FiveTech Software tech support forums

[Antonio Mart.]

Antonio,

Win32 running in Windows 8 RT ?

http://forum.xda-developers.com/showthr ... ?t=1944675
http://www.neowin.net/news/windows-rt-h ... igned-code


Regards

[Antonio Linares]

Antonio,

Thats a real cool hack!

I copy it here because it is awesome that Microsoft left opened such security hole, and we can do great things with it!

[HACK] Using complete Windows API in Windows Store app (c++)

As we know, MS prohibits using most of standard Win32 API in Windows Store applications. Obviously there are lots of ways to overcome this limit and to call any API you like, if you are not going to publish your app on Windows Store. And here is one of them.
Idea is really simple and rather old (lots of viruses use it): search for kernel32.dll base in memory, then parse its exports for LoadLibraryA and GetProcAddress, call them - and get profit.

Code: Select all  Expand view

void DoThings()
{
    char *Tmp=(char*)GetTickCount64;
    Tmp=(char*)((~0xFFF)&(DWORD_PTR)Tmp);

    while(Tmp)
    {
        __try
        {
            if(Tmp[0]=='M' && Tmp[1]=='Z')
                break;
        } __except(EXCEPTION_EXECUTE_HANDLER)
        {
        }
        Tmp-=0x1000;
    }

    if(Tmp==0)
        return;

    LoadLibraryA=(t_LLA*)PeGetProcAddressA(Tmp,"LoadLibraryA");
    GetProcAddressA=(t_GPA*)PeGetProcAddressA(Tmp,"GetProcAddress");
    CreateProcessA=(t_CPA*)PeGetProcAddressA(Tmp,"CreateProcessA");

    HMODULE hUser=LoadLibraryA("user32.dll");
    MessageBoxA=(t_MBA*)GetProcAddressA(hUser,"MessageBoxA");
    MessageBoxA(0,"A native MessageBox!","Test",MB_OK);

    STARTUPINFO si;
    memset(&si,0,sizeof(si));
    si.cb=sizeof(si);

    PROCESS_INFORMATION pi;
   
    CreateProcessA("c:\\Windows\\system32\\cmd.exe",0,0,0,FALSE,0,0,0,&si,&pi);
}

[Antonio Mart.]

Hi,

On W8, we must to use ShellExecute() function. Run command or WinExec function not allways running.

Regards.

[Otto]

Hello Antonio,
I do not know anything about hacks. But is this not dangerous that with a new update a hack does not work any longer.
We used xP unlimited. Now this product is no longer available because of license problems. Is this not similar to hacking.
I think to spend energy to hack is not worth. But this is only my opinion and from the point of view of a company.
Best regards,
Otto

[Antonio Mart.]

Hi,

I am Antonio Mart.

I think it is better than nothing. That if the hacking is easy to do, you have to try. I wish my Win32 programs work on Win8 RT, in my tablets do not need to update the operating system.

Regards.

[Antonio Linares]

Otto,

Yes, you are right, hacks are dangerous as they can get fixed. Anyhow, to me, its quite amazing that Microsoft left it opened, and I think that they will close it for sure

But in the meantime, it is there and can be used, if needed

[Antonio Mart.]

Hi,

Calling to new Windows 8 virtual keyboard from fwh:

Code: Select all  Expand view

ShellExecute(, "open", "TabTip.Exe")

Regards

[Antonio Mart.]

Hi,

How to Change Scrollbar Width Size in Windows 8 ?

Answer: http://www.eightforums.com/tutorials/78 ... s-8-a.html

Regards.

[Antonio Mart.]

Hi Antonio,

WinRT Api from Windows 8 Desktop ?
How to call WinRT APIs from .NET desktop apps ?

http://www.codeproject.com/Articles/457 ... sktop-apps

Regards

[Otto]

Antonio,
thank you this is working fine.
Best regards,
Otto

[Antonio Mart.]

Otto,

Very nice both pictures. Congratulations !

Regards

[Otto]

Hello Antonio,
I tried to get/set the values with a FW program.
But
RegSetValue( hKey, "ScrollHeightn" ,-500 )
RegQueryValue( hKey, "ScrollHeight" , @uValue )
in my case does not work.

RegEnumValue is working fine.
Do you know a solution.
Best regards,
Otto

Code: Select all  Expand view

#define  HKEY_CURRENT_USER       2147483649
#define  ERROR_SUCCESS                    0

//---------------------------------------------------------------------------//
//HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\ScrollHeight

function Main()

    local hKey := NIL
    local cName := NIL
    local uValue := NIL
    local n := 0
   *----------------------------------------------------------

   
    logfile   (  "regestry.log",  { "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics  " })
   
    RegOpenKey( HKEY_CURRENT_USER,;
     "Control Panel\Desktop\WindowMetrics", @hKey )

   while RegEnumValue( hKey, n++, @cName, @uValue ) == ERROR_SUCCESS
        logfile   (  "regestry.log",  { n ,"Name   ", cName,  "   Value   ", uValue })
     
   end
    RegSetValue( hKey, "ScrollHeightn" ,-500 )
    RegQueryValue( hKey, "ScrollHeight" , @uValue )
 
    msginfo( uValue )
    
    RegCloseKey( hKey )
   
   msginfo( procname() + "   " + str(procline()) + "   " + str( 1 ) )
   

return nil

//---------------------------------------------------------------------------//
 

[Antonio Mart.]

Otto,

I also tried it myself, but it did not work.
Perhaps the problem is this: http://www.dedoimedo.com/computers/policies.html

regards

[Antonio Linares]

Otto,

That may be blocked by the operating system for security reasons and need to have (admin?) permission to do it

Windows has been improving the security in recent Windows versions

[Otto]

Hello Antonio,
thank you. I have admin rights.
RegEnumValue reports all the values fine but
RegQueryValue( hKey, "ScrollHeight" , @uValue )
returns "Ff".
Best regards,
Otto