GPS Programming Tips for Windows Mobile - Part 1
NETCF: Memory leak... now what??
Supporting Kiosk-Applications on Windows Mobile (Technically achievable vs. supported)
Wireless Programming on Windows Mobile: supported or not supported?
Establishing GPRS Connection on Windows CE and Windows Mobile: Sample Codes
Disable WebBrowser's Context-Menu in NETCF applications
MAPI on Windows Mobile 6: Programmatically retrieve mail BODY (sample code)
Microsoft released a HotFix for NETCF v3.5 on Windows Mobile 6.1.4 onwards, to address basic functionalities of WebBrowser control
The right approach to get a Contact’s last communication (IItem’s PIMPR_SMARTPROP)
Remote Desktop Mobile (RDP Client) disconnects after 10 minutes of inactivity
Support Boundaries for Windows Mobile Programming (Developing Drivers, for example... Or even WiFi Programming)
Miei post in italiano sul team-blog del Supporto Tecnico agli Sviluppatori
I handled a couple of cases related to this and therefore I think it's worth mentioning it here, to help other developers with the same issue. Basically this is precisely what this blog is all about, isn't it?
Imagine you’re developing a LAP plugin for devices running Windows Mobile 6. A custom LAP DLL is what you need if you want to change the way user authenticates to the device, basically implementing device-lock. A pretty common scenario is if you want to change the simple 4-digit PIN with a strong alpha-numeric password, which is precisely the aim of the 2 SDKs' samples C:\Program Files\Windows Mobile 6 SDK\Samples\PocketPC\CPP\win32\LAP and C:\Program Files\Windows Mobile 6 SDK\Samples\Smartphone\cpp\Win32\LAP.
When developing this, the very first step may (should?) be to start from such SDKs' samples, however you may immediately find a problem: after installing the LAP DLL (which requires setting some registry keys apart from copying the DLL under \Windows -- it's all in the samples' readme files), after a soft-reset the OS does no longer start up: it completely freezes at Windows Mobile logo. This can be even reproduced on the emulators as well, therefore the problem must not be related to the customization of the platform done by the OEM. And this may happen on both Pocket PCs and Smartphones (oops, WM6 Professional\Classic and Standard).
So, what's going on -- are the SDK samples buggy? No, this is not the case...
Above all, there are some differences between the LAP implementation on Pocket PC and Smartphone: that’s why the 2 SDKs contain 2 different sample codes. And if you want to start from the SDK Samples then you must use them to target the relevant platform. If you try to run the Pocket PC's sample on a Smartphone it may hang at startup, and viceversa.
Secondly, remember (as the readme files state), that after installing the LAP CAB (which copies the DLL and set the registry), you must SOFT-RESET the device. This may be avoided by programmatically invoking LASSReloadConfig() API though.
Thirdly , the LAP DLL MUST be signed with a certificate stored on the Priviledge Certificate Store of the target device, otherwise it won’t be loaded at OS boot (setting registry keys is not enough). For testing purposes only, you can sign the DLL with a SDK Certificate *AND* install the SDK Certificates on the target device (otherwise it won’t be recognized and the dll won’t be loaded). See for example: "[...] In Windows Mobile-based devices, the LAP DLL must run privileged. The DLL must be signed with a privileged certificate." (from Creating a LAP-page on Channel 9).
So, the only thing you should do with the sample is to sign it with a Privileged Certificate - well, a second thing may be to add a Smart Device CAB project to set all those registry keys - and for our testing we'll use the SDK Privileged Test certificate. You can do that in many ways:
1. In project properties, select “Authenticode Signing” node and set “Authenticode Signature” to “Yes” and “Certificate” to the “TEST USE ONLY – Sample Privileged Developer – Windows Mobile SDK”.
If you can’t see any certificate to choose, it means you’ve never enrolled them on the desktop PC. In such a case, simply click on “Manage Certificates” and navigate to “C:\Program Files\Windows Mobile 6 SDK\Tools\Security\SDK Development Certificates” to enroll SamplePrivDeveloper.pfx (note the .PFX extension). Follow the wizard by choosing all the default options.
2. Or after compiled the project into a DLL, by using C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\signtool.exe. You can create a .bat with the following command, so that you don't have to launch it from a command-line every time your build the project: “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\signtool.exe” sign /f “C:\Program Files\Windows Mobile 6 SDK\Tools\Security\SDK Development Certificates\SamplePrivDeveloper.pfx” LAP.DLL 3. Or even after compiled the project and placed the DLL into the CAB, by using C:\Program Files\Windows Mobile 6 SDK\Tools\Security\CabSignTool\cabsigntool.exe (this signs CAB and inside executable in one shot).
2. Or after compiled the project into a DLL, by using C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\signtool.exe. You can create a .bat with the following command, so that you don't have to launch it from a command-line every time your build the project:
“C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\signtool.exe” sign /f “C:\Program Files\Windows Mobile 6 SDK\Tools\Security\SDK Development Certificates\SamplePrivDeveloper.pfx” LAP.DLL
3. Or even after compiled the project and placed the DLL into the CAB, by using C:\Program Files\Windows Mobile 6 SDK\Tools\Security\CabSignTool\cabsigntool.exe (this signs CAB and inside executable in one shot).
To recap, the OS hangs at startup if:
If you're sure about the previous points and the hang issue continues appearing (even with the SDK Samples), then you should make sure that the certificate you're signing the DLL with is really registered in the Privileged Certificate Store of the device. To do so, you can use RapiConfig to query the CertificateStore CSP by using the following XML Provisioning:
<wap-provisioningdoc> <characteristic type="CertificateStore"> <characteristic-query type="Privileged Execution Trust Authorities"/> </characteristic> </wap-provisioningdoc>
Steps are:
Alternatively you can use the Security Power Toy, whose installation package is available at C:\Program Files\Windows Mobile 6 SDK\Tools\Security\Security Powertoy.
If RAPI are disabled or restricted on the device (hence you can't use RapiConfig), then you can use the a very simple managed code tp be run directly on the device, based on the ConfigurationManager.ProcessConfiguration() method:
string XmlQuery = "<wap-provisioningdoc>\r\n" + "<characteristic type=\"CertificateStore\">\r\n" + "<characteristic-query type=\"Privileged Execution Trust Authorities\"/>\r\n" + "</characteristic>\r\n" + "</wap-provisioningdoc>"; Cursor.Current = Cursors.WaitCursor; XmlDocument queryDoc = new XmlDocument(); XmlDocument resultDoc = new XmlDocument(); try{ queryDoc.LoadXml(XmlQuery); try{ resultDoc = ConfigurationManager.ProcessConfiguration(queryDoc, true); resultDoc.Save("\\ConfigXmlOut.xml"); } catch (Exception eProcessConfiguration){ MessageBox.Show("ProcessConfiguration error:\r\n" + eProcessConfiguration.ToString()); } } catch (Exception eLoadXml){ MessageBox.Show("LoadXml error:\r\n\r\n" + eLoadXml.ToString()); } Cursor.Current = Cursors.Default; MessageBox.Show("Done!");
If the problem continues, then you may open a case at Technical Support to further investigate about it...
REFERENCES about Windows Mobile 5.0 Local Authentication Sub System (LASS):
Cheers,
~raffaele
SDK Sample LAP for Pocket PC is meant to work on Windows Mobile 6 Professional only: here you can see