Find the UIDs and Capabilities of Symbian EXE/DLL

(1) Emulator Build (Win32 PE)

First, find the start address of section “.SYMBIAN” by typically using “dumpbin /section:.SYMBIAN <Excutable File>”.

The output looks like:

SECTION HEADER #6
.SYMBIAN name
30 virtual size
17000 virtual address (00417000 to 0041702F)
1000 size of raw data
17000 file pointer to raw data (00017000 to 00017FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write

According to the line containing “virtual address”, section “.SYMBIAN” starts at address 0x00017000.

Now, use any hex-editor to view the content at this address:

00017000h: 7A 00 00 10 00 00 00 00 B2 97 1F 10 5E 01 00 00
00017010h: B2 97 1F 10 57 B6 1F 10 B6 E1 0F 00 00 00 00 00

The first 3 dwords are UIDs: 0x1000007A stands for “Symbian EXE”, 0x101F97B2 is the unique UID of this file. (no UID2 for Symbian EXE, but this field is essential for DLL to indicate the framework, eg. 0x10009D8D for ECOM)

The capabilities field at offset 0x18h holds all the capabilities for this executive in the form of bitmask. Thus, 0x000FE1B6 is translated to the following capabilities: (see enumerator TCapability in Symbian SDK)

CommDD PowerMgmt ReadDeviceData WriteDeviceData TrustedUI ProtServ NetworkServices LocalServices ReadUserData WriteUserData Location SurroundingsDD UserEnvironment

(2) Target Build (Symbian PE)

3 UIDs located at the very beginning of the executive file, and the capabilities field is at fixed offset 0x88h. (same meaning as described for emulator build)

《Find the UIDs and Capabilities of Symbian EXE/DLL》有11个想法

  1. 大侠,我曾经看过你的关于RMobile族的一篇文章。
    我尝试用它来监视链路状态,但是当用RMobileLine.NotifyMobileLineStatusChange时,有时Status会是
    KErrOverflow,
    发生这种情况的时候就是在来电时有个1.exe启动了。
    我百思不得其解,为什么1.exe启动后,我的监测就会失败?
    期待你的指导

      1. actually i would like to use on s60^5. I not able to find the method and i saw about this post, so i post here and try to get some advice from you. I did not find your contact, that’s why i post on this post. Sorry for any inconvenient cause.

    1. A dll within ROM may have been compiled into one of the two forms: regular dll or stripped-for-ROM dll. Only the former one can be extracted. The simplest and straight way is copying it out of ROM. If it does not work after copied out, then it might be in the latter form, which can never be extracted. :(

发表评论

电子邮件地址不会被公开。 必填项已用*标注