通过注册表修改Windows Mobile的签名限制

最新推荐文章于 2025-12-17 14:30:38 发布

最新推荐文章于 2025-12-17 14:30:38 发布 · 117 阅读

文章标签：

#Windows Mobile #Mobile #Windows #Windows Phone #Security

在Windows Mobile的开发中，因为微软基于安全的考虑，对一些API的访问做了限制，所以有时候应用程序需要签名才能运行，这无疑是很麻烦的事情。对于没签名的程序，微软的模拟器会提示如图所示：

如果能跳过微软的安全限制，对于开发无疑是最方便的方法，通过修改注册表信息可以做到这点，如下：

l 通过ActiveSync上传SP_AllowCertificateInstall.cab文件到模拟器目录中并安装；

l 通过ActiveSync上传regeditSTG2.exe文件到模拟器目录中；

l 双击regeditSTG2.exe文件运行，导航到目录HKEY_LOCAL_MACHINE\Security\Policies\Policies\下，然后点击Values键，修改00001005的值为40（默认为16）；

l 重新启动模拟器；

l 重新安装CBA（cabinet）应用程序；

其中注册表中各个键值对应的意义如下：

; AutoRun Policy
; Value: 0 - Applications on a CF card are allowed to auto-run
;[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
; "00000002"=dword:0

; RAPI Policy
; Value: 2 - RAPI calls in restricted mode
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001001"=dword:2

; Unsigned cabs role
; (default: SECROLE_USERAUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001005"=dword:10

; Unsigned Applications Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001006"=dword:1

; UNAUTHENTICATED role is used for processing Homescreens
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001007"=dword:40

; TPS Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001008"=dword:1

; Message Authentication Retry Number Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001009"=dword:3

; WAP Signed Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED | SECROLE_OPERATOR_TPS)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100b"=dword:c80

; SL Message Policy
; (default: SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800

; SI Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100d"=dword:c00

; Unauthenticated Message Policy
; Value: 64 - USER_UNAUTH
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100e"=dword:40

; OTA Provisioning Policy
; (default: OPERATOR_TPS | SECROLE_PPG_TRUSTED | SECROLE_PPG_AUTH | SECROLE_TRUSTED_PPG | USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100f"=dword:e90

; WSP Push Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001011"=dword:1

; Grant Manager Policy
; (default: OPERATOR_TPS for phone skus; USER_AUTH for non-phone skus)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
IF SKUTYPE=PHONESKU
"00001017"=dword:80
ENDIF ; SKUTYPE=PHONESKU
IF SKUTYPE=PHONESKU !
"00001017"=dword:10
ENDIF ; SKUTYPE=PHONESKU !

; Grant User Auth Policy
; (default: USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001018"=dword:10

; Trust WAP Proxy Policy
; (default: OPERATOR | OPERATOR_TPS | MANAGER)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001019"=dword:8c

; Unsigned Prompt Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000101a"=dword:0

; Privileged Apps Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000101b"=dword:1

; DRM Security Policy
; (default SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001021"=dword:c00

; Encrypted Mail(USEENCRYPT) Policy
; Applies to Windows Mobile AKU2 and later
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000101e"=dword:1
Default Security Policy Settings for Windows Mobile-based Smartphone
The following code shows the default security policy settings for Windows Mobile-based Smartphone:
; RAPI Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001001"=dword:2

; Unsigned cabs role
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001005"=dword:10

; Unsigned Applications Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001006"=dword:1

; UNAUTHENTICATED role is used for processing Homescreens
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001007"=dword:40

; TPS Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001008"=dword:1

; Message Authentication Retry Number Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001009"=dword:3

; WAP Signed Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED | SECROLE_OPERATOR_TPS)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100b"=dword:c80

; SL Message Policy
; (default: SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800

; SI Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100d"=dword:c00

; Unauthenticated Message Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100e"=dword:40

; OTA Provisioning Policy
; (default: OPERATOR_TPS | SECROLE_PPG_TRUSTED | SECROLE_PPG_AUTH | SECROLE_TRUSTED_PPG | USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100f"=dword:e90

; WSP Push Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001011"=dword:1

; Grant Manager Policy
; (default: OPERATOR_TPS)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001017"=dword:80

; Grant User Auth Policy
; (default: USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001018"=dword:10

; Trust WAP Proxy Policy
; (default: OPERATOR | OPERATOR_TPS | MANAGER)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001019"=dword:8c

; Unsigned Prompt Policy
;If the registry value is not present, the behavior is the same as setting the value to 0 (zero).

; Privileged Apps Policy
;If the registry value is not present, the behavior is the same as setting the value to 0 (zero).

; DRM Security Policy
; (default SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001021"=dword:c00

; Encrypted Mail(USEENCRYPT) Policy
; Applies to Windows Mobile AKU2 and later
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000101e"=dword:1