Log in

View Full Version : Reversing Pocket PC Apps


dream
January 14th, 2005, 10:19
hi,

i have a problem with reversing some pocket pc app. i copied all the files from my pocket pc(acer n30 running microsoft windows mobile 2003) to a folder on my hd. then i let ida run on the program. it detected an arm executable file. then when the disassemlation starts im asked for some additional dll files. those are:
commctrl.dll
COREDLL.dll
AYGSHELL.dll
i installed:
c++ 4 embedded edition
sdk for windows 2003
sdk for windows ce .net
but none of those packages does contain the files i need. i also tried copying the files from the pocket pc's windows directory but it gives me an error that the files are in use and cant be copied. can anyone tell me how to get those files from my pocket pc or where to find them?

thanks

dream

Iwarez
January 14th, 2005, 12:15
There are some ids files especially for ida which you can find here: hxxp://www.itsx.com/pocketpc/wince-ids.zip

dream
January 15th, 2005, 07:57
thank you for those files, it works pretty fine. but i ran into another problem when trying to debug the app in evc 4. i found the place(at least i think so) where the program checks the serial my ida deadlisting. now i want to check whats going on in the evc debugger but when i launch the app i get a totally different adress than ida is showing me. the adress i want to break on is 1BD30 in ida. in evc the first adress in my program is 2602c03c and lordpe tells me the entry point of my program is 1c03c. the image base is 10000. can someone tell me how to calculate the proper adress so i can set the breakpoint?

thanks

Iwarez
January 16th, 2005, 14:48
You can just use ctrl-g and type in the address on which you like to break on. There are several tutorials out there explaining how to use evc.

dream
January 17th, 2005, 07:37
i know how to use evc, i just dont know how to translate between ida deadlisting addresses to the ones seen in evc.