Geoff Chappell - Software Analyst
As with my publication of DOS Internals and other work with DOS, now much more than a decade old, I am occasionally treated to the surprise of an enquiry about Windows 95 or Windows 98 (though I don’t recall anyone yet asking about Windows Me). I myself haven’t had any of these Windows versions installed on any computer since 2003, and it has been even longer since I last had any of them installed on a test machine for “live” inspection. But it seems these systems are now old enough to have attracted the interest of hobbyists!
Since some are kind enough to ask after this old material, I have archived a handful of articles that seem worth saving from my old website. There are not many of them, since in those days my public work was in newsgroups and similar on-line forums. The old website was never meant to receive more than occasional attention. Indeed, it received no attention at all for about five years until 2004, when it finally occurred to me that a website would be the natural medium for new work. This soon outgrew the old website, which I replaced in 2007 and finally deleted in 2011.
These archived articles were all written between 1997 and 1999. They are the last record that I have of any public writing by me about the Windows that ran on DOS. I have edited them for consistency with this new web site, and in some cases revised them very slightly for content.
Some of the articles examine problems with more-or-less ordinary use of Windows:
Others are similarly concerned with ordinary use, but to provide information that may help work around a problem or avoid losing time to a quirk:
One more was categorised at the old website as a diversion, which was surely too grand even when the program in question was in wide use:
Now that the old website truly has disappeared, I have discovered that I had left there a few pages of historical record that were apparently important enough to someone that a Wikipedia article (AARD Code) cited them via a third-party archive. In contrast to my unhappiness at how work from this new website too often gets reproduced around the Internet without attribution, I am grateful that someone preserved anything at all from the old website, let alone that another went to the trouble of tracking it down. Still, it’s perhaps as well that I rescue those pages to here:
Back in 1999 computer security was surely conceived as a commercial proposition but was nowhere near to developing into the industry it has become. For better or worse, that industry is now the channel into which almost all reverse engineering seems to be directed—not by me, but certainly by just about everyone who hopes to make some sort of career in it. For my part, I dabble and only so little that some who reverse-engineer for security vulnerabilities don’t regard me as much of a reverse engineer. Some don’t even know of me as any sort of reverse engineer, no matter that I think I’ve played no small part in opening up the subject. I doubt that security ever will motivate enough of my reverse engineering that I think to call myself a security researcher. But my dabbling in security did start long, long ago.
The collection of pages on how America Online Exploits Bug In Own Software was moved to this new website very early. I am, after all, rather proud of it. Though it’s not the world’s first published analysis of a buffer-overflow vulnerability getting exploited in the wild, it’s earlier than most, and nothing this old is anything like as thorough. This case has the appealing twist that the attacker was the owner and denied it publicly—and the less satisfying outcome that nobody at AOL seems ever to have been called out for it. Indeed, AOL’s Tricia Primrose, who I all but called a liar in 1999 for having dismissed AOL’s exploitation of its own buffer overflow as “a fake story about a fake e-mail about a fake issue” seems to have had a very successful career with AOL for the next decade. This is not history for anyone in the computer industry to be pleased about.
In March 2019 someone wrote to me about an age-old fuss that overwrought people made of noticing the name NSAKEY in a symbol file. Well, that’s how I remember the issue, rightly or wrongly. Curiously enough, it happened almost concurrently with the America Online issue. More curiously, the old site had a few pages about the CryptoAPI from Windows 95 OSR2 and had lumped them with the AOL pages in a rudimentary section on Security. The AOL pages got transferred in 2007 but the CryptoAPI pages got lost. As far as I can tell now, they look to have been “live” at the old website from 1999 to 2011. Now I restore them here at the new website but with other archived pages. Incidentally, the NSAKEY gets its brief mention at the end of the page on CSP Signatures.
The following article is very much for programmers:
There are also articles directed even more specifically to programmers of Virtual Device (VxD) drivers for the old Windows. Some help with problems in using relevant programming tools and development kits from Microsoft:
Some more are early attempts at alternative documentation (including from before Windows 95):
The exercise was, of course, to demonstrate that it can be both feasible and productive to derive high-quality technical specifications by analysing binary code. Especially for one of them, the interfaces studied are seemingly simple, yet the manufacturer’s specification is littered with errors and omissions.
There is also a demonstration, i.e., with binaries to run and observe, and with source code you can play with:
As far as I know, the disk-hooking sample is the only published demonstration that Microsoft had a functioning VxD for the disk I/O System (IOS) in commercial releases of Windows well before documenting it as new for Windows 95.
Elsewhere at this website are a few articles that are similarly old but remain topical and have been updated over the years, even substantially. For ordinary users:
and for programmers, a collection of pages from another early attempt at alternative documentation (of which I suddenly found myself rather proud when Microsoft finally published official documentation in 2002):
Those pages are now in my study of the Windows Shell, which was begun in 2004. Though it and the newer study of Internet Explorer are not specifically concerned with Windows 95, Windows 98 and Windows Me, there is some coverage for historical accuracy. For instance, if you want to know which of these old versions export which functions, then these studies are where to look.