[ros-dev] Bye bye

Steven Edwards winehacker at gmail.com
Thu Jan 19 18:25:27 CET 2006

On 1/19/06, WaxDragon <waxdragon at gmail.com> wrote:
> You are not a judge with years of experience in law. Whether or not
> you have any kernel internal knowledge is also irrelevant to this
> thought experiment.

No but I am someone trying to be objective that has spent a good part
of the past few years reviewing case history for reverse engineering
cases. Its more than we are going tot get from some judges.

> > Why did you have to do this? Is it not possible to write a driver that
> > abuses fastcall to make a mostly working implementation without having
> > to 1. look at and 2. copy the existing object code of Windows?
> Alex clearly stated that there is only one way to perform that stack
> check, let's quote him properly:
> "Note however, that there is only one way to check the stack: cmp ebp,
> esp. Unless you want to consider cmp esp, ebp as an alternate method."
> As Casper said, it is legal to use that information, but not legal to
> *copy/paste* it into ReactOS.  Alex clearly comprehends what that bit
> of assembly does.

Once again he may have stated this but he also states he disassembled
Windows. The issue is the methods used to gather the information.
Reverse engineering is legal if there is no other method to gather the
information which is why I clearly asked "Was there no other way to
get this information" or let me put it another way....

Alex: did you even bother doing some sort of clean room examination of
Windows behavior based on third party drivers or some sort of testing
or was IDA your first step? Checked Microsoft driver assertions and
debug symbols don't count.

> > OK so someone else sneaked something in that violates the rules and it
> > was not caught. Lets just check your argument for a moment and say you
> > could be wrong about your development methods. Being ..."clearly
> > commented, organized and structured..." does not amount to a hill of
> > beans if I am violating the law and or project rules. I can make bank
> > robbing plans that are "...clearly commented, organized and
> > structured..." I don't think that will gain me much ground in court.
> This analogy is invalid.  The legality of this issue stems directly
> from whether or not he wrote the code.  Robbing a bank is _always_
> illegal, writing code is only illegal if you copy/paste it from a
> legitimate author, or implement a patented method.

No its perfectly a valid question. In law there is this concept called
Mens Rea which means intent. Was his intent to create a independent
unique work he himself created and he just needed the information for
compatibly reasons or did he intend to just make it work without
caring of the consequences to everyone else. Hence the question above.
Was IDA the first step or the last?

> Alex's structured and commented code demonstrates comprehension.  In
> this case, where the code's function is clear, and constrained by
> implementation details, the code will be similar by anyone who
> implements it.  Alex's comments and code structure shows that he
> understands what is going on in the assembly, and most likely shows
> that he wrote the code, as opposed to just copy/pasting existing code.

Just because he understands the code now is irrelevant. Its the method
of which that understanding came. Because our work is going to be
similar to windows the arguments about a derived work hangs upon the
notion that we are independently creating our own implementation
rather than looking at the original. We can read documentation about
the original all day long, we can examine applications and drivers
that use the original all day long but when we start to crack open the
book of the original implementation we run the legal risk of being
declared a derived work.

> It only looks suspicious since you are not a kernel developer.  Again,
> not something a judge would concern himself with.  Now the
> prosecutor.....
> >
> >     /* Skip the other registers */
> >     sub esp, 0x48
> >


> >
> > ie.  why 0x29C, why 0x48?
> Since he is making room on the stack for another frame, this is a
> predefined size.

Hmm ok. So another size won't work? Where is it predefined? I ask not
to accuse but to try to understand to be fair to all parties involved.
But according to Hartmut this is a clear case of copy and paste. This
is why we cannot allow this to continue. If dirty-room reverse
engineering was the last resort then it would be a original

> further.   Now, I do agree he could have used the safer "clean-room"
> method, but I'm not convinced that it would have yielded a
> significantly different implementation, and we might still be in the
> same position.

You admit that his implementation was not based on "clean-room". My
question once again was why did it have to be dirty room? If there is
no other option for making a compatible implementation then this
discussion holds no water but if by your own words he could have used
a safer method then there is a problem.

So we are back to the first question. What development methods were
used. IDA first or last?

Steven Edwards - ReactOS and Wine developer

"There is one thing stronger than all the armies in the world, and
that is an idea whose time has come." - Victor Hugo

More information about the Ros-dev mailing list