Results 1 to 5 of 5

Thread: Reversing Pocket PC Apps

  1. #1
    dream
    Guest

    Reversing Pocket PC Apps

    hi,

    i have a problem with reversing some pocket pc app. i copied all the files from my pocket pc(acer n30 running microsoft windows mobile 2003) to a folder on my hd. then i let ida run on the program. it detected an arm executable file. then when the disassemlation starts im asked for some additional dll files. those are:
    commctrl.dll
    COREDLL.dll
    AYGSHELL.dll
    i installed:
    c++ 4 embedded edition
    sdk for windows 2003
    sdk for windows ce .net
    but none of those packages does contain the files i need. i also tried copying the files from the pocket pc's windows directory but it gives me an error that the files are in use and cant be copied. can anyone tell me how to get those files from my pocket pc or where to find them?

    thanks

    dream
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    To crash or not to crash
    Join Date
    Dec 2001
    Posts
    120
    There are some ids files especially for ida which you can find here: http://www.itsx.com/pocketpc/wince-ids.zip

  3. #3
    dream
    Guest
    thank you for those files, it works pretty fine. but i ran into another problem when trying to debug the app in evc 4. i found the place(at least i think so) where the program checks the serial my ida deadlisting. now i want to check whats going on in the evc debugger but when i launch the app i get a totally different adress than ida is showing me. the adress i want to break on is 1BD30 in ida. in evc the first adress in my program is 2602c03c and lordpe tells me the entry point of my program is 1c03c. the image base is 10000. can someone tell me how to calculate the proper adress so i can set the breakpoint?

    thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    To crash or not to crash
    Join Date
    Dec 2001
    Posts
    120
    You can just use ctrl-g and type in the address on which you like to break on. There are several tutorials out there explaining how to use evc.

  5. #5
    dream
    Guest
    i know how to use evc, i just dont know how to translate between ida deadlisting addresses to the ones seen in evc.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. [Release] Protecting Your Apps.
    By gWX0 in forum Mini Project Area
    Replies: 0
    Last Post: June 20th, 2009, 13:40
  2. Pocket PC Games
    By squ1rr3l in forum The Newbie Forum
    Replies: 2
    Last Post: July 8th, 2006, 08:31
  3. Pocket PC software
    By tingwc84 in forum The Newbie Forum
    Replies: 3
    Last Post: August 30th, 2005, 07:53
  4. Debug Pocket PCs .vb application
    By asterikz in forum The Newbie Forum
    Replies: 0
    Last Post: May 13th, 2005, 13:27
  5. Packed Apps
    By Argoth in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: January 8th, 2002, 15:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •