Tuesday, July 08, 2008

Locking down Windows Mobile - code example

I wrote an article some time ago regarding locking down Windows Mobile here. Someone emailed me to ask how do we go about creating a zero-byte file to "hide" the app as this is the only real way to lock down Windows Moble devices at present other than removing shortcuts etc as mentioned in the above post.

It is relatively simple to create a zero-byte file we simple write something like the following would stop Internet Explorer Mobile from running:
StreamWriter sw = null;
try
{
StringBuilder sb = new StringBuilder();
sw = new StreamWriter(@"\Windows\iexplore.exe");
}
catch (Exception)
{
//Custom handling logic.
throw;
}
finally
{
if (sw != null)
{
sw.Flush();
sw.Close();
}
}
Although the code will prevent loading of the Internet Explorer Mobile - our objective here, it's a little ugly in that an error message will appear before the end user which isn't pretty as end users don't tend to like error messages :)

A nicer approach is to handle the shortcuts so the end user can't get to the application in the first place. It is recomended to still create a zero-byte file as if we do not lock down file explorer, the user could be smart and try and load the app from within file explorer.

Be sure to kill the process before creating a zero-byte file:
 Kill("iexplore.exe");
Of course the cleaner way would be to send WM_CLOSE to the app if it is a Windows base program and wait for a response. However the code for a Kill method might look something like the following:
private bool Kill(string program)
{
bool result = false;
try
{
ProcessEntry[] runningProcesses = ProcessEntry.GetProcesses();
//Check if the system we are about to remove is running or not.
foreach (ProcessEntry process in runningProcesses)
{
if (Path.GetFileName(program).ToLower() ==
Path.GetFileName(process.ExeFile).ToLower())
{
process.Kill();
result = true;
break;
}
}
}
catch
{
result = false;
}
return result;
}
Note the above method uses the OpenNETCF Diagnostic library to get a collection of running programs.

In order to handle shortcuts in terms of whether we need to remove them or re-add them and delete the zero-byte file, we can code something like the following:
//We check both locations for shortcuts, the programs menu and the start menu.
string ieShortcutStartMenuFilePath =
@"\Windows\Start Menu\Internet Explorer.lnk";
string ieShortcutProgramsFilePath =
@"\Windows\Start Menu\Programs\Internet Explorer.lnk";
FileInfo ieShortcutProgramsFile =
new FileInfo(ieShortcutProgramsFilePath);
FileInfo ieShortcutStartMenuFile =
new FileInfo(ieShortcutStartMenuFilePath);

if (ieGranted)
{
//Then access to Microsoft Pocket Internet Explorer is granted.
if (!ieShortcutProgramsFile.Exists && !ieShortcutStartMenuFile.Exists)
{
StreamWriter sw = null;
try
{
StringBuilder sb = new StringBuilder();
if (WindowsMobile5)
{
//WM5 and onwards - default to start menu.
sw = new StreamWriter(ieShortcutStartMenuFilePath);
sw.Write("21#\"\\Windows\\iexplore.exe");
}
else
{
//PPC 2003 - default to Programs folder.
sw = new StreamWriter(ieShortcutProgramsFilePath);
sw.Write("21#:MSPIE");
}
}
catch (Exception)
{
//Handle error
throw;
}
finally
{
if (sw != null)
{
sw.Flush();
sw.Close();
}
}

//We now need to delete the zero byte file, if found.
System.IO.FileInfo ieFile = new FileInfo(@"\Windows\iexplore.exe");
if (ieFile.Exists)
{
//This file should always exist!!!
if (ieFile.Length == 0)
{
try
{
File.Delete(@"\Windows\iexplore.exe");
}
catch (Exception)
{
//Handle exception.
throw;
}
}
else
{
//Then access to Microsoft Internet Explorer is denied.
try
{
//Set the shortcut's file attributes
//to archive to ensure we can delete it.
if (ieShortcutProgramsFile.Exists)
{
ieShortcutProgramsFile.Attributes = FileAttributes.Archive;
ieShortcutProgramsFile.Delete();
}
}
catch (Exception)
{
//Handle exception.
throw;
}

try
{
//Set the shortcut's file attributes to
//archive to ensure we can delete it.
if (ieShortcutStartMenuFile.Exists)
{
ieShortcutStartMenuFile.Attributes = FileAttributes.Archive;
ieShortcutStartMenuFile.Delete();
}
}
catch (Exception)
{
//Handle exception.
throw;
}
}
}
}
There are a couple of points to make with the code above. Notice we are refering to two different locations as to where the shortcut (.lnk) might live, either the Start Menu or in the Programs group. This is because is varies, there is no set standard as to where we might find it. Also notice naming differences on older devices PPC 2003 to that of WM5/6.x.

Don't you just love mobility :)

No comments: