Developer Tools From Microsoft - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Developer Tools From Microsoft

Description:

Forensic requirements. Windows Programming ... Using RAPI to Find Remote Files. We can initialise the RAPI subsystem by calling CeRapiInit ... Forensic Analysis ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 25
Provided by: jab88
Category:

less

Transcript and Presenter's Notes

Title: Developer Tools From Microsoft


1
Developer Tools From Microsoft
  • Forensic requirements

2
Windows Programming
  • Events and messages
  • Windows applications are event-driven
  • Typical events
  • keyboard, mouse, timer, and system-change (e.g.
    window size change) events
  • Device drivers (where applicable) and Windows
    translate event into message
  • Relevant window procedure processes message

3
(No Transcript)
4
Message flow
  • Queued messages

5
Embedded Visual Tools 3.0
  • Pocket PC
  • Pocket PC 2002
  • Smartphone 2002
  • Win32
  • MFC
  • ATL

6
Embedded Visual Basic
  • All Windows CE 3.0 based platforms
  • Embedded Visual Basic

7
Embedded Visual C 4.0
  • Windows CE .NET based platforms
  • Win32
  • MFC
  • ATL

8
Visual Studio .NET 2003
  • Pocket PC
  • Pocket PC 2002
  • Windows CE .NET based platforms
  • .NET compact framework
  • ASP .NET mobile controls

9
Choice of Tools
  • Developers who want to build traditional GUI
    applications can choose between the
  • Microsoft Win32 Application Programming
    Interface (API),
  • The object-oriented approach of the Microsoft
    Foundation Class (MFC) library,
  • The rich programming model and tool support for
    the .NET Compact Framework

10
Win32 API C/C
  • Strengths
  • Smallest and fastest .exe files and DLLs.
  • Lowest memory overhead.
  • Required for device drivers.
  • Required for control panel applets.
  • Required for shell extensions, such as the Today
    screen on Pocket PC, user interface skin,
    Software Input Panel, and so on.
  • No runtime required

11
Win32 API C,C
  • Weak Points
  • Quirky API.
  • Object cleanup is the responsibility of the
    application/driver programmer, making this API
    prone to memory leaks.
  • Low-level API"the assembly language of
    Windows"with difficult to follow code
  • Procedure-oriented API, not object-oriented.

12
MFC C
  • Object-oriented. Inheritance, Encapsulation,
    Polymorphism
  • Container classes support arrays, lists, object
    maps and simplify data handling.
  • Type safety.
  • Complete MFC source code ships with Embedded
    Visual Tools.
  • Good tool support. A set of wizards assists in
    adding message handlers to windows, virtual
    functions, adding forms, and adding classes.

13
MFC C
  • Object cleanup only semi-automatic, therefore
    less prone to memory leaks than Win32, but still
    vulnerable since MFC is thin wrapper on top of
    Win32.
  • Size of runtime. The mfc300.dll build is 404 KB.

14
.NET Compact Framework (C and Microsoft Visual
Basic .NET)
  • Strengths
  • Well-designed programming interface.
  • Object-oriented. Inheritance, Encapsulation,
    Polymorphism, also called function overloading.
  • Container classes support arrays, lists,
    hashtables, dictionaries, and stacks.
  • Type safety.
  • Namespaces.
  • Automatic garbage collection eliminates memory
    leaks.
  • Portable machine instruction set, MSIL / CIL,
    provides binary portable of executable (.exe
    .dll) files.
  • Web service clients are quick and easy to write.
  • Support for handling XML.
  • Tool supportIntegrated Forms Designer makes it
    easy to drag drop items from a toolbox code
    behind UI elements is automatically generated.

15
.NET Compact Framework
  • Size of runtime -less than 2 MB.
  • Overhead of calls between managed and unmanaged
    code is high.
  • COM Interoperability somewhat clumsy. Requires
    writing Win32 wrappers that call the COM
    interface functions.

16
Summary
  • All of the other APIs ultimately rely on the
    Win32 API.
  • Any other tool that you use will end up calling
    Win32 functions to make the real work happen
  • The Win32 API is the way to go for building the
    smallest software. Unlike MFC and the .NET
    Compact Framework, Win32 does not require a
    separate runtime to operate. Instead, the
    operating system itself is the runtime.

17
RAPI
  • RAPI are a special set of APIs provided by
    Windows CE,using which a desktop application can
    communicate directly with the device.
  • Each RAPI is a RemoteProcedureCall (RPC) in which
    the desktop application acts as a client and the
    Windows CE in the mobile device is the server.
  • The four main functionalities provided by RAPI
    are
  • Application calls
  • Database calls
  • File Operation calls
  • Registry Operation calls

18
Using RAPI to Find Remote Files
We can initialise the RAPI subsystem by calling
CeRapiInit
Function called from interface of application
running on the desktop
void CRemoteFileAccessOnUpdateFileButton()
HRESULT hr CeRapiInit() if ( hr !
ERROR_SUCCESS ) return
Rapi permits desktop to act like a client
19
RAPI access
Create a structure to fill
typedef struct _CE_FIND_DATA DWORD
dwFileAttributes FILETIME ftCreationTime FILETIM
E ftLastWriteTime DWORD nFileSizeHigh
//0, unless the overall file size is
gtMAXDWORD DWORD nFileSizeLow //file
size in bytes DWORD dwOID //CE
Object Identifier for this file WCHAR
cFileNameMAX_PATH //Unicode file name
CE_FIND_DATA
20
RAPI
User interface sets this to true if creation time
required
DWORD dwFileAttributeFlags FAF_NAME if(
m_CreationTimerequest ) dwFileAttributeFlag
s FAF_CREATION_TIME if( m_LastWriteTimeReque
st ) dwFileAttributeFlags FAF_LASTWRITE_TIME
if( m_FoldersOnlyRequest )
dwFileAttributeFlags FAF_FOLDERS_ONLY if(
m_CEOID ) dwFileAttributeFlags FAF_OID
BOOL bOk CeFindAllFiles( (LPCWSTR)wszFileName
0,
dwFileAttributeFlag
s, dwFoundCount,

pFindDataArray ) if(!bOk )
return
Main Function
Return a list of _CE_FIND_DATA structs
21
RAPI
CeFindAllFiles() returned a pointer to a
dynamically allocated array of CE_FIND_DATA
structures
22
Forensic Analysis
  • RAPI is a feature available for listing and
    gaining information from a Windows CE device
  • It is a low level programming tool for developers
  • Tools built for investigating devices could use
    this feature

23
Case Study
  • In the next set of tutorials you should study the
    paper outlining the approach to a forensic
    investigation of a PDA which has cellular access
  • Note the early shutting off of the cellular links
    so that the device does not alter from the time
    of the investigation
  • Note the tools used

24
Conclusions
  • Note the ways in which applications can
    communicated in the mobile area
  • Note the file types and architectures of
    applications
  • Note the major toolkits utilising J2me, .NET
  • Note the operating systems available and problems
    this may produce in any investigation of mobile
    devices
Write a Comment
User Comments (0)
About PowerShow.com