Google denies disassembling Vista software

The source code underlying Google's Chrome Web browser suggests that Google used a reverse-engineering technique called disassembly to figure out how to employ a useful Windows Vista security feature, but the company said it didn't, in fact, do so.

The Chrome source code said a particular security feature available on Vista, Data Execution Prevention, can be used on Windows XP SP2 and Windows Server 2003 SP1, though it's not documented for the older operating systems. The source code also said the feature can be understood with a disassembler, a method of reverse-engineering that deconstructs a binary file--such as Windows--into instructions more easily understood by a human.

An explanatory comment in the Chrome source code mentions use of a disassembler to figure out the security feature. "Completely undocumented from Microsoft. You can find this information by disassembling Vista's SP1 kernel32.dll with your favorite disassembler," the comment says.

But Google itself didn't take that route. "We did not disassemble this code," the company said in a statement. "The source code indicates that the technique came from http://www.uninformed.org/?v=2&a=4. Please also note that...disassembling is just one of several methods one can use to find this information."

Software companies trying to protect their proprietary software often aren't fans of disassemblers. For example, Vista's End-User License Agreement (PDF) states, "You may not...reverse-engineer, decompile, or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation."

Google stuck up for the practice, though. "Disassembling is a common and accepted practice in software development, frequently used to make sure software features are compatible with other software programs or operating systems," the company said.

Regarding the Data Execution Prevention interface, the Chrome source code says, "Try documented ways first. Only available on Vista SP1 and Windows 2008." The method described at Uninformed comes in a later section, labeled thus: "Go in darker areas. Only available on Windows XP SP2 and Windows Server 2003 SP1."

[smokinmunky]

Do no evil, right?

[mathue_tax]

Security experts do this quite often and they are praised. Why it's suddenly an EVIL thing for Google to have _SUPPOSEDLY_ done, and there is no proof that they have; is beyond me.

[Astinsan]

Who cares... Every real programmer has done this.

I can remember a undocumented CGA video mode that nobody knew about... being exposed this way.

It isn't like they are selling windows under another name. There wasn't any unethical things happening. It will probably make vista worth more in the long run. (and nt,2k,xp since they employ the same execution protection)

[Renegade Knight]

Bingo. If MicroSoft actually told folks how to interface with Vista like they should (it's an OS after all) this would be a non issue. Since they don't programmers have to figure out how to work with the OS on their own (it's still an OS after all) since programs need to work with windows to run under that OS.

It's a non issue. Call it fair use.

[PhaseDMA]

Looking at source code is evil?

[Dalkorian]

No, looking at fista is. ;-)

[sythara]

"You may not...reverse-engineer, decompile, or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation."

So if you didnt accept the agreement and never installed Vista, does that still apply?

[Renegade Knight]

No. Even if it does apply so does fair use. How can a programmer write a program that runs in Vista without complete information on interfacting with Vista? If MS doesn't give that out like they should, it's fair use for programers to figure it out on their own.

[Lerianis]

Renegade Knight has it exactly right. The DMCA makes a SPECIFIC (period and done with here) exemption for SOFTWARE INTEROPERABILITY THINGS! Microsoft, if they decided to take this to court..... they would be LAUGHED out of it.
There is nothing wrong with 'disassembling' software and using code in it to make your own products better. In fact, I say that should be protected innovation, even though you are basically 'stealing' code from someone else, you are usually not using their whole product, just pieces of it.

[bigpicture]

Wrong, It's "don't be evil". The subtle difference being input "intent" versus perceived outcome or result.

[spankyj]

This has been doc'd for some time hasn't it?

http://support.microsoft.com/kb/875352

[The_happy_switcher]

If they really wanted to know what the inside of a turd looks like they could have gone to the nearest bathroom.

[CTO_Dude]

...and there you would find a Mac sitting in the bottom of the toilet.

[The_happy_switcher]

...or a picture of you.

[buggermenot]

Microsoft keeping Windows features hidden to help the success of their own software... Microsoft have done this before, typical dirty tactics from a dirty company.
I guess you could argue Google isn't perfect either, but at least Google help keep the market moving forward with their inspiring, innovative and effective products.

[Lerianis]

Other companies have done this as well, buggermenot. The one who is REALLY hell for doing this... give me a "A P P L E! APPLE!"
They are the worst for this ****, trying to hide their code and NEVER wanting to give it out unless you pay them EXTREME money.

[viper396]

What reverse engineering was necessary??? This article implies that Data Excecution Prevent is not documented or present in XP or Server 2003. On any XP machine, go into System Properties --> Advanced --> Performance Settings; DEP is right there. It was never a secret in XP or Server 2003 and was always documented. Try searching the internet. Google's own search engine can find the documentation.

Seems the author of this story is more inclined at trying to make up the news rather then simply report it. Just disgraceful and irresponsible.

[Lerianis]

Yeah, it is clearly documented in XP as well as Vista. I knew that, because I had it turned on (and still do) on ALL my pc's.

[anythingbutmicrosoft]

In this particular case, what is the big deal? Microsoft is a convicted monopolist that has caused great harm to society, Bill Gates should have done some jail time. In my opinion it is not breaking any laws to disassemble, pirate, do anything to or with MS products.

[Lerianis]

Well, you are right on everything but the pirate part. Frankly, I am okay with everything else: disassembling is okay, stripping code is okay, etc.
Just not pirating UNLESS you have bought a legal version of Vista for one of your PC's (I have a legal version on two of mine). Then, I am okay with you installing 'illegallly' on three computers for each copy of Vista that you have or that came pre-installed on your computer.

[CTO_Dude]

@anythingbutmicrosoft Comments from someone with the handle "anythingbutmicrosoft" should be ignored and thought of as pure uninformed garbage.

[Lerianis]

Not totally. He is right on the 'shouldn't be against the law to disassemble' but that doesn't just apply to Microsoft products. It applies to ALL software products from Microsoft or not from Microsoft.

[Jim Hubbard]

We should all be pushing for Open Data Format Legislation. The simple idea is that any software distribution that stores any type of user data should also be forced by federal law to disclose the format of that data storage and that other software companies should have the rights to use the data format to read, write and convert user data for use in other software applications at the data owner's (user's) request.

This would force companies like Microsoft and Quickbooks to get and keep market share based on the service and usability and affordability of their software.....not based on fear and locking in users using proprietary data formats.

Who's with me?

[Vegaman_Dan]

So... Google says they didn't reverse engineer the product but reserve the right to use reverse engineering at any time or place and not disclose that information. Hmm. <P>
How many politicians would love to have this sort of double standard available to them? They reserive the right to lie at any time- as well as lie about lying in the first place.<p>
Gives you a real nice warm and fuzzy feeling deep inside doesn't it? <p>
Oh wait, that's just gas.