Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   The Windows XP source code was allegedly leaked online (https://forum.exetools.com/showthread.php?t=19661)

DARKER 09-25-2020 17:35

The Windows XP source code was allegedly leaked online
 
The source code for Windows XP SP1 and other versions of the operating system was allegedly leaked online today. The leaker claims to have spent the last two months compiling a collection of leaked Microsoft source code. This 43GB collection was then released today as a torrent on the 4chan forum. Included in this torrent is the alleged source code for Windows XP and Windows Server 2003, as well as an assortment of even older versions of the operating system.

The contents of the torrent include also:
  • MS DOS 3.30
  • MS DOS 6.0
  • Windows 2000
  • Windows CE 3
  • Windows CE 4
  • Windows CE 5
  • Windows Embedded 7
  • Windows Embedded CE
  • Windows NT 3.5
  • Windows NT 4

Source:
Code:

https://www.bleepingcomputer.com/news/microsoft/the-windows-xp-source-code-was-allegedly-leaked-online/

jonwil 09-25-2020 18:39

I have seen the leaked XP code. Its definitely legit Windows code and lots of it (no way anyone could fake that much code).

deepzero 09-25-2020 18:53

yeah, it seems legit. But either some usermode libraries are missing or they have some odd handling of their build system - for example, can someone find the entrypoint of GetProcAddress export?
There is LdrGetProcedureAddress in ldrinit.c, but I cant find the actual GetProcAddress entry.

edit: hehe, i must be blind, thanks nulli.

nulli 09-25-2020 19:31

You can find GetProcAddress here:
Win2K3\base\win32\client\module.c
XPSP1\base\win32\client\module.c

chants 09-26-2020 01:25

I like these kind of releases when doing custom GUI stuff. Simply rip out the handlers for paint and a few other messages and you can have an elegant subclass which handles the drawing, accessibility, dpi, keyboard shortcuts, etc. It is a shame they dont provide this publicly. Though in that area much has changed between XP and now.

Anyway cool release, can see what hacks or weird comments still remain in the code.

Also please share the 3gb torrent with only XP and/or 2003 as that is what most will find worth the bandwidth and storage space.

atom0s 09-26-2020 03:46

Microsoft has confirmed the leak and is investigating. This is a full leak as well and not just the kernels like the previous leaks that were posted for 2000/NT and Xbox.

Pretty interesting to see and definitely a lot of interesting stuff inside (The full suite of DirectX libraries for DX8.1, GDi/GDI+, drivers, kernel, etc.) Will be interesting to see how many 0days pop up in the next few weeks with this leaking fully publicly now for all versions of Windows.

nulli 09-26-2020 05:43

The Windows XP/2003 source is a nice addition to the collection. But these days its really not a big whoop if you have the Windows 2000+WRK sources. You can use the XP source to get some more hints about how something used to work. Which can help a bit. But there is a lot of internals that have changed in Windows 10 especially.

And with the powerful decompilers we have today combined with debug symbols it's not that hard to figure out what a Windows function does. I have recreated (yes, as in made fully working C/C++ code based on disassembly of Windows 7-10) more than 300 Windows API functions this way.

Worth getting your hands on? Sure! the source is of course interesting if you develop for the Windows platform and like to get down and dirty.

TmC 09-26-2020 07:31

so SP2 and SP3 still not leaked?

Rasmus 09-26-2020 07:34

Agree with nulli. Since we have the debug symbols, these days with our decompilers it is not a very difficult task to recreate working source code from the disassembly.

atom0s 09-26-2020 10:23

Quote:

Originally Posted by nulli (Post 121266)
The Windows XP/2003 source is a nice addition to the collection. But these days its really not a big whoop if you have the Windows 2000+WRK sources. You can use the XP source to get some more hints about how something used to work. Which can help a bit. But there is a lot of internals that have changed in Windows 10 especially.

Would say this is more useful towards targeting XP, Vista, and 8 machines along with the server 2k3/2k8 versions for 0days and other exploits. Having the raw source makes it a lot easier to find/track down certain types of exploits vs. just using decompiled information and pdbs as well.

Some stuff is still reused from XP to 10 as well. Graphics related information, some drivers and kernel-level stuff etc. are still similar/the same across every version.

Would also be something more useful to locations such as China who are still a majority user of Windows XP, along with creating their own Windows XP clone OS. This is probably a big deal to them and of interest to them (not to really say they didn't already have this code anyway though).

chants 09-26-2020 11:13

Having all the pre-optimized control flow, variable names and comments saves a lot of time for sure :). Microsoft won't care quite as much if the 0-days aren't affecting Win10 though, the older OS are basically all out of support period beyond some contracts dealing with Win7/8.

Rasmus 09-26-2020 11:19

Quote:

Originally Posted by chants (Post 121271)
Having all the pre-optimized control flow, variable names and comments saves a lot of time for sure :). Microsoft won't care quite as much if the 0-days aren't affecting Win10 though, the older OS are basically all out of support period beyond some contracts dealing with Win7/8.

I agree. As long as windows 10 is not affected they will not care.

atom0s 09-26-2020 14:41

Not sure why you guys think nothing in XP is still being used in 10. There is no reason for Microsoft to rewrite everything from scratch every edition or even for a major edition such as 10 outside of the main core and specific libraries that directly require it. I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.

nulli 09-26-2020 15:34

Quote:

Originally Posted by atom0s (Post 121274)
Not sure why you guys think nothing in XP is still being used in 10. There is no reason for Microsoft to rewrite everything from scratch every edition or even for a major edition such as 10 outside of the main core and specific libraries that directly require it. I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.

This will surely help exploit developers (I am not one) but we already have Windows 2000+WRK sources. And the leap from 2000/WRK to XP/2003 is not really that huge. If this was Windows 7 that would be something else entirely.

Legacy code will and always has been part of Windows. You will find NT, 2K, XP code in Windows 10 as well and this will have an impact of things for sure. Its just not that huge in my opinion.

Rasmus 09-27-2020 01:56

Quote:

Originally Posted by atom0s (Post 121274)
I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.

Now everything is out in the open. So M$ would have to address it. Else just the blackhats would be the ones silently creating the exploits. Blackhats buy off the code well before any leaks. It is good now that the whitehats can also work on it.


All times are GMT +8. The time now is 15:00.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX