The source code underlying Google's Chrome Web browser suggests that Google used a reverse-engineering technique called disassembly to figure out how to employ a useful Windows Vista security feature, but the company said it did not, in fact, do so.
The Chrome source code said a particular security feature available on Vista, Data Execution Prevention, can be used on Windows XP SP2 and Windows Server 2003 SP1, though it is not documented for the older operating systems. The source code also said the feature can be understood with a disassembler, a method of reverse-engineering that deconstructs a binary file--such as Windows--into instructions more easily understood by a human.
An explanatory comment in the Chrome source code mentions use of a disassembler to figure out the security feature. "Completely undocumented from Microsoft. You can find this information by disassembling Vista's SP1 kernel32.dll with your favorite disassembler," the comment says.
But Google itself did not take that route. "We did not disassemble this code," the company said in a statement. "The source code indicates that the technique came from http://www.uninformed.org/?v=2&a=4. Please also note that...disassembling is just one of several methods one can use to find this information."
Software companies trying to protect their proprietary software often are not fans of disassemblers. For example, Vista's End-User License Agreement (PDF) states, "You may not...reverse-engineer, decompile, or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation."
Google stuck up for the practice, though. "Disassembling is a common and accepted practice in software development, frequently used to make sure software features are compatible with other software programs or operating systems," the company said.
Regarding the Data Execution Prevention interface, the Chrome source code says, "Try documented ways first. Only available on Vista SP1 and Windows 2008." The method described at Uninformed comes in a later section, labeled thus: "Go in darker areas. Only available on Windows XP SP2 and Windows Server 2003 SP1."
This article was first published as a blog on CNET News.com.
Play video
There are currently no comments for this post.