As you probably know, Microsoft released last month several thousands pages of documentation about office file format and Windows protocols .
It means numerous hundreds(thousands?) of functions/algorithms documentation and pseudo-code. But, are these pseudo-function right? It looks not.
While I was reading [MS-DRSR]: Directory Replication Service (DRS) Remote Protocol Specification , I was a bit curious to see the DecompressWin2k3() function (Thanks Aaron , Stefan , and Brendan ).
This function is in fact the decompression algorithm called Xpress implemented for the first time in Windows XP and not Windows 2003 as say the name. Xpress algorithm works on 64kb chunks and is used in Windows hibernation file format , Windows Imaging Format (WIM) , Outlook, Exchange, and… LDAP replication service of Active Directory.
I’m quoting below, errors I found in the pseudo-code of DecompressWin2k3(). Here is the C...
Content suppressed by ://URLFAN, for full article visit source
BlackHat Las Vegas Briefing 2008From: msuiche.net
Post Date: 2008-05-07 08:12:46
In November 2007, Nicolas and I presented “ Enter SandMan ” in Tokyo at PacSec during its development phase. You can get the materials we used for this lecture here in English and here in Japanese .
Some months later, an alpha version formally called 1.0.080226, of Sandman Framework has been released as an open source project. — you can find the current version here . Please consider, as Volatility Team has kindly reminded SandMan is a GPL3 project then don’t ...
more X-Files. Episode 2. *Squeeze*From: msuiche.net
Post Date: 2008-04-30 07:18:41
As said previously , it’s really easy to find proof of plagiarism when an open-source tool is released and whan this source is reimplemented into a commercial software without compliance. Andreas published a new article called The implementation by Vendor “S” . In this article, he has explained what are the differences between the implementation of XpressDecode in SandMan and the Microsoft OS Loader’s one. ...
more Google Summer of Code & NT debugging Puzzler #3From: msuiche.net
Post Date: 2008-04-22 06:17:40
As you probably know, Google launch every year the Summer of Code . Yesterday, Google published official 2008 result and I’ll be part of the Samba Team . My work is to implement compression functions into Samba.
Microsoft Advanced Windows Debugging Team published their third puzzler: Matrix Edition #3 . It looks they’ll publish one puzzler per week. As far I understand, the goal of this puzzler is to translate a function from Assembly to C.
Here is my solution:
voi...
more 
Websites mentioned in article
Buzz Words mentioned in article:
How popular is www.msuiche.net?
