Google denies disassembling Vista software

Search giant says it didn't use reverse-engineering method to bring a security feature to its browser on Windows XP. But it defends disassembly as an aid for software compatibility.

The source code underlying Google's Chrome Web browser suggests that Google used a reverse-engineering technique called disassembly to figure out how to employ a useful Windows Vista security feature, but the company said it didn't, in fact, do so.

The Chrome source code said a particular security feature available on Vista, Data Execution Prevention, can be used on Windows XP SP2 and Windows Server 2003 SP1, though it's not documented for the older operating systems. The source code also said the feature can be understood with a disassembler, a method of reverse-engineering that deconstructs a binary file--such as Windows--into instructions more easily understood by a human.

An explanatory comment in the Chrome source code mentions use of a disassembler to figure out the security feature. "Completely undocumented from Microsoft. You can find this information by disassembling Vista's SP1 kernel32.dll with your favorite disassembler," the comment says.

But Google itself didn't take that route. "We did not disassemble this code," the company said in a statement. "The source code indicates that the technique came from http://www.uninformed.org/?v=2&a=4. Please also note that...disassembling is just one of several methods one can use to find this information."

Software companies trying to protect their proprietary software often aren't fans of disassemblers. For example, Vista's End-User License Agreement (PDF) states, "You may not...reverse-engineer, decompile, or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation."

Google stuck up for the practice, though. "Disassembling is a common and accepted practice in software development, frequently used to make sure software features are compatible with other software programs or operating systems," the company said.

Regarding the Data Execution Prevention interface, the Chrome source code says, "Try documented ways first. Only available on Vista SP1 and Windows 2008." The method described at Uninformed comes in a later section, labeled thus: "Go in darker areas. Only available on Windows XP SP2 and Windows Server 2003 SP1."

About the author

Stephen Shankland has been a reporter at CNET since 1998 and covers browsers, Web development, digital photography and new technology. In the past he has been CNET's beat reporter for Google, Yahoo, Linux, open-source software, servers and supercomputers. He has a soft spot in his heart for standards groups and I/O interfaces.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Want affordable gadgets for your student?

Everyday finds that will make students' lives easier: chargers, cables, headphones, and even a bona fide gadget or two!