Privileged APIs
In addition to the original equipment manufacturer functions, the CeGetCurrentTrust and CeGetCallerTrust API functions enable a DLL to query the trust level of a calling application.
The following table shows the API functions that can be called only by privileged applications.
The following table shows file-based API functions that are influenced by the SYSTEM attribute that can be set on a file. For more information, see File System Security.
| API | API |
|---|---|
| CreateFile | CreateFileForMapping |
| CopyFile | DeleteFile |
| DeleteAndRenameFile | MoveFile |
| RemoveDirectory | SetFileAttributes |
The following table shows database API functions that are influenced by the SYSTEM attribute that can be set on a database. For more information, see Database Security.
| API | API |
|---|---|
| CeMountDBVol | CeCreateDatabaseEx2 |
| CeOpenDatabaseEx2 | CeDeleteDatabaseEx |
| CeSetDatabaseInfoEx2 |
In addition, the debug flags DEBUG_ONLY_THIS_PROCESS and DEBUG_PROCESS of the CreateProcess API are restricted. If these flags are used by a normal application, the identified process will still launch but no debugging will occur.
Debug flags, DEBUG_ONLY_THIS_PROCESS and DEBUG_PROCESS, in the CreateProcess API are restricted as well.
The secure registry architecture in Windows CE allows only privileged applications that you have identified to modify keys and values in protected portions of the registry.
Because most of the registry is unprotected, original equipment manufacturers must place all-important registry information in one of the protected keys.
**Note **All applications have read-only access to all registry keys and values.
In Windows CE, the following registry root keys and their subkeys are protected from normal applications:
- HKEY_LOCAL_MACHINE\Comm
- HKEY_LOCAL_MACHINE\Drivers
- HKEY_LOCAL_MACHINE\HARDWARE
- HKEY_LOCAL_MACHINE\Init
- HKEY_LOCAL_MACHINE\Services
- HKEY_LOCAL_MACHINE\SYSTEM
- HKEY_LOCAL_MACHINE\WDMDrivers
Normal applications are also not allowed to modify protected data. They receive the ERROR_ACCESS_DENIED return value if they attempt to use the following registry functions:
- RegSetValueEx
- RegCreateKeyEx
- RegDeleteKey
- RegDeleteValue
Windows Mobile 5.0
In Windows Mobile 5.0 software there are additional APIs and registry root keys that are also protected from normal applications.
The following table shows the Extended Telephony Application Program Interface (ExTAPI) functions that can be called by privileged applications.
The following table shows the SIM Manager functions that can be called by privileged applications.
| API | API |
|---|---|
| SimChangeLockingPassword | SimReadRecord |
| SimDeleteMessage | SimSetLockingStatus |
| SimGetRecordInfo | SimUnlockPhone |
| SimGetSmsStorageStatus | SimWriteMessage |
| SimReadMessage | SimWriteRecord |
The following table shows the Short Message Service (SMS) functions that can be called by privileged applications.
| API |
|---|
| SmsClearMessageNotification |
| SmsSetMessageNotification |
| SmsSetSMSC |
The following table shows other functions that can be called by privileged applications.
| API |
|---|
| Connection Manager function ConnMgrProviderMessage |
| Critical Process Monitor function CPMRegister (Reboot) |
In Windows Mobile 5.0-based devices, the following registry root keys and subkeys are protected from unprivileged applications in addition the list for Windows CE:
- HKEY_LOCAL_MACHINE\Security
- HKEY_CURRENT_USER\Security
- HKEY_LOCAL_MACHINE\Loader
See Also
Windows Mobile-based Device Security Model | Security for Windows Mobile-based Devices
Send Feedback on this topic to the authors