BetaArchive Logo
Navigation Home Database Screenshots Gallery Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 3d, 20h, 44m | CPU: 47% | MEM: 5239MB of 11487MB used
{The community for beta collectors}

Post new topic Reply to topic  [ 24 posts ] 
Author Message
 PostPost subject: Tom's Reverse Engineering Guides        Posted: Sun Mar 24, 2013 8:08 pm 
Reply with quote
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
So, I've been doing this sort of thing as a hobby for the while now, and reverse engineering is a handy skill to have when working with Betas.

In the interests of educating users, I've therefore started a blog where I will detail not just any hacks I developed, but how I have developed them, in the hope that it will help more users get involved in reverse engineering.

I've started with detailing what went into my Chicago Build 73g Start Menu hack.

I'm going to split the articles into two main categories - Theming (ie, UI Customisation), and Unlocking (ie, new functionality in Betas).

I've got a few subject matters that I'll delve into over time, but suffice to say, Longhorn .NET stuff is probably going to feature rather heavily. I'll probably document the "Big Nav Button" and "Start Button" hacks I developed for Panda's Longhorn themes for Windows 7 as well though. I'm also open to topics, both to investigate and to document, even if they're not my innovation. For example, I may also document how the various red-pill patches for Windows 8 betas worked.

http://reverse.ms/

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Sun Mar 24, 2013 8:38 pm 
Reply with quote
Donator
Offline

Joined
Tue Dec 14, 2010 4:02 pm

Posts
5750
It's definetly an interesting subject, so I'm looking forward to your articles. ;)


Top  Profile
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Sun Mar 24, 2013 8:38 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Thu Nov 29, 2007 11:33 pm

Posts
3899

Location
Where do you want to go today?

Favourite OS
All Microsoft operating systems!
It's interesting that you post these guides, and I'm sure that it will be a great insight to the members here. It's also good to at least see some professional content being posted.

As for the Start Menu in Chicago Build 73g, this is what I personally think:
Personally, I think that it was disabled by default due to it still being officially "Microsoft Confidential". In other words, I believe that it was disabled for the particular beta release (PDC 1993), most likely due to bugs that they didn't want in a public release, so probably, only those who either worked at Microsoft or were very close with Microsoft were allowed to enable it for themselves.

Battler might know more about it than I do (even though I also used to collect these builds as a top priority as he still does), but anyway, I'm sure that it was hidden from the public for a reason, and likely, the Microsoft employees themselves were strictly prohibited from revealing it or otherwise allowing other people to enable it themselves without the company's permission.


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Sun Mar 24, 2013 8:41 pm 
Reply with quote
Donator
Offline

Joined
Tue Dec 14, 2010 4:02 pm

Posts
5750
Yeah, that was most likely the case. It's basically identical to the one in 81, except that some items don't work yet.


Top  Profile
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Sun Mar 24, 2013 8:41 pm 
Reply with quote
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
WinPC wrote:
Personally, I think that it was disabled by default due to it still being officially "Microsoft Confidential". In other words, I believe that it was disabled for the particular beta release (PDC 1993), most likely due to bugs that they didn't want in a public release, so probably, only those who either worked at Microsoft or were very close with Microsoft were allowed to enable it for themselves.


Probably. The case is strengthened by the fact that not all menu items on the new menu actually go anywhere in it yet.

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Sun Mar 24, 2013 9:18 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Thu Nov 29, 2007 11:33 pm

Posts
3899

Location
Where do you want to go today?

Favourite OS
All Microsoft operating systems!
Exactly. And another reason for this is also likely due to press reviews. I mean, at the time, if they revealed it before it was fully functional (especially if they didn't even give the user a choice between the old taskbar and the new taskbar), then it would likely give the beta release (and really the operating system itself) a bad image, not to mention that it would also likely be regarded as buggy, incomplete, and unstable, rather than actually being usable on a daily basis (at least in the opinions of most people), which is I'm sure what Microsoft had intended for this particular release.

The new Start button and Start Menu were also likely covered under a strict Non-Disclosure Agreement at the time, meaning that even most Microsoft employees themselves were almost certainly strictly prohibited from revealing it to the public without the permission of the company itself.

What is most likely is that they tested both setups on actual Windows users themselves, and found that most users preferred the new Start Menu setup, and were working on it for a future release.


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Sun Mar 24, 2013 9:57 pm 
Reply with quote
Donator
Offline

Joined
Sat Sep 09, 2006 6:43 am

Posts
783

Favourite OS
Win10/Debian Linux
Interesting post, Hounsell. I've been tinkering with RCE for a few years now, with very little results to show for it. I must applaud your efforts in getting these bits into working order :D

_________________
Need disks scanned in the USA? I have a Kryoflux, and am willing to help get your disks archived! I also offer xbox and xbox 360 repair and modding services. PM me for details!


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 11:21 am 
Reply with quote
Donator
Offline

Joined
Sat Aug 21, 2010 5:10 pm

Posts
982

Location
In front of my Toughbook

Favourite OS
UZI180
I have done similar before the leak of IDA 6.1.

_________________
Stephen Elop….I curse you, that after your death your soul will be forever trapped in the sourcecode of Windows and one day Microsoft will fall because of that virus code!


Top  Profile
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 6:47 pm 
Reply with quote
Offline

Joined
Sat Apr 02, 2011 4:41 pm

Posts
27

Favourite OS
Windows Neptune 5111
While this is an interesting topic and good first article, an explanation where to look for correct file offset and how to get to it in hex editor would have been better instead of searching for a matching pattern. Though the odds are small, it is possible to have several identical bytecode fragments.
Also (it's only my personal preference) I would change the entry point to make explorer load a dll that modifies the executable in memory to make changes. It comes handy if there is need to replace entire functions or adding hooks.
Anyway, thumbs up for writing such tutorials and good luck with next ones.


Top  Profile
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 7:33 pm 
Reply with quote
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
Dzeimis wrote:
While this is an interesting topic and good first article, an explanation where to look for correct file offset and how to get to it in hex editor would have been better instead of searching for a matching pattern. Though the odds are small, it is possible to have several identical bytecode fragments.


You're right here. I've actually being doing a matching pattern out of habit for ages, I've literally only just noticed now that I've gone to look for it, that the file offset is in the bottom left hand corner of the hex window in IDA. I'll update my guide soon to fix this.

Dzeimis wrote:
Also (it's only my personal preference) I would change the entry point to make explorer load a dll that modifies the executable in memory to make changes. It comes handy if there is need to replace entire functions or adding hooks.
Anyway, thumbs up for writing such tutorials and good luck with next ones.


For larger changes, or across multiple files, I'd definitely agree with you. For something as minor as this, and in as unusual an environment (a very early Chicago build), I just personally feel the simplicity and definitive nature of a patch is preferable.

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 8:46 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Thu Nov 29, 2007 11:33 pm

Posts
3899

Location
Where do you want to go today?

Favourite OS
All Microsoft operating systems!
Also, the problem with making further changes to the files themselves is that it also ruins the originality. My point here is this: If you want to enable the updated features, you should NOT make any other changes to the files themselves except where absolutely necessary. Otherwise, it just results in a hackjob, rather than a clean modification (that is, it would result in a modification that would almost certainly have been significantly different from what the Microsoft developers themselves would have used).


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 8:48 pm 
Reply with quote
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
WinPC wrote:
Also, the problem with making further changes to the files themselves is that it also ruins the originality. My point here is this: If you want to enable the updated features, you should NOT make any other changes to the files themselves except where absolutely necessary. Otherwise, it just results in a hackjob, rather than a clean modification (that is, it would result in a modification that would almost certainly have been significantly different from what the Microsoft developers themselves would have used).


The whole point of that modification is that it *was* a hackjob, because it wasn't possible any other way.

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 8:50 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Thu Nov 29, 2007 11:33 pm

Posts
3899

Location
Where do you want to go today?

Favourite OS
All Microsoft operating systems!
What I mean by "clean modification" (as I said above) was the method of modifying the files that would have no doubt been used by the Microsoft developers themselves; that is, simply enabling the said functionality without adding in new functionality or extra files, and without making further changes to the code. Whereas the other way would simply add unnecessary changes, and would thus make it less authentic.


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 9:34 pm 
Reply with quote
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
The "other" solution here is to not modify the file at all, but to simply write something to modify it in RAM.

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 10:42 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Thu Nov 29, 2007 11:33 pm

Posts
3899

Location
Where do you want to go today?

Favourite OS
All Microsoft operating systems!
Personally, if I had to guess, the developers at Microsoft would have used a resource editor, such as Borland Resource Workshop (or possibly a Microsoft equivalent, if there was one). Either that, or they might have also made changes to the original source code and then recompiled it from there.


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 10:59 pm 
Reply with quote
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
WinPC wrote:
Either that, or they might have also made changes to the original source code and then recompiled it from there.


I think it's obviously this one.

The changes I made to the code could be simply made by changing two lines of code.

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Mon Mar 25, 2013 11:53 pm 
Reply with quote
Offline

Joined
Sat Apr 02, 2011 4:41 pm

Posts
27

Favourite OS
Windows Neptune 5111
Well, the reason why I often use a dll hooked on entry point is that I like to poke at various places of the program, see what variables are passed to functions, how they behave if something is changed somewhere and so on. Also sometimes it is nice to have a possibility to choose which changes I want to apply.


Top  Profile
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Tue Mar 26, 2013 3:38 am 
Reply with quote
FTP Access
Offline

Joined
Thu Mar 29, 2012 3:56 am

Posts
197

Location
Somewhere in the island that is formerly a U.S. colony.
But how about unlocking Start Screen in Windows 8 Build 7989?

_________________
*This account is on hiatus mode*


Top  Profile
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Tue Mar 26, 2013 3:51 am 
Reply with quote
Donator
User avatar
Offline

Joined
Sat Jan 12, 2013 9:08 am

Posts
741

Location
Washington State

Favourite OS
OS X 10.5.8
CabaProductions wrote:
But how about unlocking Start Screen in Windows 8 Build 7989?

I'm not sure if it's possible to unlock the start screen in 7989, In this thread, many users on here attempted to unlock the start screen, But they haven't gotten to the point where it showed the start screen itself, But there is an exe (Windows/System32/SystemSettings.exe) that uses metro and worked on 7989, and even 7955


Top  Profile
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Tue Mar 26, 2013 10:22 am 
Reply with quote
FTP Access
User avatar
Offline

Joined
Thu Jul 01, 2010 1:08 pm

Posts
395

Location
Over here!
Nice guide, and it's a great idea to teach people how to actually DIG into Windows. Reminds me of times when I was poking around system executables with OllyDbg and HexEdit. I'm looking forward to see more. :)

_________________
--
1


Top  Profile
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Tue Mar 26, 2013 10:37 am 
Reply with quote
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
MSUser2013 wrote:
CabaProductions wrote:
But how about unlocking Start Screen in Windows 8 Build 7989?

I'm not sure if it's possible to unlock the start screen in 7989, In this thread, many users on here attempted to unlock the start screen, But they haven't gotten to the point where it showed the start screen itself, But there is an exe (Windows/System32/SystemSettings.exe) that uses metro and worked on 7989, and even 7955


Yes, it's not going to happen.

The framework is all there, but some crucial resources are stored in shsxs.dll up to the Developer Preview, and this has been stripped from the leaked builds. You can recreate some of the functionality though reverse engineering, sure, but whilst we don't have those resources, we'll never be able to reconstruct the start menu in a remotely authentic manner.

Ciastex wrote:
It's a great idea to teach people how to actually DIG into Windows.

Agreed. It's my feeling that it's the sort of thing BA sorely needs more of, and despite not feeling that I'm the best teacher in the world, I equally feel that because I can to an extent, I should do my part in helping others to get started too.

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Tue Mar 26, 2013 4:08 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Thu Nov 29, 2007 11:33 pm

Posts
3899

Location
Where do you want to go today?

Favourite OS
All Microsoft operating systems!
hounsell wrote:
MSUser2013 wrote:
CabaProductions wrote:
But how about unlocking Start Screen in Windows 8 Build 7989?

I'm not sure if it's possible to unlock the start screen in 7989, In this thread, many users on here attempted to unlock the start screen, But they haven't gotten to the point where it showed the start screen itself, But there is an exe (Windows/System32/SystemSettings.exe) that uses metro and worked on 7989, and even 7955


Yes, it's not going to happen.

The framework is all there, but some crucial resources are stored in shsxs.dll up to the Developer Preview, and this has been stripped from the leaked builds. You can recreate some of the functionality though reverse engineering, sure, but whilst we don't have those resources, we'll never be able to reconstruct the start menu in a remotely authentic manner.
From what I've seen and heard, although the early builds contained the actual Modern UI apps and other such functionality (I even believe that I saw the System Settings/Control Panel/PC Settings screen in Build 7989 at some point back in 2011, but my memory is fading), and although they also contained the Metro OOBE (in other words, the redesigned version of the final portion of Setup) and new Modern UI lock screen, they didn't actually contain the actual Start screen itself.

In linuxlove's topic about it, someone here claimed (and tried to prove, if I remember correctly) that the Start screen simply wasn't in the builds themselves until Build 7996 (winmain), and that although the earlier builds had the rest of the functionality, that they didn't have the Start screen for launching apps.

Of course, I'm not 100% certain about this, it's just what I've heard. But, on the other hand, there are mockups from 2010 of the Modern UI, including the Start screen, in case anyone wants to see them. I have them stored on my PC somewhere; I'll need to find them again.

But really, we're not even sure if there even was a Start screen in the early Windows 8 builds, especially since as far as I know, the earliest known demonstration (well, the earliest one that I know of anyway) of the Start screen was from June 1st, 2011, and by that point, Windows 8 was already in the 80xx build range as far as winmain was concerned.

Really, the idea of the Start screen's existence in the early builds at the moment is unverified. On the one hand, there was someone claiming that it didn't exist (off paper) until Build 7996. On the other hand, however, is a mockup of the Start screen from as early as 2010, which suggests that it could have possibly been compiled that early, even though Microsoft has also, as far as I know, produced concepts for projects and ideas well in advance.

Personally, I'm rather doubtful of the Start screen in the early builds myself, however, until we have any real evidence for either side, we'll never know for sure.


Top  Profile  WWW
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Tue Mar 26, 2013 5:54 pm 
Reply with quote
FTP Access
Offline

Joined
Sun Apr 01, 2012 8:43 pm

Posts
259
Your topics are very interesting and professional, they explain how to unlock features that are unlocked already in later Windows builds.


Top  Profile
 PostPost subject: Re: Tom's Reverse Engineering Guides        Posted: Tue Mar 26, 2013 10:19 pm 
Reply with quote
Donator
Offline

Joined
Sat Aug 22, 2009 4:28 pm

Posts
4268
WinPC wrote:
Also, the problem with making further changes to the files themselves is that it also ruins the originality. My point here is this: If you want to enable the updated features, you should NOT make any other changes to the files themselves except where absolutely necessary. Otherwise, it just results in a hackjob, rather than a clean modification (that is, it would result in a modification that would almost certainly have been significantly different from what the Microsoft developers themselves would have used).


Actually I agree here. It takes less RAM to take modification in an existing executable or library, rather than import another DLL to it. Even though it's not noticeable. You can also just use the db caves, or whatever people call them, write your own subroutine into it, and patch the code to jump to it and return whenever you want.

I also find the additional DLL method the last thing to do, if everything fails.

_________________
Longhorn Packet 1.21 - Solves most of the problems with Longhorn Setup
[GUIDE] How to dump clean/untouched images from CD discs
Longhorn Music Album (FLAC) | 523.31 MB | 17 tracks | Donators Discussion Forum


Top  Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ] 




Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2019

 

Sitemap | XML | RSS