http://blogger.xs4all.nl/itsme/category/31292.aspxwindows ceitsmeen-US.Text Version 0.95.2004.102itsmehttp://blogger.xs4all.nl/itsme/archive/2008/06/01/393615.aspxSun, 01 Jun 2008 21:56:00 GMThttp://blogger.xs4all.nl/itsme/archive/2008/06/01/393615.aspxhttp://blogger.xs4all.nl/itsme/comments/393615.aspxhttp://blogger.xs4all.nl/itsme/archive/2008/06/01/393615.aspx#Feedback1060http://blogger.xs4all.nl/itsme/comments/commentRss/393615.aspxhttp://blogger.xs4all.nl/itsme/services/trackbacks/393615.aspxitsutils is a set of tools that make life of the windows ce hacker easier. for instance, with pmemdump you can inspect the memory of the kernel or running processes.<br> with 'psetmem' you can modify memory<br> with pregutl you can read or change the devices register.<br> with pmemmap you can get a quick overview of what physical memory is mapped where.<br> with pps you can get a list of processes, threads or modules.<br> with pdocread, pdocwrite you can read disk-on-chip flash chips.<br> with psdread, psdwrite you can read/write sdcards.<br> with ppostmsg you can send windows messages to windows, or list all windows on the device.<br> <p> memdump, setmem, regutl, postmsg, sdread and sdwrite are win32 versions of these tools that do the same thing on your normal windows machine.<br> <p> other tools: prapi, to change settings using the configapi, like certificates, registrykeys, metabase entries.<br> <p> pget, pput, pdel, pdir, pmkdir can be used to copy from/to, delete, list files, or create directories.<br> <p> prun and pkill can be used to start or stop processes<br> preboot remotely reboots your device.<br> <p> then there is dump, which is a universal hexdump tool.<br> this is all described on <a href="http://www.xs4all.nl/~itsme/projects/xda/tools.html">this page</a>. you can leave remarks here on this blog. <img src ="http://blogger.xs4all.nl/itsme/aggbug/393615.aspx" width = "1" height = "1" />itsmehttp://blogger.xs4all.nl/itsme/archive/2008/03/21/363580.aspxFri, 21 Mar 2008 22:17:00 GMThttp://blogger.xs4all.nl/itsme/archive/2008/03/21/363580.aspxhttp://blogger.xs4all.nl/itsme/comments/363580.aspxhttp://blogger.xs4all.nl/itsme/archive/2008/03/21/363580.aspx#Feedback34http://blogger.xs4all.nl/itsme/comments/commentRss/363580.aspxhttp://blogger.xs4all.nl/itsme/services/trackbacks/363580.aspx<pre>00000000 00004033 00444101 09401050 00004005 00534c01 09401050 00002078 00534c01 802910ec 0000c0f0 00534b01 812910ec 00000000 00545204 813910ec 0000900b 00545204 813910ec 0000d0c9 00545204 813910ec 0000e04c 00545204 13001186 000050ba 004c4404 0020100b 0000a0cc 00474e05 905010b7 00006008 00433306 920010b7 00000476 00433306</pre> these 0x90 bytes ( or 0x24 dwords ) occur often in windows ce arm binaries <p> does anyone know what it is for?<br> my guess is that it is some kind of padding between static data sections of different modules. <p> another one is <pre>85E0B100 11D104FA A000DAB7 D64803C9</pre> that also seems to occur in many binaries without obvious reason. <hr> <a href="http://www.hex-rays.com/forum/viewtopic.php?f=9&t=2034">igorsk found out</a> that the first block is defined in halether.h - EdbgVendorIds<img src ="http://blogger.xs4all.nl/itsme/aggbug/363580.aspx" width = "1" height = "1" />