While poking through the UDF-related internals of the Windows 7 USB/DVD Download Tool, I had a weird feeling there was just wayyyyyyyyy too much code in there for such a simple tool. A simple search of some method names and properties, gleaned from Reflector’s output, revealed the source code was obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project. (The author of the code was not contacted by Microsoft.)

I see two problems here. (I’m not a FSF professional, so there may be more.)

First, Microsoft did not offer or provide source code for their modifications to ImageMaster nor their tool. According to GPLv2:

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

Second, Microsoft glued in some of their own licensing terms, further restricting your rights to the software (TermsOfUse.rtf). According to their terms:

1. Scope of License. The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not
· work around any technical limitations in the software;

· reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;

· make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;

· publish the software for others to copy;

· rent, lease or lend the software;

· transfer the software or this agreement to any third party; or

· use the software for commercial software hosting services.

I understand Microsoft is a big company and that this could have been externally contracted work, but someone dropped the ball during code review/licensing. Cue the fail horns, Drew.

Example of reflected Microsoft tool code and ImageMaster source code on CodePlex

Software Candy, a Vermont-based company, makes its business scouring the web for various invaluable tweaks, throwing an executable wrapper around it, and selling it at enticing prices.

If they want to waste their time creating wrappers – fine – but I draw the line at the ripping off my logon UI tip then returning to comment-spam their crap software.

What a bunch of losers.

Comment author: Frank (IP: 71.169.142.181 , pool-71-169-142-181.burl.east.myfairpoint.net)
E-mail: frank77@myfairpoint.net

While Paul Thurrott was playing with the official Windows 7 USB/DVD Download Tool, creating a bootable USB stick for his netbook upgrade, he ran into an interesting snag with certain discs. The tool, when directed to use an ISO dumped via ImgBurn, would error out. Everything was to UDF spec, so what was going on here? I’m not a UDF expert, hell not even a novice, but I skimmed through ECMA-167 and the reflected tool code. It appears there are two (possibly more) “navigation buoys” within UDF-formatted ISOs that point to important chunks of the image called Anchor Volume Descriptor Pointers (AVDPs). The first AVDP is somewhere near the top of the image. The last AVDP is located in what appears to be the last logical block of the image. (My guess is this is to support bi-directional reading.)

So assuming each logical block of the image is 2048 bytes large, one could also assume the last logical block is –2048 from the end of the file, right? Well, that’s what the tool assumes. It checks for the last AVDP at the start of the last logical block, doesn’t find it, and bombs out.

I haven’t read through the entire spec., but I doubt there’s anything in here regarding the container of the UDF formatted data.

While one could argue Microsoft Store-downloaded ISOs are comprised in a compatible manner and therefore this scenario is unsupported it wouldn’t have been hard to add some AVDP seeking code.

As a quick hack to resolve this issue, I wrote a tool that merely finds the AVDP in your ISO file and copies it to offset (EOF-2048). This will allow you to use your own ISOs with the Microsoft tool. Microsoft.NET 2.x or higher required.

Rather than regurgitate the coverage on a thousand other enthusiast blogs, I took some of my unedited photos from the Windows 7 launch event in New York City and glued them together using Shape Collage. If you create your own, make sure you tag them with Windows 7 Launch Collage so we can all find them!

Back in March, I wrote about how Microsoft was restricting wallpaper usage on their Starter SKU of Windows 7 – a version of Windows to be preloaded by OEMs onto netbooks. Nicholas R., mistakenly initially emailing Paul, noticed HP was somehow bypassing this restriction according to a bulleted claim on their Mini 110 netbook product page:

The unique ability to change the wallpaper in Windows 7 Starter: a specialized theme includes a custom screen saver and 15 wallpapers designed by Boontje.

How is this possible?

Upon clicking the Customize and Buy link on HP’s website, and clicking through the various customizable components, you’ll discover the included software bundle consisting of some simple applications and a copy of Stardock MyColors, designed for Windows 7. For those unaware, MyColors is simply a stripped down WindowBlinds application targeting the download-and-apply-my-theme users that don’t need the power (or cost) of WindowBlinds. The internals, however, are the same. As this software replaces the Microsoft Windows theming subsystem with its own, it completely bypasses any and all license restrictions imposed by Microsoft. (On the surface, this doesn’t feel very... legal. But I’m sure Microsoft green lighted this.)

(Slight addition [10/20]): MyColors also features some DesktopX and IconPackager code. Thanks for the note, Julien.

So there you go. An updated copy of MyColors for download should be available on or shortly after October 22, the same day Windows 7 officially launches.

Update 10/8: The site is no longer blocked.

I received a note from a reader indicating users of OpenDNS are receiving phishing warnings about a site I created a few days ago, in light of the Hotmail news. Upon using OpenDNS’ CacheCheck feature, it appears the site has indeed been blocked. According to OpenDNS’ little blurb at the bottom, they “block known phishing sites”. That’s funny, because they really don’t know a damn thing about the site. They didn’t bother to ask me about how it worked nor bothered to click the only link at the bottom of the page to find my (previously) top-most post here, indicating the site isn’t a scam. How can I run a phishing operation without asking for credentials or posing to be Bank of America?

*shakes head in disgust*

In response to news about a large amount of harvested emails being spread around the Internet, I created a site to do a quick lookup against a list of known-leaked addresses. Despite what Neowin’s ignorant audience claims, it’s not fake nor a site to harvest email addresses.

Hopefully this post will clarify the site’s intentions and purpose.

I am now accepting your stickers for placement on the lid of my oft-used Lenovo X300 laptop, measuring at 12.4" x 9.1" (314.96mm x 231.14mm). I will showcase the stickers at least until November 20th, but it’s very likely they’ll remain in place for much longer. (Removing stickers is not fun.)

Notable showcase locations:

• Windows 7 Launch in New York City (October 22) + Train
• Microsoft PDC 2009 (November 15-20) + Airplanes

The rules are simple:

• No pornographic, druggie, dating, or nude stickers. Violence is acceptable though.
• No overly humongous stickers.  Be realistic.
• No Katy Perry. No Miley Cyrus. No Paul Thurrott.
• I ultimately decide if I want to use your sticker or not. Product samples and/or bribes can work to your advantage.

If you’re interested, email rafael+stickers@withinwindows.com with a description/image of your sticker and I’ll send you an address to mail them to.

Accepted stickers thus far: Bing, Identity Mine, LiveSide, Pingie, DataPortability, F-Secure, Hostgator

Back on the 17th, I posted a quick registry hack for those that wanted to force certain Zune software features on or off. One of my readers inquired, however, about Radio features that seemed to exist but were disabled. Double-checking my previous research, there was nothing available to enable anything related to Radio, so I had to dig deeper.

Before you see Zune’s cute UI, the software has to jump through a number of hoops beforehand. Some of these hoops involve asking the Zune Gods (pictured to the right) if certain features are enabled or disabled. This inquiry is made by calling a special function called IsFeatureEnabled, implemented by a special object returned from Zune’s native (as opposed to managed) library. (This function is one of many that are described by an interface called IFeatureEnablement.)

Why is this important?

While it is true that most of the Zune features were implemented with a “ignore the Gods” override, this isn’t true for the unfinished Radio feature. This feature was marked as permanently disabled, hiding unfinished/unstable code from the public.

Re-enabling this feature isn’t exactly easy.

At first, I was inclined to simply disassemble all the managed code into IL, edit, and re-assemble. This turned into a nightmare involving digital signatures, Steven Sinofsky, and embedded native code (which cannot be disassembled properly). My second idea involving writing a loader that patched the relevant code at runtime fell flat too, due to my inexperience with the whole managed/native mish mash environment. Growing tired, I simply resorted to old school patching-on-disk of the Zune native library.

First, I wrote a utility to identify what I need to patch. Static analysis is fun, but not that fun. The Zune Function Locator utility (pictured above) may have a corny name but it does its job. (I plan on further expanding the tool’s capabilities, hence the generic name.) It will locate, within Zune’s native library (ZuneNativeLib.dll), where the IsFeatureEnabled function starts.

Err… why do we care?

Well, as I mentioned before, this function asks the Zune Gods if a feature is enabled or disabled. It returns the “answer” to the Zune software, controlling whether or not the user sees the feature. We’ll need to rewrite this function’s logic to always return “can haz”.

Second, I opened the library in a disassembler to provide a machine code listing of what’s going on here. The contents weren’t really relevant – I was going to rewrite it.

Third, I opened the library in trusty ol’ XVI32, jumped to the offset my tool spat out earlier, moved a few bytes in and… mashed the keyboard, inputting a bunch of random characters.

No, not really.

I typed in the hexadecimal characters for several assembly opcodes that ensured the feature was always considered enabled. The actual x64 code for this is below:

xor rax, rax
inc rax
mov [r8], al
dec rax
pop rdi
retn

(The x86 code is very similar, therefore I won’t spend two hours trying to format it properly in Windows Live Writer.)

Fourth, I saved everything and fired up Zune. Crossing my fingers, the UI appeared and lo’ and behold the Radio feature appeared.

As mentioned earlier, the Radio feature is very unpolished and unstable. The baked in stations don’t play or display station graphics, but I’m willing to bet the folks at Zunerama will have it tamed in a few days.

All the resources I used are available for download from either here or the internet. Enjoy your private tinkering, but remember: I’m not responsible if your entire Zune music collection is replaced with Katy Perry albums. Also keep in mind the patched library may inhibit proper servicing (i.e. updating) by Microsoft. YMMV.

Download: Zune Function Locator 0.1 [x86/x64] // Raw patching instructions

I received a bunch requests to update the auto-elevate list from May, so here it is. There’s no change from the RC list.

• \Windows\ehome\Mcx2Prov.exe
• \Windows\System32\AdapterTroubleshooter.exe
• \Windows\System32\appinfo.dll
• \Windows\System32\BitLockerWizardElev.exe
• \Windows\System32\bthudtask.exe
• \Windows\System32\chkntfs.exe
• \Windows\System32\cleanmgr.exe
• \Windows\System32\cliconfg.exe
• \Windows\System32\CompMgmtLauncher.exe
• \Windows\System32\ComputerDefaults.exe
• \Windows\System32\dccw.exe
• \Windows\System32\dcomcnfg.exe
• \Windows\System32\DeviceEject.exe
• \Windows\System32\DeviceProperties.exe
• \Windows\System32\dfrgui.exe
• \Windows\System32\djoin.exe
• \Windows\System32\eudcedit.exe
• \Windows\System32\eventvwr.exe
• \Windows\System32\fsquirt.exe
• \Windows\System32\FXSUNATD.exe
• \Windows\System32\hdwwiz.exe
• \Windows\System32\ieUnatt.exe
• \Windows\System32\iscsicli.exe
• \Windows\System32\iscsicpl.exe
• \Windows\System32\lpksetup.exe
• \Windows\System32\MdSched.exe
• \Windows\System32\msconfig.exe
• \Windows\System32\msdt.exe
• \Windows\System32\msra.exe
• \Windows\System32\MultiDigiMon.exe
• \Windows\System32\Netplwiz.exe
• \Windows\System32\newdev.exe
• \Windows\System32\ntprint.exe
• \Windows\System32\ocsetup.exe
• \Windows\System32\odbcad32.exe
• \Windows\System32\OptionalFeatures.exe
• \Windows\System32\perfmon.exe
• \Windows\System32\printui.exe
• \Windows\System32\rdpshell.exe
• \Windows\System32\recdisc.exe
• \Windows\System32\rrinstaller.exe
• \Windows\System32\rstrui.exe
• \Windows\System32\sdbinst.exe
• \Windows\System32\sdclt.exe
• \Windows\System32\shrpubw.exe
• \Windows\System32\slui.exe
• \Windows\System32\SndVol.exe
• \Windows\System32\spinstall.exe
• \Windows\System32\SystemPropertiesAdvanced.exe
• \Windows\System32\SystemPropertiesComputerName.exe
• \Windows\System32\SystemPropertiesDataExecutionPrevention.exe
• \Windows\System32\SystemPropertiesHardware.exe
• \Windows\System32\SystemPropertiesPerformance.exe
• \Windows\System32\SystemPropertiesProtection.exe
• \Windows\System32\SystemPropertiesRemote.exe
• \Windows\System32\taskmgr.exe
• \Windows\System32\tcmsetup.exe
• \Windows\System32\TpmInit.exe
• \Windows\System32\verifier.exe
• \Windows\System32\wisptis.exe
• \Windows\System32\wusa.exe
• \Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_a1e8f56d586ec10b\fsquirt.exe
• \Windows\System32\oobe\setupsqm.exe
• \Windows\System32\sysprep\sysprep.exe