Category Archives: Windows Media

Refining The call/ret Monitor

Reverse engineering is, of course, a tedious, time-consuming, and error-prone task. It requires a lot of concentration that I either do not have or do not care to invest in the RE task. That is why so many of my RE experiments are geared toward automating the task as much as possible. To that end, I am optimistic about this call/ret monitoring experiment since it yields such a good high-level overview of an algorithm contained in a binary (with debug symbols). But it can use some improvement(s):

Continue reading

More Crazy RE Experiments – call/ret

I have been at it again, concocting more highly specialized reverse engineering experiments. If you have been reading my blog for awhile and are familiar with my methods, or lack thereof, you know I like to try random stuff in the hope that I may accidently come across a good idea.

So we have these WinCE binary modules with debug symbols that implement various advanced Microsoft media codecs. Then we also have the Microsoft media modules that Linspire licensed (provided you know where to find them) that also have copious debug symbols. I wanted to put this intelligence to good use.

Continue reading

Linspire/Microsoft Binary Codec API & Nullsoft Specs

I updated my main site tonight. First, I finally added a link to the formal Nullsoft Video (NSV) specs that Nullsoft/AOL saw fit to release. I am ecstatic to not have to worry about maintaining my NSV format document any longer.

Next, I have carefully documented the binary API that Linspire’s version of FFmpeg uses to interface to the licensed WMV2, WMV3, and WMA3 binary modules distributed with Linspire’s package. Who knows? Such knowledge could come in handy someday.

Linspire’s Binary Decoding Modules

One of Linspire’s big selling points is that it supports Microsoft Windows Media decoding out of the box. How does it do this? Several colleagues have written and informed me that Linspire has licensed binary decoding modules from Microsoft. Linspire’s packaged distribution comes with such x86/Linux-native shared objects as,,,

So why is this such a big deal? My informants tell me that the binaries are un-strip’d which means that they have a lot of debugging symbols packaged inside. Thanks, Linspire.