在Windows Mobile的开发中,因为微软基于安全的考虑,对一些API的访问做了限制,所以有时候应用程序需要签名才能运行,这无疑是很麻烦的事情。对于没签名的程序,微软的模拟器会提示如图所示:
如果能跳过微软的安全限制,对于开发无疑是最方便的方法,通过修改注册表信息可以做到这点,如下:
l 通过ActiveSync上传SP_AllowCertificateInstall.cab文件到模拟器目录中并安装;
l 通过ActiveSync上传regeditSTG2.exe文件到模拟器目录中;
l 双击regeditSTG2.exe文件运行,导航到目录HKEY_LOCAL_MACHINE/Security/Policies/Policies/下,然后点击Values键,修改00001005的值为40(默认为16);
l 重新启动模拟器;
l 重新安装CBA(cabinet)应用程序;
其中注册表中各个键值对应的意义如下:
; AutoRun Policy
; Value: 0 - Applications on a CF card are allowed to auto-run
;[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
; "00000002"=dword:0
; RAPI Policy
; Value: 2 - RAPI calls in restricted mode
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001001"=dword:2
; Unsigned cabs role
; (default: SECROLE_USERAUTH)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001005"=dword:10
; Unsigned Applications Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001006"=dword:1
; UNAUTHENTICATED role is used for processing Homescreens
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001007"=dword:40
; TPS Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001008"=dword:1
; Message Authentication Retry Number Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001009"=dword:3
; WAP Signed Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED | SECROLE_OPERATOR_TPS)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100b"=dword:c80
; SL Message Policy
; (default: SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100c"=dword:800
; SI Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100d"=dword:c00
; Unauthenticated Message Policy
; Value: 64 - USER_UNAUTH
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100e"=dword:40
; OTA Provisioning Policy
; (default: OPERATOR_TPS | SECROLE_PPG_TRUSTED | SECROLE_PPG_AUTH | SECROLE_TRUSTED_PPG | USER_AUTH)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100f"=dword:e90
; WSP Push Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001011"=dword:1
; Grant Manager Policy
; (default: OPERATOR_TPS for phone skus; USER_AUTH for non-phone skus)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
IF SKUTYPE=PHONESKU
"00001017"=dword:80
ENDIF ; SKUTYPE=PHONESKU
IF SKUTYPE=PHONESKU !
"00001017"=dword:10
ENDIF ; SKUTYPE=PHONESKU !
; Grant User Auth Policy
; (default: USER_AUTH)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001018"=dword:10
; Trust WAP Proxy Policy
; (default: OPERATOR | OPERATOR_TPS | MANAGER)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001019"=dword:8c
; Unsigned Prompt Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000101a"=dword:0
; Privileged Apps Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000101b"=dword:1
; DRM Security Policy
; (default SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001021"=dword:c00
; Encrypted Mail(USEENCRYPT) Policy
; Applies to Windows Mobile AKU2 and later
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000101e"=dword:1
Default Security Policy Settings for Windows Mobile-based Smartphone
The following code shows the default security policy settings for Windows Mobile-based Smartphone:
; RAPI Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001001"=dword:2
; Unsigned cabs role
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001005"=dword:10
; Unsigned Applications Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001006"=dword:1
; UNAUTHENTICATED role is used for processing Homescreens
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001007"=dword:40
; TPS Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001008"=dword:1
; Message Authentication Retry Number Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001009"=dword:3
; WAP Signed Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED | SECROLE_OPERATOR_TPS)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100b"=dword:c80
; SL Message Policy
; (default: SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100c"=dword:800
; SI Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100d"=dword:c00
; Unauthenticated Message Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100e"=dword:40
; OTA Provisioning Policy
; (default: OPERATOR_TPS | SECROLE_PPG_TRUSTED | SECROLE_PPG_AUTH | SECROLE_TRUSTED_PPG | USER_AUTH)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000100f"=dword:e90
; WSP Push Policy
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001011"=dword:1
; Grant Manager Policy
; (default: OPERATOR_TPS)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001017"=dword:80
; Grant User Auth Policy
; (default: USER_AUTH)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001018"=dword:10
; Trust WAP Proxy Policy
; (default: OPERATOR | OPERATOR_TPS | MANAGER)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001019"=dword:8c
; Unsigned Prompt Policy
;If the registry value is not present, the behavior is the same as setting the value to 0 (zero).
; Privileged Apps Policy
;If the registry value is not present, the behavior is the same as setting the value to 0 (zero).
; DRM Security Policy
; (default SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"00001021"=dword:c00
; Encrypted Mail(USEENCRYPT) Policy
; Applies to Windows Mobile AKU2 and later
[HKEY_LOCAL_MACHINE/Security/Policies/Policies]
"0000101e"=dword:1