Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-25-2020, 17:35
DARKER DARKER is offline
VIP
 
Join Date: Jul 2004
Location: Côte d'Ivoire
Posts: 284
Rept. Given: 13
Rept. Rcvd 91 Times in 36 Posts
Thanks Given: 2
Thanks Rcvd at 136 Times in 58 Posts
DARKER Reputation: 91
The Windows XP source code was allegedly leaked online

The source code for Windows XP SP1 and other versions of the operating system was allegedly leaked online today. The leaker claims to have spent the last two months compiling a collection of leaked Microsoft source code. This 43GB collection was then released today as a torrent on the 4chan forum. Included in this torrent is the alleged source code for Windows XP and Windows Server 2003, as well as an assortment of even older versions of the operating system.

The contents of the torrent include also:
  • MS DOS 3.30
  • MS DOS 6.0
  • Windows 2000
  • Windows CE 3
  • Windows CE 4
  • Windows CE 5
  • Windows Embedded 7
  • Windows Embedded CE
  • Windows NT 3.5
  • Windows NT 4

Source:
Code:
https://www.bleepingcomputer.com/news/microsoft/the-windows-xp-source-code-was-allegedly-leaked-online/

Last edited by DARKER; 09-25-2020 at 18:04.
Reply With Quote
  #2  
Old 09-25-2020, 18:00
Preddy Preddy is online now
Friend
 
Join Date: Dec 2016
Posts: 13
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 15
Thanks Rcvd at 21 Times in 9 Posts
Preddy Reputation: 4
Included in this torrent:

* MS-DOS 3.30 OEM Adaptation Kit (source code)
* MS-DOS 6.0 (source code)
* DDKs / WDKs stretching from Win 3.11 to Windows 7 (source code)
* Windows NT 3.5 (source code)
* Windows NT 4 (source code)
* Windows 2000 (source code)

* Windows XP SP1 (source code)
* Windows Server 2003 (build 3790) (source code)
(file name is 'nt5src.7z')


* Windows CE 3.0 Platform Builder (source code)
* Windows CE 4.2 Shared Source (source code)
* Windows CE 5.0 Shared Source (source code)
* Windows CE 6.0 R3 Shared Source (source code)
* Windows Embedded Compact 7.0 Shared Source (source code)
* Windows Embedded Compact 2013 (CE 8.0) Shared Source (source code)
* Windows 10 Shared Source Kit (source code)
* Windows Research Kernel 1.2 (source code)
* Xbox Live (source code)
(most recent copyright notice in the code says 2009)
* Xbox OS (source code)
(both the "Barnabas" release from 2002, and the leak that happened in May 2020)

Code:
https://forum.exetools.com/showthread.php?t=19662

Last edited by Preddy; 09-26-2020 at 03:09. Reason: :-]
Reply With Quote
The Following 2 Users Say Thank You to Preddy For This Useful Post:
chants (09-26-2020), nimaarek (10-08-2020)
  #3  
Old 09-25-2020, 18:39
jonwil jonwil is offline
VIP
 
Join Date: Feb 2004
Posts: 339
Rept. Given: 2
Rept. Rcvd 19 Times in 7 Posts
Thanks Given: 1
Thanks Rcvd at 44 Times in 28 Posts
jonwil Reputation: 19
I have seen the leaked XP code. Its definitely legit Windows code and lots of it (no way anyone could fake that much code).
Reply With Quote
  #4  
Old 09-25-2020, 18:53
deepzero's Avatar
deepzero deepzero is online now
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 251
Rept. Given: 102
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 111
Thanks Rcvd at 122 Times in 64 Posts
deepzero Reputation: 60
yeah, it seems legit. But either some usermode libraries are missing or they have some odd handling of their build system - for example, can someone find the entrypoint of GetProcAddress export?
There is LdrGetProcedureAddress in ldrinit.c, but I cant find the actual GetProcAddress entry.

edit: hehe, i must be blind, thanks nulli.

Last edited by deepzero; 09-25-2020 at 21:13.
Reply With Quote
  #5  
Old 09-25-2020, 19:31
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 162
Rept. Given: 41
Rept. Rcvd 21 Times in 11 Posts
Thanks Given: 38
Thanks Rcvd at 66 Times in 49 Posts
nulli Reputation: 21
You can find GetProcAddress here:
Win2K3\base\win32\client\module.c
XPSP1\base\win32\client\module.c
Reply With Quote
The Following 3 Users Say Thank You to nulli For This Useful Post:
deepzero (09-25-2020), morgot (10-03-2020), riverstore (09-27-2020)
  #6  
Old 09-26-2020, 01:25
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 576
Rept. Given: 7
Rept. Rcvd 35 Times in 21 Posts
Thanks Given: 501
Thanks Rcvd at 847 Times in 396 Posts
chants Reputation: 35
I like these kind of releases when doing custom GUI stuff. Simply rip out the handlers for paint and a few other messages and you can have an elegant subclass which handles the drawing, accessibility, dpi, keyboard shortcuts, etc. It is a shame they dont provide this publicly. Though in that area much has changed between XP and now.

Anyway cool release, can see what hacks or weird comments still remain in the code.

Also please share the 3gb torrent with only XP and/or 2003 as that is what most will find worth the bandwidth and storage space.

Last edited by chants; 09-26-2020 at 02:52.
Reply With Quote
  #7  
Old 09-26-2020, 03:46
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 302
Rept. Given: 25
Rept. Rcvd 104 Times in 50 Posts
Thanks Given: 49
Thanks Rcvd at 509 Times in 206 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Microsoft has confirmed the leak and is investigating. This is a full leak as well and not just the kernels like the previous leaks that were posted for 2000/NT and Xbox.

Pretty interesting to see and definitely a lot of interesting stuff inside (The full suite of DirectX libraries for DX8.1, GDi/GDI+, drivers, kernel, etc.) Will be interesting to see how many 0days pop up in the next few weeks with this leaking fully publicly now for all versions of Windows.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #8  
Old 09-26-2020, 05:43
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 162
Rept. Given: 41
Rept. Rcvd 21 Times in 11 Posts
Thanks Given: 38
Thanks Rcvd at 66 Times in 49 Posts
nulli Reputation: 21
The Windows XP/2003 source is a nice addition to the collection. But these days its really not a big whoop if you have the Windows 2000+WRK sources. You can use the XP source to get some more hints about how something used to work. Which can help a bit. But there is a lot of internals that have changed in Windows 10 especially.

And with the powerful decompilers we have today combined with debug symbols it's not that hard to figure out what a Windows function does. I have recreated (yes, as in made fully working C/C++ code based on disassembly of Windows 7-10) more than 300 Windows API functions this way.

Worth getting your hands on? Sure! the source is of course interesting if you develop for the Windows platform and like to get down and dirty.
Reply With Quote
  #9  
Old 09-26-2020, 07:31
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 294
Rept. Given: 1
Rept. Rcvd 13 Times in 7 Posts
Thanks Given: 2
Thanks Rcvd at 12 Times in 9 Posts
TmC Reputation: 13
so SP2 and SP3 still not leaked?
Reply With Quote
  #10  
Old 09-26-2020, 07:34
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 101
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 30
Thanks Rcvd at 47 Times in 28 Posts
Rasmus Reputation: 4
Agree with nulli. Since we have the debug symbols, these days with our decompilers it is not a very difficult task to recreate working source code from the disassembly.
Reply With Quote
  #11  
Old 09-26-2020, 10:23
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 302
Rept. Given: 25
Rept. Rcvd 104 Times in 50 Posts
Thanks Given: 49
Thanks Rcvd at 509 Times in 206 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by nulli View Post
The Windows XP/2003 source is a nice addition to the collection. But these days its really not a big whoop if you have the Windows 2000+WRK sources. You can use the XP source to get some more hints about how something used to work. Which can help a bit. But there is a lot of internals that have changed in Windows 10 especially.
Would say this is more useful towards targeting XP, Vista, and 8 machines along with the server 2k3/2k8 versions for 0days and other exploits. Having the raw source makes it a lot easier to find/track down certain types of exploits vs. just using decompiled information and pdbs as well.

Some stuff is still reused from XP to 10 as well. Graphics related information, some drivers and kernel-level stuff etc. are still similar/the same across every version.

Would also be something more useful to locations such as China who are still a majority user of Windows XP, along with creating their own Windows XP clone OS. This is probably a big deal to them and of interest to them (not to really say they didn't already have this code anyway though).
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #12  
Old 09-26-2020, 11:13
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 576
Rept. Given: 7
Rept. Rcvd 35 Times in 21 Posts
Thanks Given: 501
Thanks Rcvd at 847 Times in 396 Posts
chants Reputation: 35
Having all the pre-optimized control flow, variable names and comments saves a lot of time for sure . Microsoft won't care quite as much if the 0-days aren't affecting Win10 though, the older OS are basically all out of support period beyond some contracts dealing with Win7/8.
Reply With Quote
  #13  
Old 09-26-2020, 11:19
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 101
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 30
Thanks Rcvd at 47 Times in 28 Posts
Rasmus Reputation: 4
Quote:
Originally Posted by chants View Post
Having all the pre-optimized control flow, variable names and comments saves a lot of time for sure . Microsoft won't care quite as much if the 0-days aren't affecting Win10 though, the older OS are basically all out of support period beyond some contracts dealing with Win7/8.
I agree. As long as windows 10 is not affected they will not care.
Reply With Quote
  #14  
Old 09-26-2020, 14:41
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 302
Rept. Given: 25
Rept. Rcvd 104 Times in 50 Posts
Thanks Given: 49
Thanks Rcvd at 509 Times in 206 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Not sure why you guys think nothing in XP is still being used in 10. There is no reason for Microsoft to rewrite everything from scratch every edition or even for a major edition such as 10 outside of the main core and specific libraries that directly require it. I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #15  
Old 09-26-2020, 15:34
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 162
Rept. Given: 41
Rept. Rcvd 21 Times in 11 Posts
Thanks Given: 38
Thanks Rcvd at 66 Times in 49 Posts
nulli Reputation: 21
Quote:
Originally Posted by atom0s View Post
Not sure why you guys think nothing in XP is still being used in 10. There is no reason for Microsoft to rewrite everything from scratch every edition or even for a major edition such as 10 outside of the main core and specific libraries that directly require it. I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.
This will surely help exploit developers (I am not one) but we already have Windows 2000+WRK sources. And the leap from 2000/WRK to XP/2003 is not really that huge. If this was Windows 7 that would be something else entirely.

Legacy code will and always has been part of Windows. You will find NT, 2K, XP code in Windows 10 as well and this will have an impact of things for sure. Its just not that huge in my opinion.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 01:35.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )