Google denies disassembling Vista code for Chrome
Published: 22 Sep 2008 08:36 BST
The source code underlying Google's Chrome web browser suggests Google used a reverse-engineering technique called disassembly to figure out how to use a useful Windows Vista security feature, but the company has denied doing this.
The Chrome source code said a particular security feature available on Vista, Data Execution Prevention, can be used on Windows XP SP2 and Windows Server 2003 SP1, though it's not documented for the older operating systems. The source code also said the feature can be understood with a disassembler, a method of reverse-engineering that deconstructs a binary file — such as Windows — into instructions more easily understood by a human.
An explanatory comment in the Chrome source code mentions use of a disassembler to figure out the security feature. "Completely undocumented from Microsoft. You can find this information by disassembling Vista's SP1 kernel32.dll with your favourite disassembler," the comment says.
But Google itself didn't take that route. "We did not disassemble this code," the company said in a statement. "The source code indicates that the technique came from http://www.uninformed.org/?v=2&a=4. Please also note that... disassembling is just one of several methods one can use to find this information."
Read this
Roundup: Countdown to Google Chrome
Google's open-source browser sends a clear challenge to Microsoft...
Software companies trying to protect their proprietary software tend not to advocate the use of disassemblers. For example, Vista's End-User License Agreement states: "You may not... reverse-engineer, decompile, or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation."
Google defended the practice, though. "Disassembling is a common and accepted practice in software development, frequently used to make sure software features are compatible with other software programs or operating systems," the company said.
Regarding the Data Execution Prevention interface, the Chrome source code says: "Try documented ways first. Only available on Vista SP1 and Windows 2008." The method described at Uninformed comes in a later section, labelled thus: "Go in darker areas. Only available on Windows XP SP2 and Windows Server 2003 SP1."
- Roundup: Full coverage of Google Chrome
- Blog: Google Chrome has Microsoft's code inside, says MS manager
- Blog: Google Chrome — nine things we've found since launch
- Photos: Highlights of the beta browser
- Leader: Chrome needs more than just sparkle
- Video: Can Chrome shine amid the competition?
- Benchmarks: Google Chrome
- Review: Google Chrome (beta)
- Comment: All roads lead to Chrome
- Video: Google Chrome to open new front in browser war
Did you find this article useful?
4 out of 9 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
