x
This website is using cookies. We use cookies to ensure that we give you the best experience on our website. More info. That's Fine
HPC:Factor Logo 
 
Latest Forum Activity

Windows CE version number confusion

1 2
C:Amie Page Icon Posted 2022-02-18 10:39 AM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
17,924
Location:
United Kingdom
Status:
Quote
Karpour - 2022-02-18 10:08 AM

Yeah I'm aware of that, the wincepeinfo tool actually considers this!
If the architecture is MIPS or SH3 and the version number is 4.0, it will detect it as Windows CE 1.0
I wonder if there is a compiler "tell"? CE 1 exe's had to come from Visual C++ 5, while CE 2 - 3 come from VS6. Otherwise MIPS CE 4 code could wind up as a false-detection (or are you checking for MIPSII flags?).
 Top of the page
Karpour Page Icon Posted 2022-02-19 1:09 AM
#
Avatar image of Karpour
Subscribers
H/PC Philosopher

Posts:
438
Location:
Austria
Status:
Nope, but every PE also has the compilation date included, so I also put a cutoff date in there after which it assumes that 4.0 means CE4.0, not 1.0
There are surely more sophisticated ways of figuring this out, I'm open for ideas!
 Top of the page
C:Amie Page Icon Posted 2022-02-19 8:59 AM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
17,924
Location:
United Kingdom
Status:
Oh yes, that's very true. Good thinking!

I think that if it has any import references to Peg* it is also a tell for CE1. The API were normalised back to Win32 nomenclature with CE 2.
 Top of the page
stingraze Page Icon Posted 2022-02-19 11:04 AM
#
Avatar image of stingraze
H/PC Vanguard

Posts:
3,625
Location:
Japan
Status:
I was looking at the eVC compiler file, .vcp.

Here's some snippets that may help you out.

 
# TARGTYPE "Win32 (WCE MIPSIV_FP) Application" 0x9201 
# TARGTYPE "Win32 (WCE x86) Application" 0x8301
# TARGTYPE "Win32 (WCE ARMV4) Application" 0xa301
# TARGTYPE "Win32 (WCE MIPS16) Application" 0x8901
# TARGTYPE "Win32 (WCE SH3) Application" 0x8101
# TARGTYPE "Win32 (WCE ARMV4I) Application" 0xa501
# TARGTYPE "Win32 (WCE SH4) Application" 0x8601
# TARGTYPE "Win32 (WCE MIPSII_FP) Application" 0xa201
# TARGTYPE "Win32 (WCE emulator) Application" 0xa601
# TARGTYPE "Win32 (WCE MIPSIV) Application" 0x9601
# TARGTYPE "Win32 (WCE ARMV4T) Application" 0xa401
# TARGTYPE "Win32 (WCE MIPSII) Application" 0xa101


Partly snipped:
 
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 0
# PROP BASE Output_Dir "MIPSII_FPRel"
# PROP BASE Intermediate_Dir "MIPSII_FPRel"
# PROP BASE CPU_ID "{D8AC856C-B213-4895-9E83-9EC51A55201E}"
# PROP BASE Platform_ID "{8A9A2F80-6887-11D3-842E-005004848CBA}"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 0
# PROP Output_Dir "MIPSII_FPRel"
# PROP Intermediate_Dir "MIPSII_FPRel"
# PROP CPU_ID "{D8AC856C-B213-4895-9E83-9EC51A55201E}"
# PROP Platform_ID "{8A9A2F80-6887-11D3-842E-005004848CBA}"
# PROP Target_Dir ""

....

# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 1
# PROP BASE Output_Dir "SH3Dbg"
# PROP BASE Intermediate_Dir "SH3Dbg"
# PROP BASE CPU_ID "{D6519020-710F-11D3-99F2-00105A0DF099}"
# PROP BASE Platform_ID "{8A9A2F80-6887-11D3-842E-005004848CBA}"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 1
# PROP Output_Dir "SH3Dbg"
# PROP Intermediate_Dir "SH3Dbg"
# PROP CPU_ID "{D6519020-710F-11D3-99F2-00105A0DF099}"
# PROP Platform_ID "{8A9A2F80-6887-11D3-842E-005004848CBA}"
# PROP Target_Dir ""

Maybe you can decompile the exe and grab some of the strings like CPU_ID, Platform_ID etc.

The real .vcp here in my GitHub repository:
https://github.com/stingraze/tinybrowser/blob/master/tinybrowser.vcp

-stingraze

Edited by stingraze 2022-02-19 11:06 AM
 Top of the page
stingraze Page Icon Posted 2022-02-21 9:49 AM
#
Avatar image of stingraze
H/PC Vanguard

Posts:
3,625
Location:
Japan
Status:
I found a resource that may aid us in the future of reverse engineering and figuring out the version of .exe .cab etc.

Security Warrior by Cyrus Peikari, Anton Chuvakin
Chapter 4. Windows CE Reverse Engineering
https://www.oreilly.com/library/view/security-warrior/0596005458/ch0...

From site linked from the site above:

Ma First Steps in Reversing on a PPC/WinCE-Platform
https://web.archive.org/web/20020825170501fw_/http://www.peak.at/reg...
eVT Debug
https://web.archive.org/web/20020825170826fw_/http://www.peak.at/reg...

DEF CON 11 - Seth Fogie - Embedded Reverse Engineering
https://www.youtube.com/watch?v=oEZVO6fZvzE


Edited by stingraze 2022-02-21 10:00 AM
 Top of the page
1 2
Jump to forum:
Seconds to generate: 0.171 - Cached queries : 63 - Executed queries : 8