<2018年11月>
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678

文章分类

导航

订阅

ReactOS散记

ReactOS是开源的仿Windows系统,与WINE只模拟WIN32 API不同,ReactOS是一个彻头彻尾的'Windows'系统——从内核到API。

但是近一段时间传出了很多ReactOS涉嫌抄用Windows源代码的评论和消息。比如下文是ReactOS的开发者之的发言。

by sedwards on 2006-01-27

Hello,
There has been a lot of talk about possible tainted code in ReactOS
and or developers that had access to leaked Microsoft source code.
This has caused a lot of speculation about the future of the ReactOS
Project. I'm going to try to put those fears to rest and explain what
has been going on and where we are going to go from here.

There was one issue that started this discussion and it related to
clean-room reverse engineering of certain code in ReactOS. Due to the
fact we have developers in many different countries the term reverse
engineering can mean many things to many different people. For us in
the US when you speak of clean-room reverse engineering it means that
one person tears apart the implementation of a device, writes
documentation and another reads that documentation and implements.
Other countries do not require this invisible great wall of
development and allow the same person that disassembles the interface
to also write the replacement implementation.

Because of the confusion this has caused and the possible legal issues
this could lead to we have decided to do the following.

1) Amend our Intellectual Property Policy Statement to reflect
clean-room reverse engineering as meaning the US standard method for
reverse engineering and make that the project requirement

2) Audit the entire source tree and rewrite all code found to have
been implemented not using the US method for reverse Engineering

3) Require all developers contributing major code to accept the terms
of our IP Policy Document via signature.

Now as for the issue of leaked source code, I want to try to put all
fears to rest. We don't know what the legal ramifications are for
someone downloading and having leaked code, as the party that
maintains copyright ownership of that code might still try to claim
Trade Secrecy on information contained in the sources in a court of
law. It is our point of view that the source code leaks of Windows
have been spread to a broad enough audience that it would be
impossible to claim the product is still under Trade Secrecy. Because
of this we are not banning any developer who might have had access to
leaked sources from contributing to ReactOS, however they are being
limited as to what area they can contribute. Copyright law still
applies to all leaked Windows sources and no one in ReactOS may copy
code from a Windows source leak and try to apply it to code in the
ReactOS tree.

We know of four developers who have had access to leaked sources prior
to working on ReactOS and while they no longer have copies of the
source code in question, each of the developers have told us in
private which sections of the sources they were exposed to. As such
the project has amending the IP document as a fourth step of
protection

4) any developer that had access to leaked sources is baned from
contributing code to the project for any of the modules that are the
same as leaked sources they examined.

So to clarify that, lets say someone saw some of the leaked Windows
source code in version.dll, then they would be unable to contribute
code to the ReactOS project for that dll.

It is our hope that a court case will arise and declare Microsoft's
Windows code is no longer under Trade Secret protection so these
developers who did have access to some of the leaked sources will be
free to contribute again to all sections of the project.

One final note, this audit of the code is going to take a long time.
It could take years, but it will happen, this project will come out
better than it was before. I don't believe anything anyone has done
while working on this project was really wrong. Every decision has
three possibilities, being moral, ethical and or legal. Sometimes the
law in itself is unethical and immoral. If people made mistakes and
there was a violation of the law, I question the justice of the law
and or anyone that would try to prosecute any of the developers who
just want the freedom to learn and create a more free system.

--
Steven Edwards - ReactOS and Wine developer

下面的争论也说明ReactOS开发者内部也出现了争议:

[ros-dev] Bye bye

Hartmut Birr osexpert at googlemail.com
Wed Jan 18 00:28:00 CET 2006


Hi,   

I'm leaving the ReactOS project. The goals of some developers don't
match my goals.   

Bye bye 
Hartmut
以下是争论的一个论据:

[ros-dev] Bye bye

Hartmut Birr osexpert at googlemail.com
Wed Jan 18 20:59:38 CET 2006


Steven Edwards wrote:
> Hi,
>
> On 1/17/06, Hartmut Birr <osexpert at googlemail.com> wrote:
>> Sometimes in the past, I didn't understand some changes, because the
>> code didn't make sense for the current state of reactos and was not
>> used. Currently, I've compared disassembled code from win2k and winxp
>> with ReactOS. In my opinion, some of the developers do disassemble
>> windows code to implement ReactOS.
>
> Can you list offending code with a list of svn commits?
>
> Thanks
>
> --
> Steven Edwards - ReactOS and Wine developer
>

Hi,

some days ago, I've seen the bug from r20911. It triggers a page fault
after an invalid opcode exception from v86 mode. The invalid opcode
exception in v86 mode can only occur if it is a real exception or if
someone does setup a frame and calls the trap handler directly. I've
found the function BadStack and some other things in syscall.S. The
BadStack function don't make sense a the current state of ReactOS. I've
compared the KiSysCallEntry with the dissembled code from WinXP:

WinXP:
004xxxxx                    off_004xxxxx:
004xxxxx B923000000             mov     ecx,23h
004xxxxx 6A30                   push    30h
004xxxxx 0FA1                   pop     fs
004xxxxx 8ED9                   mov     ds,ecx
004xxxxx 8EC1                   mov     es,ecx
004xxxxx 648B0D40000000         mov     ecx,fs:[40h]
004xxxxx 8B6104                 mov     esp,[ecx+4]
004xxxxx 6A23                   push    23h
004xxxxx 52                     push    edx
004xxxxx 9C                     pushfd
004xxxxx                    loc_004xxxxxx:
004xxxxx 6A02                   push    2
004xxxxx 83C208                 add     edx,8
004xxxxx 9D                     popfd
004xxxxx 804C240102             or      byte ptr [esp+1],2
004xxxxx 6A1B                   push    1Bh
004xxxxx FF350403DFFF           push    dword ptr [0FFDF0304h]
004xxxxx 6A00                   push    0
004xxxxx 55                     push    ebp
004xxxxx 53                     push    ebx
004xxxxx 56                     push    esi
004xxxxx 57                     push    edi
004xxxxx 648B1D1C000000         mov     ebx,fs:[1Ch]
004xxxxx 6A3B                   push    3Bh
004xxxxx 8BB324010000           mov     esi,[ebx+124h]
004xxxxx FF33                   push    dword ptr [ebx]
004xxxxx C703FFFFFFFF           mov     dword ptr [ebx],0FFFFFFFFh
004xxxxx 8B6E18                 mov     ebp,[esi+18h]
004xxxxx 6A01                   push    1
004xxxxx 83EC48                 sub     esp,48h
004xxxxx 81ED9C020000           sub     ebp,29Ch
004xxxxx C6864001000001         mov     byte ptr [esi+140h],1
004xxxxx 3BEC                   cmp     ebp,esp
004xxxx1 0F85xxxxFFFF           jne     loc_004xxxx2
004xxxxx 83652C00               and     dword ptr [ebp+2Ch],0
004xxxxx F6462CFF               test    byte ptr [esi+2Ch],0FFh
004xxxxx 89AE34010000           mov     [esi+134h],ebp
004xxxxx 0F85xxxxFFFF           jne     loc_004xxxxx
004xxxxx                    loc_004xxxxx:
004xxxxx 8B5D60                 mov     ebx,[ebp+60h]
004xxxxx 8B7D68                 mov     edi,[ebp+68h]
004xxxxx 89550C                 mov     [ebp+0Ch],edx
004xxxx3 C74508000DDBBA         mov     dword ptr [ebp+8],0BADB0D00h
004xxxxx 895D00                 mov     [ebp],ebx
004xxxxx 897D04                 mov     [ebp+4],edi
004xxxxx FB                     sti

004xxxx2                    loc_004xxxx2:
004xxxxx 648B0D40000000         mov     ecx,fs:[40h]
004xxxxx 8B6104                 mov     esp,[ecx+4]
004xxxxx 6A00                   push    0
004xxxxx 6A00                   push    0
004xxxxx 6A00                   push    0
004xxxxx 6A00                   push    0
004xxxxx 6A23                   push    23h
004xxxxx 6A00                   push    0
004xxxxx 6802020200             push    20202h
004xxxxx 6A1B                   push    1Bh
004xxxxx 6A00                   push    0
004xxxxx E9xxxx0000             jmp     loc_00407F1A


ReactOS:
80064375 <_KiFastCallEntry>:
_KiFastCallEntry:

// ==================== UNIQUE SYSENTER STUB. DO NOT DUPLICATE
============//
    /* Set FS to PCR */
    mov ecx, KGDT_R0_PCR
80064375:    b9 30 00 00 00           mov    $0x30,%ecx
    mov fs, cx
8006437a:    8e e1                    movl   %ecx,%fs

    /* Set DS/ES to Kernel Selector */
    mov ecx, KGDT_R0_DATA
8006437c:    b9 10 00 00 00           mov    $0x10,%ecx
    mov ds, cx
80064381:    8e d9                    movl   %ecx,%ds
    mov es, cx
80064383:    8e c1                    movl   %ecx,%es

    /* Set the current stack to Kernel Stack */
    mov ecx, [fs:KPCR_TSS]
80064385:    64 8b 0d 40 00 00 00     mov    %fs:0x40,%ecx
    mov esp, ss:[ecx+KTSS_ESP0]
8006438c:    36 8b 61 04              mov    %ss:0x4(%ecx),%esp

    /* Set up a fake INT Stack. */
    push KGDT_R3_DATA + RPL_MASK
80064390:    6a 23                    push   $0x23
    push edx                            /* Ring 3 SS:ESP */
80064392:    52                       push   %edx
    pushf                               /* Ring 3 EFLAGS */
80064393:    9c                       pushf 
    push 2                              /* Ring 0 EFLAGS */
80064394:    6a 02                    push   $0x2
    add edx, 8                          /* Skip user parameter list */
80064396:    83 c2 08                 add    $0x8,%edx
    popf                                /* Set our EFLAGS */
80064399:    9d                       popf  
    or dword ptr [esp], EFLAGS_INTERRUPT_MASK   /* Re-enable IRQs in
EFLAGS, to fake INT */
8006439a:    81 0c 24 00 02 00 00     orl    $0x200,(%esp)
    push KGDT_R3_CODE + RPL_MASK
800643a1:    6a 1b                    push   $0x1b
    push KUSER_SHARED_SYSCALL_RET
800643a3:    68 04 03 fe 7f           push   $0x7ffe0304

    /* Setup the Trap Frame stack */
    push 0
800643a8:    6a 00                    push   $0x0
    push ebp
800643aa:    55                       push   %ebp
    push ebx
800643ab:    53                       push   %ebx
    push esi
800643ac:    56                       push   %esi
    push edi
800643ad:    57                       push   %edi
    push KGDT_R3_TEB + RPL_MASK
800643ae:    6a 3b                    push   $0x3b

    /* Save pointer to our PCR */
    mov ebx, [fs:KPCR_SELF]
800643b0:    64 8b 1d 1c 00 00 00     mov    %fs:0x1c,%ebx

    /* Get a pointer to the current thread */
    mov esi, [ebx+KPCR_CURRENT_THREAD]
800643b7:    8b b3 24 01 00 00        mov    0x124(%ebx),%esi

    /* Set the exception handler chain terminator */
    push [ebx+KPCR_EXCEPTION_LIST]
800643bd:    ff 33                    pushl  (%ebx)
    mov dword ptr [ebx+KPCR_EXCEPTION_LIST], -1
800643bf:    c7 03 ff ff ff ff        movl   $0xffffffff,(%ebx)

    /* Use the thread's stack */
    mov ebp, [esi+KTHREAD_INITIAL_STACK]
800643c5:    8b 6e 18                 mov    0x18(%esi),%ebp

    /* Push previous mode */
    push UserMode
800643c8:    6a 01                    push   $0x1

    /* Skip the other registers */
    sub esp, 0x48
800643ca:    83 ec 48                 sub    $0x48,%esp

    /* Hack: it seems that on VMWare someone damages ES/DS on exit.
Investigate! */
    mov dword ptr [esp+KTRAP_FRAME_DS], KGDT_R3_DATA + RPL_MASK
800643cd:    c7 44 24 38 23 00 00     movl   $0x23,0x38(%esp)
800643d4:    00
    mov dword ptr [esp+KTRAP_FRAME_ES], KGDT_R3_DATA + RPL_MASK
800643d5:    c7 44 24 34 23 00 00     movl   $0x23,0x34(%esp)
800643dc:    00

    /* Make space for us on the stack */
    sub ebp, 0x29C
800643dd:    81 ed 9c 02 00 00        sub    $0x29c,%ebp

    /* Write the previous mode */
    mov byte ptr [esi+KTHREAD_PREVIOUS_MODE], UserMode
800643e3:    c6 86 d7 00 00 00 01     movb   $0x1,0xd7(%esi)

    /* Sanity check */
    cmp ebp, esp
800643ea:    39 e5                    cmp    %esp,%ebp
    jnz BadStack
800643ec:    0f 85 5e ff ff ff        jne    80064350 <BadStack>

    /* Flush DR7 */
    and dword ptr [ebp+KTRAP_FRAME_DR7], 0
800643f2:    83 65 2c 00              andl   $0x0,0x2c(%ebp)

    /* Check if the thread was being debugged */
    test byte ptr [esi+KTHREAD_DEBUG_ACTIVE], 0xFF
800643f6:    f6 46 03 ff              testb  $0xff,0x3(%esi)

    /* Jump to shared code or DR Save */
    //jnz Dr_FastCallDrSave
    jmp SharedCode
800643fa:    eb 5b                    jmp    80064457 <SharedCode>


SharedCode:
    mov [esi+KTHREAD_TRAP_FRAME], ebp
80064457:    89 ae 10 01 00 00        mov    %ebp,0x110(%esi)

    /* Set the trap frame debug header */
    SET_TF_DEBUG_HEADER
8006445d:    8b 5d 60                 mov    0x60(%ebp),%ebx
80064460:    8b 7d 68                 mov    0x68(%ebp),%edi
80064463:    89 55 0c                 mov    %edx,0xc(%ebp)
80064466:    c7 45 08 00 0d db ba     movl   $0xbadb0d00,0x8(%ebp)
8006446d:    89 5d 00                 mov    %ebx,0x0(%ebp)
80064470:    89 7d 04                 mov    %edi,0x4(%ebp)


80064350 <BadStack>:
80064350:    64 8b 0d 40 00 00 00     mov    %fs:0x40,%ecx
80064357:    36 8b 61 04              mov    %ss:0x4(%ecx),%esp
8006435b:    6a 00                    push   $0x0
8006435d:    6a 00                    push   $0x0
8006435f:    6a 00                    push   $0x0
80064361:    6a 00                    push   $0x0
80064363:    6a 23                    push   $0x23
80064365:    6a 00                    push   $0x0
80064367:    68 02 02 02 00           push   $0x20202
8006436c:    6a 1b                    push   $0x1b
8006436e:    6a 00                    push   $0x0
80064370:    e9 1f 0c 00 00           jmp    80064f94 <_KiTrap6>


The ReactOS code and the WinXP code is nearly the same. The stack check
and the invalid opcode exception is equal. The trap frame is created in
the same sequence. The debug mark 0xbadb0d00 is the same. On other
places we use always something like 0xdeadbeef or 0xceadbeef. Each
revision of syscall.S makes our code closer to the Windows code. In some
days we have exactly the same binary code. I know that the frame,
KTHREAD and the PCR layout is predefined. Some of the used informations
are not public. In my opinion, the fast call entry code is copied step
by step from the disassembled Windows code.

- Hartmut

前半个月也的确看到ReactOS的网站已经停止提供ReactOS的各种下载,包括源代码和CD映像等。网站首页也赫然列着一个在审查Code的进度条。
但今天发现,审查的进度条没有了,所有下载也都恢复了。看来ReactOS又恢复生机了!

posted on 2006年4月7日 22:09 由 Raymond

Powered by Community Server Powered by CnForums.Net