Self-Host Vote

Self-Host Vote, also know as VoteNow, was an internal application meant for Longhorn developers and was included intermittently in Longhorn. The builds that are leaked and have this application are 4033, 4039, 4042, 4053, 4084 and 4093. The application is located in the %SystemRoot%\System32\ directory and is named VoteNow.exe and is also set to start up with Windows.

On first glance, opening the application does nothing and using Resource Hacker to view anything inside it shows only version info. But upon further investigation it appears to be a rather complex application. 'cl_VoteYourTestBuild' in the executable appears to mean that this application is used for testing builds. 'GetLAB' is used to check 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\BuildLab to check if it's a valid build lab for voting (Lab01, Lab02, Lab03, Lab04, Lab06, Lab07). Interestingly, there's a Lab21. It is unknown what this lab is for. If the lab is main, the application stops with 'BadLab'. 'IsLegalVoter' checks the user domain environment variable to see if he is a legal voter: in this case valid user domains are NTDEV, WINDEPLOY, REDMOND, SEGROUP, AFRICA, CORP, EUROPE, MIDDLEEAST, NORTHAMERICA, SOUTHAMERICA, SOUTHPACIFIC, INTERACTIVE, WINGROUP, XRED, XCOPR, WINSE, PHX, and SYS-WINGROUP.

Further investigation of this executable revealed a registry key in HKLM\Software named 'VoteNow' with 'VotedOn' in it. Interestingly, there is also a message saying "User has not voted before" but it is unknown what it means.

After a specified period of time, VoteNow will check everything mentioned before, if correct, will pop up a notification saying "You have been using this Longhorn build for a few hours now. By using the Vote Now button below, you can vote to let us know what you think of it. To learn more, click this text." with two buttons, "Vote Now", and "Later". The notification uses the ThumbsUp.png button found in the system32 folder.

Clicking "Vote Now" in the notification would open up IE and navigate to an internal web page:, in which lAB is the lab returned by GetLAB and str is the value found in the registry as mentioned earlier. As an example, the URL opened after clicking VoteNow's notification in 4033 would be. Clicking "Later" in the notification would reset VoteNow's timer starting at 0. Clicking the notification itself opens another internal web page,, which contained more info about voting. While none of these pages work anymore and they haven't been archived anywhere the URLs are still nice to have for informational purposes.

VoteNow.exe's file version is 0.0.0.0.