According to this thread (http://www.mobileread.com/forums/showthread.php?threadid=3232) Pocket Mechanic contains malicious code that could cause your handheld to hard reset without your knowledge. The author of the thread also posted a few lines of code showing how to do such a hard reset in software.

Is there any smart programmer who knows how to disable these functions, or at least how to "trap" them to prevent a hard reset?[/url]

it is possible to disable such API calls by modifying any Win32 exe or dll file (PocketPC included), and/or use injection techniques to intercept them.

keep in mind the same Win32 API function (KernelIoControl) is used for all sorts of things, including ipaq soft or hard reset but also retrieving the generic OEM device ID and dozens of other uses -- same API call, just with different input arguments.

i personally doubt the software in question in performing a hard reset on purpose -- the laws in the US and past precedents with Desktop PC software would make it a sure disaster (let alone user backlash).

ps: maybe this is a precursor to the first anti-virus software for PocketPC?

ps: maybe this is a precursor to the first anti-virus software for PocketPC?

I'm pretty sure there's already anti-virus (http://www.f-secure.com/wireless/pocketpc/pocketpc-av.shtml) software (http://www.kaspersky.com/homeuser?chapter=4157432) for (http://www.symantec.com/sav/handhelds/) the Pocket (http://airscanner.com/downloads/av/av.html) PC (http://www.mcafeesecurity.com/us/products/mcafee/smb/antivirus/vs_pda_smb.htm) :wink:

I'm pretty sure there's already anti-virus (http://www.f-secure.com/wireless/pocketpc/pocketpc-av.shtml) software (http://www.kaspersky.com/homeuser?chapter=4157432) for (http://www.symantec.com/sav/handhelds/) the Pocket (http://airscanner.com/downloads/av/av.html) PC (http://www.mcafeesecurity.com/us/products/mcafee/smb/antivirus/vs_pda_smb.htm) :wink:

OK OK, Sorry, didn't really mean first, I meant first-first -- I bet the software in question (Pocket M) gets more notice now than any prior pocket pc virus... no?

This "big vulnerability" -- which has in fact been there for at least two years -- is now getting attention... so I simply hope protectors of PocketPCs also pay proper attention (including the anti-virii folks).

-tim
ps: I love GMail Pocket. I translated it to run natively on my device (PHP ported to a new version of local JavaScript Server Pages -- because it's native it does direct SSL to google (avoiding TOS middle-man issues)).

ikeep in mind the same Win32 API function (KernelIoControl) is used for all sorts of things, including ipaq soft or hard reset but also retrieving the generic OEM device ID and dozens of other uses -- same API call, just with different input arguments.
Same function, but different IO CODE! You could check if the function was called with IOCTL_HAL_REBOOT and then perhaps pop up a message asking the user for confirmation... that would be a great solution!