Query the capabilities of a DLL/EXE (Symbian OS)

During the development of Symbian OS application platform security can be problematic. Debugging platform security issues in Symbian OS can be time consuming. Therefore keep in mind the basic rules for platform security:

  • Rule 1: If a process gets created it will run with the capability set as specified in the .MMP file of the executable.
  • Rule 2: If a process loads a DLL this DLL needs to be trusted with the same set or a larger set of capabilities.

For a DLL capabilities are a level of trust and this level of trust (the set of capabilities) is specified in the MMP file. For a EXE capabilities indicate what a process can do (which APIs it is entitled to use).

Mostly an executable links against static interface DLLs (using the LIBRARY keyword in the MMP file). If the executable uses static interface DLLs the code for these DLLs is loaded into the process directly at startup. The file loader loads the code for the EXE and associated DLLs. Simultaneously it checks whether the EXE and set of DLLs complies with the platform security rules. If only one of the DLLs in the LIBRARYs list violates against rule 2, the process will not start.

A common symptom for this is, if you click on an application icon in the shell of the phone, the application does not start. The icon only shortly blinks and then nothing happens anymore.  As a developer, if this symptom shows, you should immediately think “most likely this is a platform security problem”.

Turn to the Series 60 emulator – turn platform security off in the menu – run the application (A) – then try to run the application with platform security enabled in the emulator (B). If the application runs in situation (A), but not in situation (B) it is confirmed that there is a platform security problem.

Now look into the file epocwind.out to find out which capabilities are missing. The file epocwind.out can be found in c:\Documents and Settings\<your username>\Local Settings\Temp (make sure Windows Explorer shows hidden directory – select on “Show hidden files and folders” under Tools | Options | tab View). Search for the text “*PlatSec*”.

For example:

147.680    *PlatSec* ERROR – Capability check failed – Can’t load sample_0x20030359.exe because it links to slogtool.dll which has the following capabilities missing: ReadDeviceData WriteDeviceData NetworkServices ReadUserData WriteUserData Location.

This gives you the information to add the capabilities “ReadDeviceData WriteDeviceData NetworkServices ReadUserData WriteUserData Location” into the MMP file of slogtool.dll to fix the platform security problem. Rule 2 has been violated here. The sample.exe links against slogtool.dll. Sample.exe has capabilities “ReadDeviceData WriteDeviceData NetworkServices ReadUserData WriteUserData Location”, but slogtool.dll has not. The slogtool.dll has less capabilities as the loading process (EXE). Therefore the process can not be started.

Correct the situation in the MMP file of slogtool.dll and compile again for the device (do not forget to re-run bldmake bldfiles) and try to run the application again on the device.

If you are unsure about the capability set for a EXE or DLL then ELFTRAN is a handy tool which comes pre-installed with your Series 60 SDK to query the capability set of a DLL or EXE. See below for examples of the commands. Note that ELFTRAN will only work for DLL/EXEs which have been compiled for the device (armv5 or gcce) and can list the capabilities for DLL/EXEs which have been compiled for the emulator (winscw).

Query the caps of an executable:

elftran -dump s <filename of executable or dll>

Query the dependencies of an executable:

elftran -dump i <arm executable>

Show the exports of a DLL:

elftran -dump e <arm executable>

Note:

petran should be used only for Symbian OS versions before 9.1

If you need more information or expertise on platform security for Symbian OS consult the training page of Inmote or drop me an email at rene@inmote.com.

%d bloggers like this: