Since Microsoft was kind enough to freely release certain of their multimedia libraries with extensive symbolic information, I thought I would go one step further and start extracting useful intelligence from the libraries in a methodical manner. To that end, I wrote a Perl script that analyzes the disassembly output of a “dumpbin.exe /disasm <file>” command (standard with the Microsoft development tools) and outputs a list of all the functions in the file as well as all the functions the function calls. The list is divided into functions that are not called within the code (these are suspected to be top-level functions) and functions that are referenced.
Category Archives: Reverse Engineering
Windows Media Codecs With Debug Symbols
A visitor brought my attention to the fact that Microsoft makes available, as a free download or a nominal-priced CD, Windows Embedded Introductory Kit. It’s quite large and contains, among many other things, some .lib files with debug symbols. That was nice of them.
Cribbed Microsoft Media Code
Okay folks, let’s get a few things clear here: Yes, we all know that some official source code for a few of Microsoft’s A/V codecs made it into the wrong hands and is now floating around the internet. Understand that you are not l33t h4X0r if you happen to receive this file. Also, quit sending it to me. I do not want it. I delete it upon receipt. I may have to implement a special mail filter to deal with it.
Realize that this could taint us. I have no problem with ripping open a publically-available binary decoder to discover an algorithm inside (and if they happen to leave the debug symbols compiled in, oops, file that under “their problem” category).
If it makes you feel any better, there are some people who have already glanced at the code and discovered that it covers algorithms that we have already largely reverse engineered, a long time ago, via legitimate methods.
Microsoft should come up with bogus, red herring source code samples and periodically “leak” them, just to give the -ahem- “hacker underground” something to salivate over and feel special about.
…sigh… and I had really hoped to avoid creating a legal/ethical category for this blog…
Cursory Fraps FPS1 Research
A user on one of the FFmpeg mailing lists brought to our attention a codec called FPS1. The company behind this codec is named Fraps. The application domain for this codec is apparently real-time screen capture of computer game animation, such as in popular first-person shooter games, hence the clever FOURCC FPS1.