Making a CAB file

There are two ways to make a CAB file. If you have a single XML document that you wish to make into a CAB file (to make it executable), an application called ‘makecab.exe’ is required.

This is a standalone application that uses the syntax:

Makecab.exe [source.xml] [destination.cab]

If you have multiple files to be included into the CAB file, then an application called CabWiz is required for Pocket PC devices, or CabWizSP for Smartphone devices.

Again, this is a standalone application which requires the CabWiz executable, the files to be archived (or ‘encapsulated’ to be more precise) and an information (.inf) file which tells the CabWiz application what files are to be included in the process.

The syntax is as follows:

CabWiz.exe MyInfFile.inf /err CabWizErr.txt

Where CabWizErr.txt is a log file generated in the event that errors are encountered.

More information about the use of the CabWiz application can be found on the MSDN web site (http://msdn.microsoft.com), or a more user-friendly guide can be found here:

http://www.sundialsoft.freeserve.co.uk/cabinfo.htm

Certificate signing and accessing the Extended ROM partition

OK, so now you know about the way in which the ROM is divided up on both Pocket PC and Smartphone devices, and the way in which the different memory areas are accessed during the boot process.

You also understand the types of files required for device customisation, and the format those files need to be in, and have seen some examples.

On a Smartphone device, customisation can be done with a simple memory card, but on a Pocket PC, how do you gain access to the Extended ROM memory area on a device?

If you have made it this far and are getting genuinely excited about the possibility of creating your very own ROM images, then I’m afraid I have some bad news for you: whilst it is possible to access the Extended ROM and write whatever files you like to that memory area, the tools you need to do this are licensed by the manufacturer and require you to have first attended a really quite intense training session and signed several NDA agreements! I cannot therefore give you access to the tools. Suffice it to say that the device is connected to a PC, and an application run that ‘mounts’ the extended ROM as a drive that then enables read, write and delete permissions. Once the extended ROM contains the correct files, it is ‘dumped’ using another tool to an NBH file.

This NBH file is then packaged into an executable that can then be rolled out onto as many devices as is required – if you haven’t run through the process of upgrading the ROM on a PDA before, it is simply a case of connecting it to your PC via ActiveSync, then running the executable and following the on-screen instructions. The whole process normally takes about 10 minutes depending on the speed of the connection, the size of the ROM image etc etc.

However there are yet further factors to consider.

If you have used a PDA before and have installed additional software packages on it, you may well have encountered a warning message along the lines of ‘the source of MyApplication cannot be verified, are you sure you want to install it anyway?’

If you have come across this message before, that indicates that the application you were installing had not been signed with a ‘trusted certificate’. In the same way that web sites can be secured by a digital certificate that guarantees that the author of the site is who they say they are (with the ‘https’ prefix), by comparing that certificate with a certification authority, the Windows Mobile operating system contains the details of certain ‘trusted’ application providers and will allow any application to be installed that is signed with one of those certificates. Any application that is not signed, or whose signature cannot be verified, will require you to enter ‘Yes’ before the application is installed.

“So what?”, I hear you cry (again). If you attempt to run an unsigned CAB file during the boot process on a Pocket PC, and have LOCKED the touch screen to prevent users from interrupting that process, then the operating system will display a message prompting the user to confirm the action, and that user will not be able to….and if you have decided to display an image during the boot process, then the user will not even see the message and will assume the device has hung. Therefore any applications you save to the Extended ROM for installation will need to be signed with an appropriate certificate. This requires that you generate your own certificate (a relatively simple process, using the ‘makecert’ command), and then have that certificate included by the manufacturer in the ‘trusted certificates’ store. (not so simple!)

Of course, it is important to remember that the only impact of having your own customised ROM is that should a device be hard reset or be allowed to discharge completely, upon being rebooted all of your custom applications and settings will be reinstalled automatically.

However, having sad that, there is nothing to stop you, if you know how, saving all of your CAB files and XML documents into the persistent storage area of your device (if it has one), or onto a memory card, and reinstalling your applications manually, tapping YES if necessary. Admittedly this puts the onus onto the user to run through this process, and still requires some develop work on the part of the IT administrator to create the packages in the first place, but it is a cheaper alternative!

Now let’s look at some of the ‘cooler’ things that can be done to a PDA: these include turning off specific hardware elements of the device, such as Bluetooth or WiFi; restricting the telephone numbers that can be dialled from a device; preventing certain applications from being run on the device; or even changing the actions performed by the different ‘soft keys’ on the device….

Restricting Dialled Numbers

The telephone numbers that can be dialled from a device can be defined within the TAPI section of the Registry.

TAPI is the Telephony Application Programming Interface and, in a similar way in which all applications can access the same printer installed on your PC, TAPI provides the interface between the applications running on your PC (or PDA) and the modem.

TAPI registry entries allow you to enable or disable fixed dialling, to enter the PIN code assigned to a SIM card and to define the numbers that are to be allowed to be dialled.

The key TAPI_FIXEDDIAL_ENABLED is used to enable or disable fixed dialling.

The keys TAPI_PIN1 and TAPI_PIN2 are used to define the PIN codes enabled on the SIM card.

The key TAPI_FIXEDDIAL_NUMBERS is used to define the numbers that are allowed to be dialled.

An example of a configuration document might look something like this:

<characteristic type="Tapi">
      <parm name="TAPI_FIXEDDIAL_ENABLED" value="-1"/>
      <parm name="TAPI_PIN2" value="1234"/>
      <parm name="TAPI_FIXEDDIAL_NUMBERS" value="123;435"/>
</characteristic>

Editing the Comm. Manager (HTC Devices)

The registry entries governing the Comm Manager can be found in:

[HKLM\Software\HTC\CommManager]

By default the Comm Manager will have a number of buttons governing different functions such as Phone, Bluetooth, WiFi, Push Email (also known a AUTD, or ‘Always Up To Date’), Vibrate, ActiveSync, etc

Each of these buttons is defined by a key in the Registry. To disable one of these areas of the device’s functionality (or rather, prevent the user from accessing this functionality), simply remove the registry key.

Note – each of the buttons is assigned a numerical value, therefore if you decide to remove the entry for WiFi, which happens to be entry number 3, you must re-number all subsequent registry entries, so that number becomes number 3 and so on.

And example of how to disable WiFi on an HTC Tornado device might look something like this:

<wap-provisioningdoc>
<characteristic type="Registry">
<characteristic type="HKLM\Software\HTC\WiFiPlugIn">
<parm name="WiFiIsExist" value="0" datatype="boolean"/>
</characteristic>
<characteristic type="HKLM\SOFTWARE\HTC\WiFiInit">
<parm name="HTCPreloadWifi" value ="0" datatype="boolean"/>
</characteristic>

<!-- Remove ConnMgr Configuration -->
<nocharacteristic type="HKLM\Software\HTC\CommManager\3"/>
<nocharacteristic type="HKLM\Software\HTC\CommManager\4"/>
<nocharacteristic type="HKLM\Software\HTC\CommManager\5"/>
<nocharacteristic type="HKLM\Software\HTC\CommManager\6"/>
<nocharacteristic type="HKLM\Software\HTC\CommManager\7"/>
<nocharacteristic type="HKLM\Software\HTC\CommManager\WLAN"/>
<!-- Remove WiFiSettings -->
<nocharacteristic type="HKLM\Software\HTC\WiFiSettings\1"/>
<nocharacteristic type="HKLM\Software\HTC\WiFiSettings\2"/>
<nocharacteristic
type="HKLM\Software\HTC\WiFiSettings\3"/>
<nocharacteristic type="HKLM\Software\HTC\WiFiSettings\4"/>
<nocharacteristic type="HKLM\Software\HTC\WiFiSettings\5"/>
<nocharacteristic type="HKLM\Software\HTC\WiFiSettings"/>
<nocharacteristic type="HKCU\ControlPanel\WiFi\EapolParam1"/>
<nocharacteristic type="HKCU\ControlPanel\WiFi\EapolParam2"/>
<nocharacteristic type="HKCU\ControlPanel\WiFi"/>
<nocharacteristic type="HKLM\ControlPanel\WiFi"/>
<nocharacteristic type="HKLM\ControlPanel\WrlsMgr"/>
<!-- New Configuration for ConnMgr -->
<characteristic type="HKLM\Software\HTC\CommManager">
<parm name="SupportedFunctions" datatype="integer" value="7" />
</characteristic>
<characteristic type="HKLM\Software\HTC\CommManager\3">
<parm name="Default" datatype="string" value="AUTD" />
</characteristic>
<characteristic type="HKLM\Software\HTC\CommManager\4">
<parm name="Default" datatype="string" value="DataDisconnection" />
</characteristic>
<characteristic type="HKLM\Software\HTC\CommManager\5">
<parm name="Default" datatype="string" value="Vibrate" />
</characteristic>
<characteristic type="HKLM\Software\HTC\CommManager\6">
<parm name="Default" datatype="string" value="ActiveSync" />
</characteristic>
</characteristic>
</wap-provisioningdoc>

Blacklisting Applications

There are different ways to prevent a user from accessing an application. The simplest way is to remove the shortcut to a particular application from the Programs folder on the Start menu, however this doesn’t prevent a user from accessing the programs executable directly within the Programs folder itself and running the application that way. Nor does it prevent the application being run automatically when a user selects a file that is associated with it. For example, loading Windows Media Player when the user selects an MP3 file.

The best way to prevent an application from running is to ‘blacklist’ it. This is done with a simple registry hack.

Firstly you need to enable the Blacklisting feature by enabling the following key on the registry:

HKLM\Security\Policies\Shell\ 

Set the DisallowRun value to 1

Now, under the Registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Disallow\

create a list of values for the applications you wish to disable, for example:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Disallow1=clock.exe]

More information on disabling applications can be found here:

http://www.satter.org/2007/03/let_shell_some/html

Changing Soft Keys

The default behaviour of the two main soft keys on a Pocket PC device can be changed with simple registry hacks.

An example of an XML file to customise soft key behaviour might look something like this:

<characteristic type=“Registry”>
      <characteristic type="HKCU\Software\Microsoft\Today\112">
            <parm name="" datatype=“string" value=“MyLeftSKApp" />
            <parm name=“Open" datatype=“string" value=“\Path\To\MyLeftApp.exe" />
      </characteristic>
      <characteristic type="HKCU\Software\Microsoft\Today\113">
            <parm name="" datatype=“string" value=“MyRightSKApp" />
            <parm name=“Open" datatype=“string" value=“\Path\To\MyRightApp.exe" />
      </characteristic>
</characteristic>

General Development Hints and Tips

Whilst I have provided a number of useful examples of registry files in this document, the easiest way to determine precisely what entries need to be added, removed or modified in the registry is to do a little ‘reverse engineering’.

The contents of any windows mobile device’s registry can be viewed and edited in real time from a PC, using the Mobile Registry Editor application developed by G Ingelmo. This application requires that you have the Dot Net Framework installed on your PC, and can be downloaded free from:

http://www.breaksoft.com/Blog/Utilities/2005/1/Mobile_Registry_Editor.aspx

It is much easier to look at a ‘clean’ device’s registry, then configure the settings you wish to use on the device itself and then re-examine the registry and see what changes have been made rather than try to write the necessary XML longhand first and hope it works!

There are also applications that can be run on the devices themselves to edit the registry: the principal advantage being a search function!

Pocket PC:

ftp://ftpaccess:Brightpoint1@ftp.brightpointuk.co.uk/Technical%20Support...

Smartphone:

ftp://ftpaccess:Brightpoint1@ftp.brightpointuk.co.uk/Technical%20Support...

In order to edit certain areas of the registry on a Windows Mobile device, you will first need to lower the security level on the device. To do this you will need to run the ‘setsetup.cab’ application on the device. This can be downloaded from here:

Pocket PC:

ftp://ftpaccess:Brightpoint1@ftp.brightpointuk.co.uk/Technical%20Support...

Smartphone:

ftp://ftpaccess:Brightpoint1@ftp.brightpointuk.co.uk/Technical%20Support...

Useful reference documents include the Windows Mobile 5 and 6 SDK reference manuals, available for download here:

ftp://ftpaccess:Brightpoint1@ftp.brightpointuk.co.uk/Technical%20Support...

ftp://ftpaccess:Brightpoint1@ftp.brightpointuk.co.uk/Technical%20Support...