Hacking the PalmOS

1
Hacking the PalmOS

• The Other Side of Programming
• By Larry Garfield
• lgarfiel_at_students.depaul.edu

2
About the PalmOS

• PalmOS is Trap-based
• API calls dont access function directly
• API call trips Trap
• OS looks up Trap in table, calls function

3
PalmOS Guts

• From Window.h
• extern void WinDrawLine (Coord x1, Coord y1,
  Coord x2, Coord y2)
  
• SYS_TRAP(sysTrapWinDrawLine)
• From PalmTypes.h
• define SYS_TRAP(trapNum) _SYSTEM_API(_CALL)(_SYS
  TEM_TABLE, trapNum)
  
• See CoreTraps.h for a full list of Traps (more
  traps than exposed functions)

4
PalmOS Traps
5
The Trap Table

• The Trap table can be accessed directly!
• SysGetTrapAddress()
• SysSetTrapAddress()
• Trap table can be edited at any time (so be
  careful)

6
The Trap Table

• SysGetTrapAddress() returns Void to code block
• Use to get direct address of function for
  efficiency
  
• Call right before tight loop

7
The Trap Table

• SysSetTrapAddress() sets new code block for Trap
• Do not do this yourself!
• If you forget to change it back, all kinds of Bad
  Stuff happens
  
• If another process patches the same Trap, Bad
  Stuff happens
  

8
Bad Stuff Explained
9
Bad Stuff Explained
10
Bad Stuff Explained
11
Bad Stuff Explained
12
Avoiding Bad Stuff

• Hack Managers handle tracking what has patched
  what for you.
  
• Hack Master was original Hack Manager, several
  more since
  
• Teal Master (shareware), X-Master (freeware),
  EVPlugBase, etc.
  

13
Hack Master API

• Set of guidelines for how to structure a code
  block for Hack Manager.
  
• Free floating snippets of code
• No globals
• Stores Trap address info in Features
• Most hacks written with gcc, not CodeWarrior. CW
  doesnt like PilRC and hacks

14
Setting up CodeWarrior

• Create new project
• Add target HelloHack (Device)
• Add one target for each patch, named for what you
  are patching
  
• Set dependencies

15
Setting up CodeWarrior

• For each patch target, go to Target Settings, and
  set the pre- and post-linkers to None
  
• In 68K Target, set the type to PalmOS Code
  Resource, and set the file name, entry point,
  ResType, and ResID
  
• In PalmRez, set the resource file to the temp
  file name

16
Setting up CodeWarrior

• In HelloHack (Device), set Linker to MacOS 68K
  and Post-Linker to PalmRez.
  
• In PalmRez, set the name, Creator ID, type
  HACK.
  
• Dont use the Trap IDs field, well use something
  else

17
Setting up CodeWarrior

• Remove and delete Starter.c, we dont need it.
• Add a dummy startup file to the project, (Device)
  target.
  
• Linker wants an entry point to the program, but
  we have no PilotMain(). So we confuse it.

18
Setting up CodeWarrior

• dummyStartup.c
• ifdef __cplusplus
• extern "C"
• endif
• void __Startup__(void)
• void __Startup__(void)
• ifdef __cplusplus
• endif

19
Setting up CodeWarrior

• Add a file Traps.r
• include the temp files you specified earlier
• Define a resource of type TRAP
• Define your trap redirects
• type 'TRAP'
• hex integer
• resource 'TRAP' (1000)
• 0xA0A7 //Pulled from CoreTraps.h, this one is
  for sysTrapSysUIAppSwitch
  

20
Setting up CodeWarrior

• Add one source file for each trap you are
  patching
  
• Define function pointer prototype
• Your function must be first public function, must
  have same prototype as original
  
• Get Feature for original Trap, then do your
  stuff, then call original Trap

21
Thanks To

• Ben Combee, Metrowerks
• Murray Dowling, HandEraKB
• The nice people in PalmChat for moral support

22
For More Information

• http//www.daggerware.com/hackapi.htm
• http//linkesoft.com/english/xmaster/