that is, the potentional harmdoers. This means it’s only with very few cases that the device remains unbootable (again, the MultiIE + PIEPlus (HKCR/CLSID) case, where only Spb Pocket Plus is usable).
As soon as you’ve finished fixing the problems (for example, with the StowAway drivers, just manually starting the Bluetooth unit of your Pocket PC and, then, manually starting the StowAway application – this will fix everything), you just instruct these applications (by clicking their Reset buttons or other, designated screen areas) to move back all the links and executables to \Windows\ Startup in the file system and restore all the original registry values / keys from the backup (which you may already have modified) and just restart the machine.
Note that if you don’t use the Reset facility of the Safe Mode applications but directly reset the PDA (you shouldn’t do this, but, as is explained here, it won’t cause problems), they will notice (during the next reboot) this and will restore them. Notice that, in this case, you may end up having to re-reset the device again. (I’ve also thoroughly tested and elaborated in the comparison chart on this.)
Using a backup copy of these settings also means you should NEVER uninstall iLauncher or mCube while it’s in Safe mode; it’ll never restore your “unsafe” SIP / \Windows\ Startup files/ Today / HKLM\ Services settings and you’ll end up having to restore them yourself by hand, which isn’t easy for a newbie.
Note that Spb Pocket Plus, as opposed to the two other applications, does not rename / move files / registry values around. It uses much more sophisticated techniques to avoid loading unneeded, third-party boot-time stuff. This also means you don’t need to know how it modifies these values in order to be able to manually clean them up.
3.3 Cleaning up the device
Now that we know where the most “problematic” references are stored, let us have a look at whether these applications have built-in support to access these areas or you’ll need an external registry editor and a file explorer to make the cleanup.
One of the applications, mCube, contains a GUI that lists all these areas (except for HKLM\ init and non-SIP HKCR\CLSID stuff). That is, with it, you can use its (excellent) GUI to review all the potentially dangerous links or registry entries and can even delete them by hand.
Of course, the Settings/System/Remove Programs is the best way to do this, particularly with Registry entries. Note that, however, as mCube and iLauncer will copy back a saved file system/registry snapshot when you instruct them to reboot, some dead links may remain if you use Remove Programs. In this respect, Spb Pocket Plus’ backup-less solution is the best: Remove Programs will directly remove all the associated links / references and, consequently, you won’t run into ‘dangling link’ problems after a reboot.
The two other applications don’t offer any GUI like that of mCube. However, as most problems can (and, because of the high number of inter-related files and Registry entries, should) be fixed by simply using Settings/System/Remove Programs, this isn’t a problem.
4. Safe Mode software
4.1 Spb Pocket Plus
(tested, current version: 3.1.2)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As far as Safe Mode functionality is concerned, this application is definitely the best. It’s better than the mCube app in that it’s also WM5-compatible. It’s also excellent in that it’s able to avoid loading HKCR\ CLSID classes (unlike the other two alternates): for example, this is why it’s the only application that offers MultiIE + PIEPlus clash-resolving capabilities.
Note that it doesn’t have full HKLM\ init filtering capabilities (I’ve tested this pretty thoroughly): if a misbehaving third-party program registers itself in HKLM\ init, not even Spb Pocket Plus will be able to boot in. Fortunately, very few applications register themselves in there and their number is constantly decreasing, particularly because of my article published a year ago on the matter (alternates: MobilitySite, AximSite, PPC Magazine, FirstLoox, BrightHand). For example, the latest version(2.98 and 1.65, respectively) of neither XCPUScalar nor Mad Programmer’s ForceHiRes register themselves in this section any more (but in the “traditional” \Windows\ Startup instead). (Note that, consequently, I needed to use version 1.51 of ForceHiRes, which still does this, in my current tests to find out more about real HKEY_LOCAL_MACHINE\ init protection.)
This application has some disadvantages too. The most important is, as opposed to the two other apps, is the slightly increased boot time on some (not all!) Pocket PC models. On the WM2003SE F-S Pocket Loox 720, for example, the boot-in time is extended by six to seven seconds with always-on Safe Mode boot-time prompt; that is, if it is configured to actively ask the user whether the latter wants to switch to safe mode. By default (if you use the timer-dependent, default mode), there will be no additional waiting – that is, it’s highly preferable to use Spb Pocket Plus’ default Safe Mode setting, which only offers the (and, therefore, incurs the 6-7-second penalty) user the possibility of rebooting into Safe Mode if the last soft reset was less than a minute ago.
Note that there are no delay problems on some other devices; for example, the Dell Axim x51v . With ROM version A12, it boots in about 32 seconds, with both Safe Mode prompt disabled and enabled. That is, you will want to measure the boot time of the application on your particular PPC model to see whether you want to enable the always-on prompt or leave it at the default, timer-only mode to speed up the booting process.
It has no GUI to edit the contents of \Window\Startup or the Registry. However, this isn’t a big problem as in most cases you’ll just uninstall the misbehaving program, where the backup-less architecture of Spb Pocket Plus will really pay off in having no further problems of dangling, “dead” links.
4.2 iLauncher
(tested, current version: 3.0)
The brand new version of SBSH’s excellent Today launcher iLauncher also has support for Safe Mode.
Its Safe Mode capabilities are pretty good but, unfortunately, not as good as that of Spb Pocket Plus (read: there is no HKCR\ CLSID protection). However, it's still a good choice, particularly if you, generally, prefer it as a complete Today launcher and task manager solution to Spb Pocket Plus. I'll publish a complete comparison of the two applications in this respect later.
4.3 mCube's SafeMode
(tested, current version: 1.02. Note that mCube’s site is down for maintenance; it’s available here)
This free and, unfortunately, WM2003(SE)-only application was the first on the Pocket PC to deliver real Safe Mode.
In some respects, it’s certainly better than the two alternates (most importantly, the price (free), the GUI, the ability to assign any hardware button to it etc). It, however, is clearly worse than Spb Pocket Plus as far as HKCR\CLSID DLL file loading is concerned (and, of course, it isn’t WM5-compliant).
Therefore, while its price can’t be beaten, I recommend both Spb Pocket Plus and iLauncher over it – particularly for WM5 users.
5. The comparison chart is HERE (click the link to see the chart!)
5.1 Explanation for the chart
There isn’t much to explain here as the contents of this chart should already be clear if you understand Chapter 2 of the article.
6. Verdict
If you want to have the absolutely best solution, go for Spb’s Safe Mode. It, being loaded on the first real occasion, offers far better protection against bad-behaving programs than the other solutions.
If you don't want / need protection against misbehaving, HKCR \ CLSID-registered applications and/or would prefer iLauncher's capabilities over those of Spb Pocket Plus, go for the former - it's a very good application too and, as has already been pointed out, there are very few HKCR \ CLSID-based, "problematic" applications.
Hi Menneisyys,
Thanks for the great in-depth report. Your comments are always very valuable and useful to me in improving the software.
Although clearly there is plenty of room for improvement with iLauncher's safe mode, I'd like to point out two factual errors:
1) iLauncher safe mode can be engaged when tapping on the Action button (center of the D-Pad) when the prompt is displayed.
2) iLauncher safe mode does disable services. However, it will allow services to run that were installed prior to installing iLauncher.
Again, thank you for your great analysis. As always I take this as a challenge to improve.
-Jason-
Thanks for the comments!
JasonLP said:
1) iLauncher safe mode can be engaged when tapping on the Action button (center of the D-Pad) when the prompt is displayed.
Click to expand...
Click to collapse
Thanks, fixed this in the chart.
JasonLP said:
2) iLauncher safe mode does disable services. However, it will allow services to run that were installed prior to installing iLauncher.
Click to expand...
Click to collapse
Yeah, you're right. I've tested services' disabling with the Battery bar previously installed; this is why I've missed this (wouldn't have thought it only disables services installed only later). Will fix this mistake ASAP and accordingly rewrite the article.
Article greatly updated, thanks to JasonLP.
Thanks for the review Also, I'd like to mention my website is back up - SafeMode is also available there.
Cheers,
monocube
Great news!
Perfect!
Congratulations...
4/5 imo.
nothin new.
Hi,
I just dont really understand.
You said about "un-bootable" PPC, what does it means?
For example: I installed BADAPP.EXE and after that I did a soft-reset (boot?). Then the PPC is not started (unbootable).
Is this the situation?
If it is not started anymore, how can I fix the problem by using those 3 apps (mcube, pp+, ilauncher) ?
Or I guess I understood incorrectly?
gogol said:
Hi,
I just dont really understand.
You said about "un-bootable" PPC, what does it means?
For example: I installed BADAPP.EXE and after that I did a soft-reset (boot?). Then the PPC is not started (unbootable).
Is this the situation?
If it is not started anymore, how can I fix the problem by using those 3 apps (mcube, pp+, ilauncher) ?
Or I guess I understood incorrectly?
Click to expand...
Click to collapse
After bad installation Windows can hang on after the second splashscreen (experienced that several times). Safe mode can help in such cases (tried iLauncher safe mode) though I prefer regular backups and conservative approach to installation of unknown applications.
nothin said:
4/5 imo.
nothin new.
Click to expand...
Click to collapse
And what about safe mode 2? Somebody has tested it?
I like that it¡s a standalone app for this purpose.
http://www.monocube.com/content/view/20/36
nothin said:
4/5 imo.
nothin new.
Click to expand...
Click to collapse
Unfortunately, I don't have the time to keep all my Bibles updated with links pointing to my newer articles / roundups.
I've also reviewed the Safe Mode apps / additions released since the release (and also posted here at the General forum) - it's just that I ddidn'thave the time to post a UPDATE post in this thread.
rodalfa said:
And what about safe mode 2? Somebody has tested it?
I like that it¡s a standalone app for this purpose.
http://www.monocube.com/content/view/20/36
Click to expand...
Click to collapse
Yup, tested and reviewed in a newer article; liked it.
Hi guys,
for a few months now I am looking for a remote control for my Diamond. The best solution I found so far is the PPC Tablet Remote Control Suite, but this does not have all the features I need.
What I am looking for is a tool which allows me to define my own buttons (PPC Tablet does this) and also to create a script behind (PPC Tablet only sends key strokes). E.g. I want to have a full media center conrol app, including the control of my favorite programs, DVBViewer, Foobar2000 and the KMPlayer. Everyone of those has already several shortcuts. I can address them from PPC Tablet, but I can not start the programs. I also cannot shutdown Windows or in-/decrease the system volume if needed. This would only be possible if the tool sends a command like {volume_down} to a server processing tool, which then has a database where this command is linked to lowering the system volume (a kind of scripting language). My infrared remote has that ability, but I want to get rid of it since it only controls the DVBViewer in a correct manner.
I already heard of a tool called "Girder", but am not sure whether this is the right thing for me.
I hope I did not scare you off by this quite long text and would be very happy if someone could recommend a suitable application to me.
Regards and thanks in advance!
did you try Salling Clicker? you can create your own (java) scripts for it and a lot of scripts are shared on the salling clicker forum...
Hi,
thanks for the quick reply. Yes, I have been to the homepage, but have never installed it (I thought there may be an easier - code less - solution out there). I just dont like java very much, but I'll give it a shot.
Thanks!
check out theire forum, a lot of custom scripts are submitted and working very well! you can quite easily script yourself by starting from some other script and modifying it to your needs...
A quick update on this one:
http://forum.xda-developers.com/showthread.php?t=574593
We are trying to get as many contributors as possible at the moment, be it for beta testing or active programming.
My situation:
In my company we have about 30+ handsets currently running Android (standard and custom ROMs from XDA). The handsets include HTC Desire HD, HD2, Desire S and Desire Z. The users cannot be trusted not to brick the phones if they are allowed to download apps and modify them in anyway (not to mention they are business phones so shouldn't have facebook etc on them any way).
I've heard about admin tools which allow control of handsets remotely.
Requirements:
So, if possible, what i would like does something along the lines of...:
1: Blocks further apps from being added to the handset without a password
2: A lock to keep as many of the settings as is originally provided (wallpaper etc)
3: A master admin tool which i can remotely manage all the handsets from (download requested and approved apps, wipe, lock, locate and reset the phones if lost...etc)
What i have done before to stop the users adding further apps is register my email address to Android Market on all the phones, then changed the password using my desktop). While this stops new apps from being downloaded from the market, it does mean i cannot remotely roll out approved apps as they are no longer signed in to the account.
Is there anything out there which does any/all/some of the above?
Is there one tool which can manage all these tasks? Or will it have to be seperate apps like Norton Mobile Security (such as) etc?
Can anyone get their heads around this?
Thanks!
The market lets you download apps to a phone.
Lookout Security does all of the security tasks you want.
Thanks, that would take care of the remote wiping, locating and locking.
Does Android provide any corporate setup for administration of lots of handsets? Surely this is a niche in the market for some devs to jump on if there isn't something like that already.
And i know Android Market allows you to remotely download apps to multiple phones but i want to make it impossible to download through the phone itself. (so i can add apps but the user can't)
Something that performs like MFormation Enterprise Manager but avoiding the $20k price tag! (a tall order i know)
Sonic_Sonar said:
Something that performs like MFormation Enterprise Manager but avoiding the $20k price tag! (a tall order i know)
Click to expand...
Click to collapse
Hello,
Have you found any apps that fit your needs? Do you use them? If no, is your organization still interesting in mobile device management service?
I'm asking because I'm working for http://bloove.com (personal phone management service) and we're going to expand our offer to small and medium companies.
This new service will combine existing contact, sms, phone log and bookmark backup for personal phone with MDM features like centralized app management, location and wipe service etc.
We're looking for early adopters who will have a chance to add their custom requirements to the service and get this service for free for up to six months.
Please let me know if you're interested and want to discuss this further.
Thank you,
Rostislav
[email protected]
Please use the Q&A Forum for questions Thanks
Moving to Q&A
I did something like this ...
I first installed openssh server, plus a script that checks a specific URL for remote access needs (had to do it that way since my carrier blocks connections on all ports).
The server side is a simple php script that you call like this: check.php?deviceid=[ID]. The script checks a DB to see if there is anything new for that device ID and acts accordingly. I implemented three features: Tunnel, Script, Install APK. So, If I want to install an APK to all devices, I just upload it on our webserver, and on the MySQL DB I add devices id = all, action=install, file=/apks/whatever.apk. If, for instance, I want to do something more complex on certain devices, I add: id = all, action=script, file=/apks/whatever.sh. I write the script, then all phones check for updates on this check.php every 5 minutes, if they find a script, they'll download and execute. If it's an APK, they'll download and install. If I insert a line with deviceID=[deviceid], action=tunnel, file=[PORT NUMBER], then the phone will SSH into a remote server and do a reverse port forward, on [PORT NUMBER]. Then I can just SSH into localhost:[PORTNUMBER] on the server, and I'll have a terminal inside the phone to do whatever I need.
This doesn't address the restrictions issue, but it does allow you to control the phones however you want.
Regards,
Almafuerte.
RT Jailbreak Tool
By Netham45, Version 1.20
An all-in-one program to jailbreak Windows RT tablets using the method recently released by clrokr
Usage
Boot your RT device and log in, allow it to sit on the desktop for about a minute.
Extract all files out of the latest version of the .ZIP attached to this post. To do this on Windows RT, right-click on the .zip, choose 'Extract all', and select the destination folder.
Run runExploit.bat. It'll prompt you to either install the jailbreak to run on login, uninstall it not to, or run the jailbreak once.
Choose an option and follow all subsequent prompts. They're all quite easy and self-explanatory.
FAQ
Q) What does this do, in layman's terms?
A) It allows non-Microsoft ARM-compiled .exes to run on the desktop. That is it.
Update (03/01/2013): The jailbreak now allows unsigned drivers to load.
Q) Can I use this to run Photoshop, Steam, AutoCAD, <Insert commercial product here>?
A) While it is -technically- possible for the companies to port their stuff over to Windows RT using the hack it is extremely unlikely. As a rule of thumb, if it's a commercial piece of software it won't run on the ARM.
Q) Can I use this to run PuTTY, VNC, X-Chat, <Insert open-source product here>?
A) Yes! Open-source programs are ones that you, having the source code, can recompile to work on the ARM. If it's not already available (A small but growing number of programs are) it's easy to get started. There are some useful threads in the Windows 8 Development and Hacking board on XDA-Developers.
Please note that not all programs can reasonably be ported over to ARM, due to either program complexity, overuse of inline assembly, or the current lack of a GNU Compiler
Q) Can I use this to run any random x86 app I find on the internet?
A) No. Apps must be recompiled for ARM. Stop asking why Chrome doesn't run.
Q) Can I use this to hack my Android tablet?
A) Not really. Most Android hacks require custom kernel-mode drivers (APX, Odin, ADB all require drivers that are unavailable), and this hack only allows us to run unsigned User-mode code.
If you don't know the difference between User-mode and Kernel-mode, I'm sure Wikipedia has a good article on the subject.
Q) Will Chrome/Firefox be ported over?
A) I don't see any major technical hurdles for those, but I probably won't be the one to do it.
Q) Are there any precompiled apps for this available?
A) Check out THIS THREAD for a list of all currently known compiled apps.
Q) I ran the jailbreak, now where can I download pirated apps from?
A) Nowhere. This jailbreak does not allow for pirated apps, and it is a long ways off from actually supporting pirated apps. If you manage to get pirated apps to run on Windows RT you will be doing the entire community a large disservice, along with ruining what credibility this hack may have in Microsoft's eyes.
Q) I don't know how to recompile code, can I get someone else to do it?
A) If it's a simple project you can likely find someone who will be more than happy to recompile it for you. If it's a large project with numerous dependencies, or a commercial project, I will be willing to take a look at it and quote a price to do it. (On that note, please realize that I am not affiliated with XDA-Developers at all.)
Q) I keep BSoD'ing! What's up?
A) I haven't managed to track down the cause of the BSoDs, except that they seem to happen when the exploit is ran within the first minute or so of the tablet booting and logging in. If you're getting BSoDs, boot your tablet to the desktop and wait 2 or 3 minutes before trying the exploit. Also, make sure that you're up to date with Windows Updates, as of 2/26/2013.
Q) I ran the .bat and it told me it couldn't find it's bin folder. What's wrong?
A) Extract the ZIP in entirety. Don't just open the ZIP and double-click on the runExploit.bat.
Q) It's not working! What do?
A) Post in this thread describing what you're doing and the issue you're having, do not PM me, even if you don't have the number of posts to post in the developer sections. I'll consider it spam and disregard it. Don't message me on Twitter either, the only place that I will provide support for this tool is in this thread.
Q) Is this persistent across reboots?
A) No, it resets every time the device reboots.
Q) Is this a tethered exploit?
A) No. Tethering is connecting the device to a computer, or other device to jailbreak it. This is done entirely on the device. It just has to be redone at reboot.
Q) Will this work with all the latest updates, as of 02/26/2013?
A) There was an updated .zip posted for the latest update (Patch Tuesday, Feburary 2013.) It should work.
Q) How do I compile apps for the Surface RT? It says I'm missing a bunch of .libs!
A) Visual Studio 2012 does not come with all the required ARM .libs for compiling most desktop apps. Please see THIS post by _peterdn for a useful utility for generating .libs and .exps from the .dlls on the tablet.
Q) Why would you want desktop apps? They suck for touch.
A) Mainly for the library of easily ported software, along with the things that metro apps just can't do. I agree, they're more inconvenient to use with touch, but that's the tradeoff for having a huge library of software. You also don't have to use desktop mode, the tablet still is quite good without it (Except the mail client). I also believe that since it's my device I should be able to do whatever I want with it, regardless of what MS says. Traditionally MS has leaned the same way with Windows, which makes it rather disappointing they chose to lock this platform down.
Q) Will this void my warranty?
A) Since it doesn't persist across reboots chances are the support center will never know, though it may be against the terms of your devices warranty.
Q) Is there any warranty for this program?
A) No express or implied warranty exists.
Q) Your hack caused the paint to chip off my tablet, the felt to peel off my type keyboard, the kickstand to fall off, and my tablet to display nothing but satanic messages while it's on! I want you to buy me a new one!
A) No it didn't, and see my warranty policy.
Q) Can Microsoft patch this?
A) Yes and no. They can patch it through Windows Update, but since we have the ability to reinstall from recovery partitions we can revert any Windows Updates they release.
Q) Will this allow people to run viruses on my tablet?
A) Yes and no, if something malicious is compiled and ran while jailbroken it could act like a virus, yes. Once you reset, though, it'll be gone.
Q) I came across a malicious RT application! Who do I tell?
A) If it's a jailbroken application then the most you can do is make a post informing about it. That's one downside to having unsigned code, there's no one regulating body who can decide what is and isn't available, and manage safety. If it's a store application then I suggest you contact Microsoft. If it's a Modern UI app that requires the jailbreak to run you still may have luck contacting Microsoft, as they can blacklist the developer's certificate.
Q) Can any random Store app do this?
A) No, this requires tools and privileges that Windows Store apps can't possess. The appcontainer model that MS uses is very strict and good at preventing things like this from happening. There's a number of things that flat-out aren't possible to do from a Store app that this uses, not to mention that it would get rejected by MS.
Q) Will I (The user) get my developer license banned?
A) It's possible, though I doubt that MS will do that.
Update: With the new payload (as of 1/18/2013) users no longer need to get their own developer certificate.
Q) Won't you (Netham45) get your developer license banned?
A) Time will tell, I knew the risk when I posted this. I suspect that their banning system is more geared towards piracy, though, which this doesn't really enable.
Update: With the new payload (as of 1/18/2013) my developer certificate is no longer required.
Q) I've got this great feature/idea for the jailbreak! Where can I tell you at?
A) Post it in this thread. Note that the area where we can script and such before the exploit is limited and restricted to pretty much batch scripts, and that I am under no obligation to implement a feature if you suggest it. And, seriously, do not PM me about it. If you don't have the prerequisite number of posts to post in the developer section then go get them.
Q) Can I throw money at you for writing the tool to automate this?
A) There's a donate link on the side of this post. (I'd love to get a Surface Pro. )
Q) Can I throw money at clrokr for documenting the exploit?
A) You'll have to talk to him about that.Here's his profile.
FAQ last updated 2/26/2013 10:17 PM MST
Thanks to clrokr for documenting the usage of the exploit, and to the numerous people who contributed positively in the [Q] Hacking Windows RT to Run Desktop Apps thread
Download is attached to this post.
Update log
Update 1.01(1/10/2013): Uncommented pause in the PS script to install the ModernUI app -- It was causing it not to prompt to install a developer license/my cert for some reason.
Update 1.02(1/10/2013): Fixed issue on non-English devices.
Update 1.03(1/11/2013): Fixed issue with usernames with spaces in them, fixed issue where the user running the jailbreak isn't the first user logged in
Update 1.1(1/18/2013): Redid functionality; it now gets the kernel base inside the payload, instead of requiring a Metro application. Added a startup folder that gets ran after jailbreak. Cleaned up output. Click for more info
Update 1.11(1/18/2013): Added commandline options, added a simple interface to handle creating scheduled tasks to run, added a powershell script to keep it from running if the system hasn't been up for two minutes, added missing startup folder, added sanity check so it doesn't freak out if the startup folder isn't there
Update 1.12(2/12/2013): Fixed the scheduled task to not require AC power to run, tweaked script to not crash on latest patches, Fixed startup folder not getting executed properly
Update 1.12a(2/12/2013): Fixed it to actually work on the latest updates. Oops.
Update 1.13(2/14/2013): Added the ability to dynamically get the signing level. It now requires internet on the first launch, and after an update changes ntoskrnl.exe. This version is slightly experimental, so if it doesn't work use one of the older versions.
Update 1.13a(2/15/2013): Tweaked the script to return from the hook in a way that seems more robust. If 1.12a or 1.13 work for you there's no need for an update.
Update 1.20(3/01/2013): Made the bat use registry keys instead of files in system32, added registry-based startup folder, altered payload to support unlocking kernel-mode code
Click here to download the latest version
Older versions may be downloaded here
(Note: If you wish to mirror this post please retain a link to it at http://forum.xda-developers.com/showthread.php?t=2092158 so users can always get the latest version.)
Nice job! Good to have an all-in-one. Is this tool using the decrement by 0x80000 or trying the option of a slightly lesser decrement?
Also, it would be good to have a unified selection of RT-compiled desktop apps. I'm working on porting Pidgin (the Windows Store IM clients kind of suck...) but it's not easy; the "build under Windows" instructions boil down to "make your Windows system as Unix-y as possible, then build it there". There may be a way to target RT from GCC, but I am not aware of it.
EDIT: What I meant to say is, perhaps a thread linking all the various apps that people have built (preferably with links to their source, for those of us mildly paranoid types who like to see what other peoples' code is doing on our systems) would be a good idea.
GoodDayToDie said:
Nice job! Good to have an all-in-one. Is this tool using the decrement by 0x80000 or trying the option of a slightly lesser decrement?
Also, it would be good to have a unified selection of RT-compiled desktop apps. I'm working on porting Pidgin (the Windows Store IM clients kind of suck...) but it's not easy; the "build under Windows" instructions boil down to "make your Windows system as Unix-y as possible, then build it there". There may be a way to target RT from GCC, but I am not aware of it.
Click to expand...
Click to collapse
I'm decrementing by 0x7EFF0, it seems to not get the 0x18 bugcheck at all with that number. The one it gets if you run it too soon is a different bugcheck.
Install Fails
Brilliant!
I tried running it but it keeps going in an endless cycle because the Metro app fails to install.
Using a Surface with the latest patches from Microsoft.
merill said:
Brilliant!
I tried running it but it keeps going in an endless cycle because the Metro app fails to install.
Using a Surface with the latest patches from Microsoft.
Click to expand...
Click to collapse
Does it give you any error messages when it fails to install?
netham45 said:
Does it give you any error messages when it fails to install?
Click to expand...
Click to collapse
When installing the metro app, the installation fails because the certificate isn't added to the cert-store by default and the batch just tries again.
I uncommented the #Pause in PrintMessageAndExit to read the error message and that made it possible to choose to install the certificate, the powershell just closed otherwise.
After that the metro app installs fine, and tries to start it. I can see the app start, though the cmd still doesn't recognize it and tries to install it again...
I wrote my own metro app for that today and installed it instead of yours and it worked fine with mine.
My App is just this:
protected override void OnFileActivated(FileActivatedEventArgs args) {
WriteAddress((StorageFile)args.Files[0]);
}
private async void WriteAddress(StorageFile file) {
using (Stream s = await file.OpenStreamForWriteAsync()) {
using (StreamWriter wrt = new StreamWriter(s)) {
uint adr = GetKernelAddress.Address.Get() + 0x19FFBC;
await wrt.WriteAsync((adr & 255).ToString("X2") + " " + ((adr >> 8) & 255).ToString("X2") + " " + ((adr >> 16) & 255).ToString("X2") + " " + ((adr >> 24) & 255).ToString("X2"));
}
}
App.Current.Exit();
}
Click to expand...
Click to collapse
sebmaster16 said:
When installing the metro app, the installation fails because the certificate isn't added to the cert-store by default and the batch just tries again.
I uncommented the #Pause in PrintMessageAndExit to read the error message and that made it possible to choose to install the certificate, the powershell just closed otherwise.
After that the metro app installs fine, and tries to start it. I can see the app start, though the cmd still doesn't recognize it and tries to install it again...
Click to expand...
Click to collapse
Having the same issue, uncommenting the pause seems to fix it all for me. I'll update the zip in the top in just a second.
Edit: New zip with that uncommented uploaded.
Metro app failed to run. Trying to (re)install the metro app...
Found certificate: C:\Users\Merill\Downloads\RT_Jailbreak\bin\ModernUI_App\Get Kernel Base_1.0.
Before installing this package, you need to do the following:
- Install the signing certificate
Cannot invoke method. Method invocation is supported only on core types in this language mode.
At C:\Users\Merill\Downloads\RT_Jailbreak\bin\ModernUI_App\Add-AppDevPackage.ps1:497 char:9
+ $IsAlreadyElevated = ([Security.Principal.WindowsIdentity]::GetCurrent() ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MethodInvocationNotSupportedInConstrainedLanguage
merill said:
Metro app failed to run. Trying to (re)install the metro app...
Found certificate: C:\Users\Merill\Downloads\RT_Jailbreak\bin\ModernUI_App\Get Kernel Base_1.0.
Before installing this package, you need to do the following:
- Install the signing certificate
Cannot invoke method. Method invocation is supported only on core types in this language mode.
At C:\Users\Merill\Downloads\RT_Jailbreak\bin\ModernUI_App\Add-AppDevPackage.ps1:497 char:9
+ $IsAlreadyElevated = ([Security.Principal.WindowsIdentity]::GetCurrent() ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MethodInvocationNotSupportedInConstrainedLanguage
Click to expand...
Click to collapse
Try the new zip I just uploaded, I believe I fixed that.
Edit: I see what happened. The file that MS distributes has a signature at the bottom which allows it to make unrestricted system calls and when I commented out the pause I broke that.
Very Nice job! Thank you again!
Yahoo!!! Works. Have PuTTY running. Now to get all ARM compatible apps in one place!
merill said:
Yahoo!!! Works. Have PuTTY running. Now to get all ARM compatible apps in one place!
Click to expand...
Click to collapse
Glad to hear it's working.
Now, 6 AM, time to go to bed.
merill said:
Yahoo!!! Works. Have PuTTY running. Now to get all ARM compatible apps in one place!
Click to expand...
Click to collapse
I agree! If anyone gets Utorrent working ill be eternally greatful
Sent from my HTC One X using xda premium
vincepg13 said:
I agree! If anyone gets Utorrent working ill be eternally greatful
Click to expand...
Click to collapse
With 7Zip, Putty and an .Net 4.0 FTP Uploader app... all I need now is a Transmission console and I no longer really need my laptop.
Would be great to associate .torrent with Transmission on the Surface.
What other "needed" apps that are projects (like SourceForge) that people can think of?
MediaInfo would be handy... wonder if it could also integrate with explorer...
Perhaps this discussion needs its own thread
I'm actually starting a thread for this topic... but since we're here, one thing that would be awesome (instantly add support for a ton of software) would be a Java runtime. Unfortunately, they're huge and complex beasts, and tend to either require assembly or be buildable only on Linux (sometimes both...).
in asus vivo tab rt , I can not go where I say,
please press the volume down now
Silverlight ideally. But it sounds like thats a no go.
Also Chrome or Firefox would be good!
Filezilla would also be nice.
Nice work guys.
It works, but I still get the SmartScreen filter when I try to run apps from Explorer. When I run them from command line, it works fine.
I believe there's a registry entry that needs to be changed, but I don't remember what it is.
randomned said:
It works, but I still get the SmartScreen filter when I try to run apps from Explorer. When I run them from command line, it works fine.
I believe there's a registry entry that needs to be changed, but I don't remember what it is.
Click to expand...
Click to collapse
in the pop up, click more info then click 'run anyway' - itll never bother you again for that app.
will this work with the latest updates installed
MyMobiler always did work good on Windows Mobile. However on new PCs and with Android, connections were no longer reliable. The cure was:
1. Do an install of SideSync on the PC side first.
2. After you finish and reboot, and uninstall SideSync.
3. Next set up MyMobiler according to the instructions on their web site. After that, it has been rock solid. In fact so good that that I turned off Autoconnect so it wouldn't pop up every time I plugged my phone into my USB port.
PS: I've been attempting to contact the author, but I have not been able to. What I would like to tell him is:
1. While MyMobiler also allows connecting via IP address, it does not support IPV6. All new devices are IPV6. Thus, the only place this feature works in the real world is on internal networks. If that were corrected, the remote control could work across the web.
2. Make a new version of MyMobiler with the drivers needed for the new computers, like SideSync has, give it away on Google Play, and promote it that it doesn’t need access to your personal data. Make it USB connections only. Include an easy access help file for the keystrokes.
3. Make a Pro version, enable the IP connection abilities that includes the newly added IPV6, and sell it on GooglePlay. Then they also have remote control of their phone via IP locally, and remotely, no other remote control software necessary. Include any necessary router setup instructions.
If anyone can put me in touch with the author, that would be appreciated. The links on his site do not work.