Windows XP Leak Confirmed After User Compiles the Leaked Code Into a Working OS

An anonymous reader writes: The Windows XP and Windows Server 2003 source code that was leaked online last week on 4chan has been confirmed to be authentic after a YouTube user compiled the code into working operating systems. Shortly after the leak occurred last week, ZDNet reached out to multiple current and former Microsoft software engineers to confirm the validity of the leaked files. At the time, sources told ZDNet that from a summary review, the code appeared to be incomplete, but from the components they analyzed, the code appeared to be authentic. NTDEV, a US-based IT technician behind the eponymous Twitter and YouTube accounts, was one of the millions of users who downloaded the code last week. But rather than wait for an official statement from Microsoft that is likely to never come, NTDEV decided to compile the code and find out for themselves. According to videos shared online, the amateur IT technician was successful in compiling the Windows XP code over the weekend, and Windows Server 2003 yesterday. "Well, the reports were indeed true. It seems that there are some components missing, such as winlogon.exe and lots of drivers," NTDEV told ZDNet in an interview today, describing his work on XP.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[spire3661]

Most of MPEG-2 is unencumbered at this point.

Re:Doesn't include any proprietary code however

[arglebargle_xiv]

30 September 2020, 11:35:01: User compiles leaked XP source code into working OS.
30 September 2020, 11:37:05: Finished binary of re-XP completes boot on spare PC.
30 September 2020, 11:37:06: System is infected by five different pieces of malware.

Yup, it's genuine XP all right.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[martynhare]

Does it include Diskeeper Lite... err I mean Disk Defragmenter? That was licensed to replace the Intel supplied one included with Windows 98

Re:

[account_deleted]

Comment removed based on user account deletion

What about DOS 6.22 ?

[OrangeTide]

What we really need are some new DOS 6.22 binaries. Maybe patch in FAT32 and NTFS support. Add 36-bit page tables to EMM386 and HIMEM.SYS. And of course multicore VM86 mode (that would probably make it tough to add 64-bit page tables).

Re:What about DOS 6.22 ?

[xack]

A modern dos that works on efi systems that is 64 bit would be great for embedded systems and retro gamers running on modern hardware as old hardware is getting scarce.

Re:What about DOS 6.22 ?

[OrangeTide]

Might be better to start from scratch then. Does sounds like a fun project, share a link if you find someone doing this already or want to start it yourself.

I've done like "hello world" type stuff using a 64-bit kernel tutorial [osdev.org] and a UEFI tutorial [osdev.org]. Interrupts as system calls in 16-bit real mode is quite a bit easier to set up than system calls in protected long mode.

That crazy TempleOS [templeos.org] is already pretty close to limited 64-bit OS that could be a platform for some light-weight applications, demos, emulators retro games, etc. I'm not necessarily sure it's the best starting place, but it is the closest in spirit to what I believe you're thinking of.

Where things start to get tough on modern PCs (64-bit mode implies that). Is that drivers are a chore. There are some things you can access through EFI calls and that helps. But audio support for on-board chipsets, USB, and BlueTooth is probably a minimum. Maybe you can get away with setting a VESA mode, but a lot of modern displays have no VESA mode set with a matching resolution. I assume you'd leave network support out entirely, a TCP/IP stack is the easy part, getting all the WiFi options out there to work correctly is a real pain in the neck.

Stuff that works out-of-the-box today (maybe not EFI, but at least with GRUB) that is maybe close to what you suggest:

• Xv6 [mit.edu] (very easy to boot and hack in new things. very limited. totally unix flavor, not DOS flavor)
• PonyOS [ponyos.org] and ToaruOS [github.com]
• MenuetOS [menuetos.net] and KolibriOS [kolibrios.org]

Honorable mention:

• FUZIX [fuzix.org] (no amd64 support today, but the execution model is more DOS and CP/M like in how the command-interpreter hand-off work, even if the OS looks like UNIX)

Re:

[thegreatbob]

Interesting stuff. I was very tempted to suggest modifying TempleOS (it's always hard to determine if it's a serious suggestion of not - it seems to be somewhat technically competent, but definitely esoterica)... I've heard of a few of these, and recall menuetOS popping up in a few articles here [slashdot.org], though I've never really strayed too far from DOS/Windows/Linux/BSD...

Re:

[tap]

So if you combine a 64 bit kernel with a way to create a DOS interface to existing Linux device drivers, since there is no support for modern hardware in DOS, don't you basically end up with dosemu or dosbox?

Re:What about DOS 6.22 ?

[OrangeTide]

There have been distros that boot Linux straight into DOSbox or QEMU. I think that's pretty reasonable for those wanting to emulate 16-bit DOS as if you had a much older computer. There was an article [slashdot.org] posted last week that is sort of the opposite of that idea, letting you run Linux commands from inside DOS [github.com].

Closer to the idea of a native DOS would be FreeDOS-32 [sourceforge.net] and pdos/386 [sourceforge.net]. Those are 32-bit protected mode and not 64-bit long mode, but had to solve some of the same problems one would face doing a "64-bit DOS".

Re:

[thegreatbob]

Sounds like a possible case for a Linux kernel with various binary compatibility features rolled in - depends on what level of compatibility you want to achieve. If you wanted something that looks and feels like MS-DOS, and has the ability to run arbitrary DOS software, there are a lot of things to consider. One would likely be creating a virtual machine/emulator to handle baggage like 8086 memory segmentation and low-level BIOS functionality, especially if you have any desire to run the CPU in 'long mode'.

Re:

[thegreatbob]

I guess fdpp is actually a library - but something to consider as well, atop something that can properly live in UEFI-land.

Re:

[Rockoon]

The trick to supporting ALL 16-bit modes (both real and virtual) and ALL 32-bit modes and ALL 64-bit modes is for the OS to never thunk out of real mode. There is no version of Linux that wont. The kernel does what is expressly not acceptable and waves goodbye to real mode forever.

You could somewhat easily write a DOS-like so long as you can code up a boot loader in assembler. The only "difficulty" is really in how esoteric low level 16-bit programming info has become, but once you find Ralf Browns interr

Re:

[jrronimo]

Though hardware is scarce, there are some great alternatives. MiSTer [github.com] is an open source project that uses an FPGA board from Intel to replicate hardware for old consoles and computers. There's been some really incredible work done on the ao486 core lately, allowing it to run DOS, Windows 3.11, and Windows 95. May games run very well under it; performance is on par with a 486 SX. It's been a tremendous amount of fun for me lately.

Re:

[drinkypoo]

Thanks for putting me up on that. I've been looking for an affordable way to get a reliable Amiga :)

Re:

[SodaStream]

DOS relies on BIOS calls to function. UEFI doesn't include those functions, and therefore the basic life support system wouldn't exist for DOS.

Re:

[retiredJan]

"DOS relies on BIOS calls" and Linux depends on libc. In 1994 i did delete that file (libc) to try to save some space and it bricked just after the enter, thats the hardway to findout what's needed to run, but you learn the steep curve as you go. Two years later was able to compile and run dosemu from then on it was 'my' tool to do the things i needed to do (industrial programming for the dos platform). Later versions of dosemu got also highmem, dpmi en (big) ramdisk support. As dos i used DrDOS 7 ( it's co

Re: What about DOS 6.22 ?

[kenh]

old hardware is getting scarce.

Really? I have a literal ton of it in my garage... I'm rich!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drinkypoo]

It would be only moderately useful as many of those programs would require patches just to work properly on a modern CPU. You're better off emulating, which has a number of other advantages including the ability to control speed of emulation for all that software that runs too fast without slowdown.

Re:

[Rick Schumann]

Wouldn't it be just as easy to do that with DOSBox [dosbox.com]?

Re:

[bobs666]

I do too many captchas to stop DOS.

On the other hand.
Kill DOS use Bash.
Silly users.

Re:

[martynhare]

Or how about constructing a proper Windows Subsystem for DOS based around QEMU?Someone made winevdm but it is only really good for Win16 apps and is missing loads of essentials for DOS apps support.

Re:

[MrDoh!]

And an updated version of VB6 that easily works on Win10 please!

Who needs it...

[thegreatbob]

Who needs winlogon.exe anyways? Definitely a major opening for trouble on a Windows machine.

Re:Who needs it...

[thegarbz]

Who needs winlogon.exe anyways? Definitely a major opening for trouble on a Windows machine.

Things were so much easier back in the old days when you could just hit the help button at the winlogin screen, open up the help tooltip, click print, open the printer properties, open the printer help, do a search, double click a search result to open the full windows help application, click file -> open, navigate to the windows directory, right click explorer.exe and click run, and get crashed to a functioning desktop logged in under the system account.

Re:

[thegreatbob]

I also remember replacing logon.scr with a copy of cmd.exe. IIRC it was possible to do on a FAT-formatted NT machine with just a DOS boot floppy.

Re:

[Way, Way Smarter!]

Things were so much easier back in the old days when you could just hit the help button at the winlogin screen, ...

Seems like a long way round, when on XP, you could simply cancel the login screen and get a functioning desktop.

Update: apparently too many periods triggers the lameness filter.

Re:

[thegreatbob]

I think you might be thinking of 95/98/ME - this did, however, remind me of a proof-of-concept FireWire DMA exploit that would achieve something similar... break windows authentication to allow a local user to unlock with no password.

Re:

[thegreatbob]

Also of note - it was possible to enforce the Win9x user logon when attached to a domain... not that it mattered much, with the ability to just boot into DOS instead.

Re:

[Way, Way Smarter!]

I think you might be thinking of 95/98/ME

Perhaps.

Re:Who needs it...

[tlhIngan]

Seems like a long way round, when on XP, you could simply cancel the login screen and get a functioning desktop.

That was 95/98/ME. That login dialog wasn't actually a login prompt, it logged you into Microsoft Networking so you can access file shares and other stuff. Cancelling merely let you use Windows without the file sharing stuff.

I think it was basically you logged in there to have Windows remember the credentials for the session, while if you didn't, attempting to access shares would have you enter the credentials then and possibly every time.

Of course, at the same time, most home users had little in the way of a home network and never really needed file sharing.

Re:

[xonen]

Ah y that's a nice trick too. At the time i used another method to get administrator privs (being logged on as user): open a shell, use the 'at' command, tell it to run a cmd.exe job in 1 minute. Wait a minute and enjoy your shell under system account from which you could do pretty much everything.

Iirc that even worked with the latest XP service pack. Only with Vista and later it was fixed.

Re:

[thegarbz]

Oh lol I hadn't heard that one.

Working already? Beats MS!

[davidwr]

"compiled the code into working operating systems."

Wow only been at it less than a year and it's already more than Microsoft ever did.

*cue rimshot*

--
Hey where did the anonymous coward button go?

Re:Working already? Beats MS!

[OrangeTide]

And with only 1 person doing QA, it's already a more serious project than Windows 10.

Re:

[davidwr]

Well at least with AC they started out at "0" and were easily filtered out.

Now the trolls will just create a bunch of "one and done" accounts and post at "1."

I guess I'll have to crank my filter up to 11 now, or maybe just 10. This IS Slashdot, where you can filter messages from 1 less than 0 to 101.

Re:

[Rick Schumann]

Hey where did the anonymous coward button go?

Too many swastika/political coward posters shitting the place up, also likely logged in anyway and posting their vitriol as AC so they can save their mod points to silence people they don't agree with.

Re:

[Areyoukiddingme]

... also likely logged in anyway and posting their vitriol as AC so they can save their mod points to silence people they don't agree with.

Last I checked it would let you do that, and silently remove any moderation you had done on the story you posted AC to via a logged in account.

Re:

[LenKagetsu]

Guess they finally got sick of APK, TrueScore, swastispammer, and GNAA rep.

Re:

[Megane]

Now if only they could do something about the Bayesian garbage spammer.

Dear God, First Time I pray, for a complete Win7

[burni2]

Come on let's pray together:

Our start menu in windows seven,
hallowed be your name.
Your No-Ads-Kingdom come,
Your will be done

As in seven,
So on XP.

Give us today our daily grey.
And forgive us our vista,
as we forgive those who eight against us.

Lead us not into Ad-Abomination,
but deliver us from windows10.

For the seven, the speed and the glory are your source code of seven
now and forever.
Amen.

Re:

[thegarbz]

Why? It's not like a bunch of programmer nerds will have the ability to setup and maintain a system whereby they go through and actively issue updates or fixes to the OS. The only thing that would achieve is more eyes finding yet more security flaws making Windows 7 even less viable to run than now.

Re:

[Malc]

If somebody sneaked a trojan in to the source code, how long do you think it would take before all these eyes spotted it? I don't think I'd be trusting a build from a dubious source.

Re:

[Areyoukiddingme]

Why? It's not like a bunch of programmer nerds will have the ability to setup and maintain a system whereby they go through and actively issue updates or fixes to the OS.

Poe's Law biting hard here... Of all the constituencies who could do that, and do it successfully (heard of Linux?), that would be the one to do that for Windows 7.

Obviously it won't happen because Microsoft's lawyers would sprain a wrist sending the cease and desist letter so fast to whatever hosting site contains the project, but it's entirely technically feasible that such a project could exist.

Antigua and Barbuda once had a WTO settlement with the US that would have allowed them to infringe on US copyr [nytimes.com]

open source it

[faldore1]

the right thing to do is open source it. then at least they still have some control over it.

Re:

[FudRucker]

yup, they might as well since the cat is out of the bag already

Re: open source it

[kenh]

Why in gods green earth would anyone want to run WinXP? It's nearly from the last century (Oct. 1st, 2001).

Beyond the thrill of compiling it, what would you do with it?

Re:

[MrDoh!]

A 512mb image to quickly launch in a VM would be useful. Somewhere around here, we've got an XP image with some old dev tools we have to keep around, just in case. But the devs keep commenting on those odd moments they have to fire it up to check something "hey, this runs really fast" "well, yeah, it's only got vb6/.net 1.1 something on" "no, I mean, like, it's faster to start the VM, get all the dev tools up and running/find what we need, done. I'd be waiting for the latest 3gb Visual Studio/.net patch

Winlogin... you'll need to get that from the NSA

[MikeDataLink]

Microsoft doesn't have that source code. ;-)

The jury is still out

[Waffle Iron]

has been confirmed to be authentic after a YouTube user compiled the code into working operating systems

This doesn't really prove anything.

If you have enough monkeys at enough keyboards typing enough source files, there is always a non-zero probability of randomly producing a working OS that looks like Windows XP. We can't rule that out here.

Re:The jury is still out

[ITRambo]

Tell that to the ReactOS coders that have been trying for 24 YEARS now to create a fully working open source version of Windows XP.

Re:

[cb88]

So you are saying they have yet to prove they are better than monkeys?

Re:

[neilo_1701D]

Tell that to the ReactOS coders that have been trying for 24 YEARS now to create a fully working open source version of Windows XP.

XP? I thought the target was NT 4.

Re:

[forty-2]

It was Win2000 back when I was keeping tabs on it, but I think it started at the time of NT4.

Re: The jury is still out

[kenh]

Windows XP was released on Oct. 1st, 2001 - not 24 years ago...

https://en.m.wikipedia.org/wik... [wikipedia.org]

space cadet pinball source in there?

[Joe_Dragon]

space cadet pinball source in there?

Re:

[thegreatbob]

Might need to pull an Indiana Jones and raid whatever crypt EA dumped the carcass of Maxis in for that one.

Re:

[Joe_Dragon]

MS has there own copys

Re:

[thegreatbob]

I would assume this to be true, but I also can't resist taking a swipe at EA even if the relation is somewhat vague.

Why Doesn't Microsoft Release It?

[crow]

Why doesn't Microsoft release the source code for all their products, past and present? They can still keep it under a license that prohibits use of the code without paying for a license, so it wouldn't impact their revenues. It would mean independent developers would analyze the code and find bugs for them. Over the long term, it would improve the quality and security of the code.

So what is the downside?

Re:

[cb88]

The downside is they don't want you running *OLD API* they want you running !@#$NEW FRAMEWORK API!@#$@#$

Re:Why Doesn't Microsoft Release It?

[thegreatbob]

Biggest downside I see is if they did it all at once: the upheaval and uncertainty particular regarding the sudden (possible... probable) discovery of numerous security flaws. If they did want to do it, they'd need to do it incrementally... sometimes ripping off a band-aid leads to further, worse injury.

Re:

[DarkRookie2]

So people can't keep fixing 7 and force everyone onto and pay for 10.

Re:

[Pascoea]

They can still keep it under a license that prohibits use of the code without paying for a license

China, Russia, NK, etc. don't give 2 shits about licenses.

Re:

[crow]

Yeah, and they're using the binaries without licenses anyway. Having the source code doesn't make much difference.

Re: Why Doesn't Microsoft Release It?

[kenh]

It's a pain in the ass.

They don't want the criticism.

It serves no earthly purpose.

It wouldn't sell one additional license for any of their products.

What's the upside?

How is the world made better by seeing the original code for minesweeper?

Re:

[jezwel]

So what is the downside?

There may still be reused code in the latest versions of Windows, for one. Trusty ol' Notepad was untouched until 2018, when they finally added some functionality.

Re:

[Linux Torvalds]

Patent trolls would take them to the cleaners.

Re:

[crow]

This is the first good reason. They would be pretty safe releasing really old code, as I expect NT 3.5 is old enough that any patents would have expired, but going back that far has little value for Microsoft or their customers.

Re:

[drinkypoo]

So what is the downside?

Some of that code is still in their "modern" operating systems. You didn't really believe that Windows 10 is all new, did you?

Re:

[crow]

I would suggest that they start by releasing their latest code. That's where the value for them lies--in having people better help them find bugs.

Re:

[drinkypoo]

Those who help themselves have more help

Working code?

[aglider]

From Microsoft? Wow!

and..

[orange47]

yet, nothing of value was gained.

and double confirmed

[alteregon]

Microsoft just filed copyright claims on the Server 2003 and XP build videos. Guess that confirms it for sure. That's bizarre to say the least. Not like we are looking at the code, just 22 & 10 minutes of compiler output. I didn't know status messages were copyrighted.

this is not good for WINE and Proton

[Dusanyu]

Both Projects will have this "leak" hanging over there heads now and one does have to worry about not if but when. Microsoft goes after them like they did react OS a while back https://www.theregister.com/20... [theregister.com]

signing?

[smadasam]

Did XP have signed binaries? On more modern versions of Windows, it will bugcheck if a boot-critical binary is not properly signed by Microsoft.

amateur IT technician

[tgibson]

Who writes this stuff? If you're able to compile and run the bulk of an OS from source you're not an armchair, weekend hobbyist.

Re:

[Random361]

# make linux

Re:

[ledow]

I used to sit and create Linux distros on 3.5" floppy disks based on Slackware 3.9 that turned 386's into complete routers with firewall, network services, modem and ISDN control, etc. etc. etc. The Freesco project has my name all over it.

Was I a professional programmer? Nope. I learned my stuff in DOS debug trying to carve out CD checks on old games. Then someone got me into ZIPSLACK. From there, helping out Freesco was a natural next step.

Was I in charge of the project? Nope. It was just an amateur

Did they find it?

[Random361]

Did they find the delay loop that causes Windows to run progressively worse until either reinstalled or a hardware upgrade is achieved?

This is NOT the way to become Open Source

[steveglewis]

Make no mistake... Publishing the source code to even this early version of Windows will have dangerous ramifications that will play out for many years to come. Since Windows has become the OS behind many critical systems, they will now become much more vulnerable to attack from enemy nation states and other criminal elements. What could be the first death at a hospital, due to a ransomware attack was announced just last week. We can expect much more of the same. Any system being controlled by this crack

Re:

[nagora]

Make no mistake... Publishing the source code to even this early version of Windows will have dangerous ramifications that will play out for many years to come. Since Windows has become the OS behind many critical systems, they will now become much more vulnerable to attack from enemy nation states and other criminal elements.

They became vulnerable the first time XP was installed on them. Anything with XP still running on it may as well be an open system from a security point of view. This might possibly help alert us to some particularly serious bug, but in reality having XP running in your organisation is already a serious bug.

Compiled into a *working* OS?

[fellip_nectar]

Doesn't this prove it can't have been the XP source code?

Windows Drivers

[middlebass]

Re the missing drivers: Some may be easier to write than most people think. Some around 1999-2000 I was writing the software for an early course on Windows that ran under Windows, with the course being on a Laserdisc and much of my software being some simple Windows simulations for exercises. With 2 different Laserdisc players and 2 different PC cards that supported them, we needed 4 different combinations of drivers. Only three were available off the shelf. I got estimates from several different developer