Linked by Thom Holwerda on Wed 29th Nov 2006 20:49 UTC, submitted by frik85
ReactOS, the open source implementation of a Windows XP/2003 compatible operating system, just published a new interview in their series of interviews with ReactOS developers. Today's interview features the main DirectX implementation developer Magnus Olsen.
Permalink for comment 186783
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:
2006-11-24
part 3 of the deleted mail:
So I thought, what the heck, I'm only reversing some functions to better
understand Dave Probert's PDFs and Windows Internals, I'm not doing
anythign as bad as that! But there was more! Some time ago while
rewriting parts of the Object Manager, I stumbled upon our Security
Descriptor cache implementation, written by XXXXX. I was surprised at
how well it was implemented, compared to how different the other parts
of the Object Manager were. One quick look at IDA confirmed why. The
entire file/functions were reversed, clearly transalted from ASM to C.
However, all the functions and private variables were renamed. But they
were still used in the same way, called with the same parameters, and
did the same things. Additionnally, since this is hashing, which
involves masks and bit manipulation, it's really hard to magically
create the same hashing implementation as Windows, without having looked
at Windows's assembly. I saw know problem with this, and I thought XXXXX
was cool to follow my methods. The code which he had written was
perfect, down to the hashing implementation. But it was clearly
reversed. I had no problem with this. Then, recently, XXXXX came to talk
to me about his cmlib, and I took a look at the previous registry code
which read the hives. The actual hive data structures are documented in
the PDBs if you know how to look, but ours had different names, and some
stuff was marked as "unknown". Evidently, someone had taken the time to
reverse-engineer the windows NT hive format. Some of the intenral hive
functions closely matched Windows's, but did things such as
Foo->Unknown0 = 0xBA. If this was truly a "Clean-room implementation", I
fail to see why anyone would have written such code. When you
implementing something by yourself, you usually don't name your members
Unknown0, and you don't give them cyptic HEX numbers. Is this for
compatibility maybe? Someone possibly reversed some driver or 3rd party
tool? (XXXXX often brings this up as an excuse). No, impossible. No
drivers access these structures, nor any 3rd-party tools. In fact, not
even the NT Kernel itself uses them outside of very specific Hv* code.
While looking at WinDBG and the checked build, Unknown0 was documented
with its proper name, and 0xBA became a bit mask of certain flags ORed
together. As XXXXX was working on cmlib, he had to change much of the
previous code, and I discussed with him his dubious usage of such member
names and accused him of reversing. He told me, quite simply, that some
of the parts I complained about were the previous code. Whose? XXXXX.
Because of the Ob SD Hash code I had seen earlier, this came as no
surprise to me. It was further proof that, much like me, XXXX was a
reverse engineer. I then spent 4 hours reviewing XXXXX code, in which I
used IDA to verify some things. When the arguments got heated, so did
he, and he had no trouble accepting my modifications as seen because of
IDA, nor using it to verify some things himself. Yet another person was
working much in the same fashion as me, using IDA for implementation
and/or verification.
But were these all the people that motivated me to continue working in
much the same way as them? There were more. As I mentionned much
earlier, XXXXX and I often did debugging sessions together to try to get
his USB drivers working, and to get windows's USB drivers workin in ROS.
One big problem XXXXX was having is that interrupts werent' working
fine, and he had no idea what was wrong with our HAL. I jokingly
suggested for him to look at the NT4 source code. Haha, he said; he
already had! Since he was now part of the "little gang", I had no
trouble being openly honest with him about my adventures with the NT4
source code too, and how I was trying to recompile it so get it working
on XBOX, for my own internal private usage. We then talked about another
big leak: the XBOX 1 kernel source code, a subset of win2k. In one later
discussion, XXXXX pointed out to me that "he had tried everything to
find the problem: NT4 HAL, XBOX USB Stack, Linux USB stack, IDA, etc". I
did not mind that our USB stack was not only 100% linux based, but that
some information had also been gleaned from highly illegal MS
intelectual property. This is because I knew that 99.999% of the code
was from Cromwell, and just like I hadn't used my NT4 source-code access
to help ROS, XXXXX probably wans't either. But knowing all these people
doing all these things, much as myself, covinced me there was no problem
in my continuned reverse-engineering.
XXXXX, XXXXX, XXXXX and myself had leaked windows code and looked at it.
XXXXX, XXXXX, XXXXX, XXXXX and XXXXX had IDA and used it for reverse
engineering. 9 developers, and these are only some cases. XXXXX too,
sometimes used IDA to verify some flags (I once helped him understand a
weird DEVICE_EXTENSION structure), and XXXXX, although against
reverse-engineering, also used IDA to verify some implementations,
although he said he never used it to actually reverse-engineer, and I
believe him, although, once you have seen the taint, it's hard to really
psycologically prove how much you were, or were not influenced by it.
With more then 2/3rds of the entire developer team having broken the law
and/or our IP policy, I continued my work in the same way.