Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-25-2020, 17:35
DARKER DARKER is offline
VIP
 
Join Date: Jul 2004
Location: Côte d'Ivoire
Posts: 403
Rept. Given: 14
Rept. Rcvd 111 Times in 46 Posts
Thanks Given: 10
Thanks Rcvd at 561 Times in 153 Posts
DARKER Reputation: 100-199 DARKER Reputation: 100-199
The Windows XP source code was allegedly leaked online

The source code for Windows XP SP1 and other versions of the operating system was allegedly leaked online today. The leaker claims to have spent the last two months compiling a collection of leaked Microsoft source code. This 43GB collection was then released today as a torrent on the 4chan forum. Included in this torrent is the alleged source code for Windows XP and Windows Server 2003, as well as an assortment of even older versions of the operating system.

The contents of the torrent include also:
  • MS DOS 3.30
  • MS DOS 6.0
  • Windows 2000
  • Windows CE 3
  • Windows CE 4
  • Windows CE 5
  • Windows Embedded 7
  • Windows Embedded CE
  • Windows NT 3.5
  • Windows NT 4

Source:
Code:
https://www.bleepingcomputer.com/news/microsoft/the-windows-xp-source-code-was-allegedly-leaked-online/

Last edited by DARKER; 09-25-2020 at 18:04.
Reply With Quote
  #2  
Old 09-25-2020, 18:39
jonwil jonwil is offline
VIP
 
Join Date: Feb 2004
Posts: 379
Rept. Given: 2
Rept. Rcvd 21 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 63 Times in 33 Posts
jonwil Reputation: 21
I have seen the leaked XP code. Its definitely legit Windows code and lots of it (no way anyone could fake that much code).
Reply With Quote
  #3  
Old 09-25-2020, 18:53
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 298
Rept. Given: 106
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 154
Thanks Rcvd at 213 Times in 93 Posts
deepzero Reputation: 64
yeah, it seems legit. But either some usermode libraries are missing or they have some odd handling of their build system - for example, can someone find the entrypoint of GetProcAddress export?
There is LdrGetProcedureAddress in ldrinit.c, but I cant find the actual GetProcAddress entry.

edit: hehe, i must be blind, thanks nulli.

Last edited by deepzero; 09-25-2020 at 21:13.
Reply With Quote
  #4  
Old 09-25-2020, 19:31
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 168
Rept. Given: 42
Rept. Rcvd 22 Times in 12 Posts
Thanks Given: 48
Thanks Rcvd at 71 Times in 51 Posts
nulli Reputation: 22
You can find GetProcAddress here:
Win2K3\base\win32\client\module.c
XPSP1\base\win32\client\module.c
Reply With Quote
The Following 3 Users Say Thank You to nulli For This Useful Post:
deepzero (09-25-2020), morgot (10-03-2020), riverstore (09-27-2020)
  #5  
Old 09-26-2020, 01:25
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 645
Rept. Given: 21
Rept. Rcvd 43 Times in 26 Posts
Thanks Given: 593
Thanks Rcvd at 973 Times in 441 Posts
chants Reputation: 43
I like these kind of releases when doing custom GUI stuff. Simply rip out the handlers for paint and a few other messages and you can have an elegant subclass which handles the drawing, accessibility, dpi, keyboard shortcuts, etc. It is a shame they dont provide this publicly. Though in that area much has changed between XP and now.

Anyway cool release, can see what hacks or weird comments still remain in the code.

Also please share the 3gb torrent with only XP and/or 2003 as that is what most will find worth the bandwidth and storage space.

Last edited by chants; 09-26-2020 at 02:52.
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
sh3dow (11-25-2021)
  #6  
Old 09-26-2020, 03:46
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 375
Rept. Given: 26
Rept. Rcvd 116 Times in 59 Posts
Thanks Given: 54
Thanks Rcvd at 670 Times in 263 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Microsoft has confirmed the leak and is investigating. This is a full leak as well and not just the kernels like the previous leaks that were posted for 2000/NT and Xbox.

Pretty interesting to see and definitely a lot of interesting stuff inside (The full suite of DirectX libraries for DX8.1, GDi/GDI+, drivers, kernel, etc.) Will be interesting to see how many 0days pop up in the next few weeks with this leaking fully publicly now for all versions of Windows.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #7  
Old 09-26-2020, 05:43
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 168
Rept. Given: 42
Rept. Rcvd 22 Times in 12 Posts
Thanks Given: 48
Thanks Rcvd at 71 Times in 51 Posts
nulli Reputation: 22
The Windows XP/2003 source is a nice addition to the collection. But these days its really not a big whoop if you have the Windows 2000+WRK sources. You can use the XP source to get some more hints about how something used to work. Which can help a bit. But there is a lot of internals that have changed in Windows 10 especially.

And with the powerful decompilers we have today combined with debug symbols it's not that hard to figure out what a Windows function does. I have recreated (yes, as in made fully working C/C++ code based on disassembly of Windows 7-10) more than 300 Windows API functions this way.

Worth getting your hands on? Sure! the source is of course interesting if you develop for the Windows platform and like to get down and dirty.
Reply With Quote
  #8  
Old 09-26-2020, 07:31
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 327
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
so SP2 and SP3 still not leaked?
Reply With Quote
  #9  
Old 09-26-2020, 07:34
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 170
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 50
Thanks Rcvd at 88 Times in 55 Posts
Rasmus Reputation: 7
Agree with nulli. Since we have the debug symbols, these days with our decompilers it is not a very difficult task to recreate working source code from the disassembly.
Reply With Quote
  #10  
Old 09-26-2020, 10:23
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 375
Rept. Given: 26
Rept. Rcvd 116 Times in 59 Posts
Thanks Given: 54
Thanks Rcvd at 670 Times in 263 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by nulli View Post
The Windows XP/2003 source is a nice addition to the collection. But these days its really not a big whoop if you have the Windows 2000+WRK sources. You can use the XP source to get some more hints about how something used to work. Which can help a bit. But there is a lot of internals that have changed in Windows 10 especially.
Would say this is more useful towards targeting XP, Vista, and 8 machines along with the server 2k3/2k8 versions for 0days and other exploits. Having the raw source makes it a lot easier to find/track down certain types of exploits vs. just using decompiled information and pdbs as well.

Some stuff is still reused from XP to 10 as well. Graphics related information, some drivers and kernel-level stuff etc. are still similar/the same across every version.

Would also be something more useful to locations such as China who are still a majority user of Windows XP, along with creating their own Windows XP clone OS. This is probably a big deal to them and of interest to them (not to really say they didn't already have this code anyway though).
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #11  
Old 09-26-2020, 11:13
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 645
Rept. Given: 21
Rept. Rcvd 43 Times in 26 Posts
Thanks Given: 593
Thanks Rcvd at 973 Times in 441 Posts
chants Reputation: 43
Having all the pre-optimized control flow, variable names and comments saves a lot of time for sure . Microsoft won't care quite as much if the 0-days aren't affecting Win10 though, the older OS are basically all out of support period beyond some contracts dealing with Win7/8.
Reply With Quote
  #12  
Old 09-26-2020, 11:19
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 170
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 50
Thanks Rcvd at 88 Times in 55 Posts
Rasmus Reputation: 7
Quote:
Originally Posted by chants View Post
Having all the pre-optimized control flow, variable names and comments saves a lot of time for sure . Microsoft won't care quite as much if the 0-days aren't affecting Win10 though, the older OS are basically all out of support period beyond some contracts dealing with Win7/8.
I agree. As long as windows 10 is not affected they will not care.
Reply With Quote
  #13  
Old 09-26-2020, 14:41
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 375
Rept. Given: 26
Rept. Rcvd 116 Times in 59 Posts
Thanks Given: 54
Thanks Rcvd at 670 Times in 263 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Not sure why you guys think nothing in XP is still being used in 10. There is no reason for Microsoft to rewrite everything from scratch every edition or even for a major edition such as 10 outside of the main core and specific libraries that directly require it. I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #14  
Old 09-26-2020, 15:34
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 168
Rept. Given: 42
Rept. Rcvd 22 Times in 12 Posts
Thanks Given: 48
Thanks Rcvd at 71 Times in 51 Posts
nulli Reputation: 22
Quote:
Originally Posted by atom0s View Post
Not sure why you guys think nothing in XP is still being used in 10. There is no reason for Microsoft to rewrite everything from scratch every edition or even for a major edition such as 10 outside of the main core and specific libraries that directly require it. I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.
This will surely help exploit developers (I am not one) but we already have Windows 2000+WRK sources. And the leap from 2000/WRK to XP/2003 is not really that huge. If this was Windows 7 that would be something else entirely.

Legacy code will and always has been part of Windows. You will find NT, 2K, XP code in Windows 10 as well and this will have an impact of things for sure. Its just not that huge in my opinion.
Reply With Quote
  #15  
Old 09-27-2020, 01:56
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 170
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 50
Thanks Rcvd at 88 Times in 55 Posts
Rasmus Reputation: 7
Quote:
Originally Posted by atom0s View Post
I wouldn't be surprised if we see a lot of news popping up in the near future regarding various new 0days, patches from Microsoft to fix known problems that are now going to be mainstream that were ignored for the time being, etc. with this being a public thing now.
Now everything is out in the open. So M$ would have to address it. Else just the blackhats would be the ones silently creating the exploits. Blackhats buy off the code well before any leaks. It is good now that the whitehats can also work on it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
(Q) .NET App Source Code Protection (Silverlight, Windows Phone, Windows 8) delidolunet General Discussion 7 08-02-2013 10:33
SpeedScript book and source code online Warren General Discussion 0 08-04-2005 08:50


All times are GMT +8. The time now is 22:45.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )