Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-25-2020, 17:35
DARKER DARKER is offline
VIP
 
Join Date: Jul 2004
Location: Somewhere Over the Rainbow
Posts: 454
Rept. Given: 15
Rept. Rcvd 119 Times in 51 Posts
Thanks Given: 11
Thanks Rcvd at 731 Times in 194 Posts
DARKER Reputation: 100-199 DARKER Reputation: 100-199
The Windows XP source code was allegedly leaked online

The source code for Windows XP SP1 and other versions of the operating system was allegedly leaked online today. The leaker claims to have spent the last two months compiling a collection of leaked Microsoft source code. This 43GB collection was then released today as a torrent on the 4chan forum. Included in this torrent is the alleged source code for Windows XP and Windows Server 2003, as well as an assortment of even older versions of the operating system.

The contents of the torrent include also:
  • MS DOS 3.30
  • MS DOS 6.0
  • Windows 2000
  • Windows CE 3
  • Windows CE 4
  • Windows CE 5
  • Windows Embedded 7
  • Windows Embedded CE
  • Windows NT 3.5
  • Windows NT 4

Source:
Code:
https://www.bleepingcomputer.com/news/microsoft/the-windows-xp-source-code-was-allegedly-leaked-online/

Last edited by DARKER; 09-25-2020 at 18:04.
Reply With Quote
  #2  
Old 09-25-2020, 18:39
jonwil jonwil is offline
VIP
 
Join Date: Feb 2004
Posts: 387
Rept. Given: 2
Rept. Rcvd 21 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 65 Times in 34 Posts
jonwil Reputation: 21
I have seen the leaked XP code. Its definitely legit Windows code and lots of it (no way anyone could fake that much code).
Reply With Quote
  #3  
Old 09-25-2020, 18:53
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
yeah, it seems legit. But either some usermode libraries are missing or they have some odd handling of their build system - for example, can someone find the entrypoint of GetProcAddress export?
There is LdrGetProcedureAddress in ldrinit.c, but I cant find the actual GetProcAddress entry.

edit: hehe, i must be blind, thanks nulli.

Last edited by deepzero; 09-25-2020 at 21:13.
Reply With Quote
  #4  
Old 09-25-2020, 19:31
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 172
Rept. Given: 41
Rept. Rcvd 22 Times in 12 Posts
Thanks Given: 53
Thanks Rcvd at 73 Times in 53 Posts
nulli Reputation: 22
You can find GetProcAddress here:
Win2K3\base\win32\client\module.c
XPSP1\base\win32\client\module.c
Reply With Quote
The Following 3 Users Say Thank You to nulli For This Useful Post:
deepzero (09-25-2020), morgot (10-03-2020), riverstore (09-27-2020)
  #5  
Old 09-26-2020, 01:25
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 724
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
I like these kind of releases when doing custom GUI stuff. Simply rip out the handlers for paint and a few other messages and you can have an elegant subclass which handles the drawing, accessibility, dpi, keyboard shortcuts, etc. It is a shame they dont provide this publicly. Though in that area much has changed between XP and now.

Anyway cool release, can see what hacks or weird comments still remain in the code.

Also please share the 3gb torrent with only XP and/or 2003 as that is what most will find worth the bandwidth and storage space.

Last edited by chants; 09-26-2020 at 02:52.
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
sh3dow (11-25-2021)
  #6  
Old 09-26-2020, 03:46
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Microsoft has confirmed the leak and is investigating. This is a full leak as well and not just the kernels like the previous leaks that were posted for 2000/NT and Xbox.

Pretty interesting to see and definitely a lot of interesting stuff inside (The full suite of DirectX libraries for DX8.1, GDi/GDI+, drivers, kernel, etc.) Will be interesting to see how many 0days pop up in the next few weeks with this leaking fully publicly now for all versions of Windows.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #7  
Old 09-26-2020, 05:43
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 172
Rept. Given: 41
Rept. Rcvd 22 Times in 12 Posts
Thanks Given: 53
Thanks Rcvd at 73 Times in 53 Posts
nulli Reputation: 22
The Windows XP/2003 source is a nice addition to the collection. But these days its really not a big whoop if you have the Windows 2000+WRK sources. You can use the XP source to get some more hints about how something used to work. Which can help a bit. But there is a lot of internals that have changed in Windows 10 especially.

And with the powerful decompilers we have today combined with debug symbols it's not that hard to figure out what a Windows function does. I have recreated (yes, as in made fully working C/C++ code based on disassembly of Windows 7-10) more than 300 Windows API functions this way.

Worth getting your hands on? Sure! the source is of course interesting if you develop for the Windows platform and like to get down and dirty.
Reply With Quote
  #8  
Old 09-26-2020, 07:31
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
so SP2 and SP3 still not leaked?
Reply With Quote
  #9  
Old 09-26-2020, 07:34
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 174
Rept. Given: 0
Rept. Rcvd 8 Times in 7 Posts
Thanks Given: 106
Thanks Rcvd at 102 Times in 60 Posts
Rasmus Reputation: 8
Agree with nulli. Since we have the debug symbols, these days with our decompilers it is not a very difficult task to recreate working source code from the disassembly.
Reply With Quote
  #10  
Old 09-26-2020, 10:23
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by nulli View Post
The Windows XP/2003 source is a nice addition to the collection. But these days its really not a big whoop if you have the Windows 2000+WRK sources. You can use the XP source to get some more hints about how something used to work. Which can help a bit. But there is a lot of internals that have changed in Windows 10 especially.
Would say this is more useful towards targeting XP, Vista, and 8 machines along with the server 2k3/2k8 versions for 0days and other exploits. Having the raw source makes it a lot easier to find/track down certain types of exploits vs. just using decompiled information and pdbs as well.

Some stuff is still reused from XP to 10 as well. Graphics related information, some drivers and kernel-level stuff etc. are still similar/the same across every version.

Would also be something more useful to locations such as China who are still a majority user of Windows XP, along with creating their own Windows XP clone OS. This is probably a big deal to them and of interest to them (not to really say they didn't already have this code anyway though).
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #11  
Old 09-26-2020, 11:13
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 724
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
Having all the pre-optimized control flow, variable names and comments saves a lot of time for sure . Microsoft won't care quite as much if the 0-days aren't affecting Win10 though, the older OS are basically all out of support period beyond some contracts dealing with Win7/8.
Reply With Quote
  #12  
Old 09-26-2020, 11:19
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 174
Rept. Given: 0
Rept. Rcvd 8 Times in 7 Posts
Thanks Given: 106
Thanks Rcvd at 102 Times in 60 Posts
Rasmus Reputation: 8
Quote:
Originally Posted by chants View Post
Having all the pre-optimized control flow, variable names and comments saves a lot of time for sure . Microsoft won't care quite as much if the 0-days aren't affecting Win10 though, the older OS are basically all out of support period beyond some contracts dealing with Win7/8.
I agree. As long as windows 10 is not affected they will not care.
Reply With Quote
  #13  
Old 09-26-2020, 14:41
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Not sure why you guys think nothing in XP is still being used in 10. There is no reason for Microsoft to rewrite everything from scratch every edition or even for a major edition such as 10 outside of the main core and specific libraries that directly require it. I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #14  
Old 09-26-2020, 15:34
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 172
Rept. Given: 41
Rept. Rcvd 22 Times in 12 Posts
Thanks Given: 53
Thanks Rcvd at 73 Times in 53 Posts
nulli Reputation: 22
Quote:
Originally Posted by atom0s View Post
Not sure why you guys think nothing in XP is still being used in 10. There is no reason for Microsoft to rewrite everything from scratch every edition or even for a major edition such as 10 outside of the main core and specific libraries that directly require it. I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.
This will surely help exploit developers (I am not one) but we already have Windows 2000+WRK sources. And the leap from 2000/WRK to XP/2003 is not really that huge. If this was Windows 7 that would be something else entirely.

Legacy code will and always has been part of Windows. You will find NT, 2K, XP code in Windows 10 as well and this will have an impact of things for sure. Its just not that huge in my opinion.
Reply With Quote
  #15  
Old 09-27-2020, 01:56
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 174
Rept. Given: 0
Rept. Rcvd 8 Times in 7 Posts
Thanks Given: 106
Thanks Rcvd at 102 Times in 60 Posts
Rasmus Reputation: 8
Quote:
Originally Posted by atom0s View Post
I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.
Now everything is out in the open. So M$ would have to address it. Else just the blackhats would be the ones silently creating the exploits. Blackhats buy off the code well before any leaks. It is good now that the whitehats can also work on it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
(Q) .NET App Source Code Protection (Silverlight, Windows Phone, Windows 8) delidolunet General Discussion 7 08-02-2013 10:33
SpeedScript book and source code online Warren General Discussion 0 08-04-2005 08:50


All times are GMT +8. The time now is 17:08.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )