Jump to content

AARD code: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
what is a "technical support message"?
No edit summary
Line 1: Line 1:
The '''AARD code''' was a segment of [[obfuscated code|obfuscated machine code]] that was included in several executables, including the installer and [[WIN.COM]], in a [[beta release]] of [[Microsoft Windows 3.1]]. It was [[XOR encryption|XOR-encrypted]], [[Self-modifying code|self-modifying]], and deliberately obfuscated, using a variety of undocumented DOS structures and functions to determine whether or not Windows really was running on MS-DOS. It was originally discovered by Geoff Chappell on 17 April 1992 and then further analyzed and documented in a joint effort with Andrew Schulman.<ref name="Chappell_1999_AARD-1">Geoff Chappell. ''Record of AARD Research''. Web article published by Geoff Chappell on 3 September 1999 about an e-mail sent to Andrew Schulman on 17th April 1992 ([http://www.geoffchappell.com/notes/windows/archive/aard/research.htm]).</ref><ref name="Chappell_1999_AARD-2">Geoff Chappell. ''First Public AARD Details''. Web article published by Geoff Chappell on 8 May 1999 about public messages documenting the AARD code in the CIX message system on 8 June 1992 ([http://www.geoffchappell.com/notes/windows/archive/aard/firstpublic.htm]).</ref><ref name="Schulman_1993_AARD">{{cite journal |last=Schulman |first=Andrew |date=1993-09-01 |title=Examining the Windows AARD Detection Code |journal=[[Dr. Dobb's Journal]] |url=http://ddj.com/windows/184409070?pgno=4 |accessdate=2008-08-21 |archivedate=25 February 2011| archiveurl=http://www.webcitation.org/5wln1nPjv}}</ref><ref name="Schulman_1994_Undocumented-DOS">Andrew Schulman, Ralf Brown, David Maxey, Raymond J. Michels, Jim Kyle. ''Undocumented DOS - A programmer's guide to reserved MS-DOS functions and data structures - expanded to include MS-DOS 6, Novell DOS and Windows 3.1''. Addison Wesley, 2nd edition, 1994, p.&nbsp;11. ISBN 0-201-63287</ref>
The '''AARD code''' was a segment of [[obfuscated code|obfuscated machine code]] that was included in several executables, including the installer and [[WIN.COM]], in a [[beta release]] of [[Microsoft Windows 3.1]]. It was [[XOR encryption|XOR-encrypted]], [[Self-modifying code|self-modifying]], and deliberately obfuscated, using a variety of undocumented DOS structures and functions to determine whether or not Windows really was running on MS-DOS. It was originally discovered by Geoff Chappell on 17 April 1992 and then further analyzed and documented in a joint effort with Andrew Schulman.<ref name="Chappell_1999_AARD-1">Geoff Chappell. ''Record of AARD Research''. Web article published by Geoff Chappell on 3 September 1999 about an e-mail sent to Andrew Schulman on 17th April 1992 ([http://www.geoffchappell.com/notes/windows/archive/aard/research.htm]).</ref><ref name="Chappell_1999_AARD-2">Geoff Chappell. ''First Public AARD Details''. Web article published by Geoff Chappell on 8 May 1999 about public messages documenting the AARD code in the CIX message system on 8 June 1992 ([http://www.geoffchappell.com/notes/windows/archive/aard/firstpublic.htm]).</ref><ref name="Schulman_1993_AARD">{{cite journal |last=Schulman |first=Andrew |date=1993-09-01 |title=Examining the Windows AARD Detection Code |journal=[[Dr. Dobb's Journal]] |url=http://ddj.com/windows/184409070?pgno=4 |accessdate=2008-08-21 |archivedate=25 February 2011| archiveurl=http://www.webcitation.org/5wln1nPjv}}</ref><ref name="Schulman_1994_Undocumented-DOS">Andrew Schulman, Ralf Brown, David Maxey, Raymond J. Michels, Jim Kyle. ''Undocumented DOS - A programmer's guide to reserved MS-DOS functions and data structures - expanded to include MS-DOS 6, Novell DOS and Windows 3.1''. Addison Wesley, 2nd edition, 1994, p.&nbsp;11. ISBN 0-201-63287</ref>


The AARD code ran several functional tests on the underlying [[DOS]] that succeeded on [[MS-DOS]] and [[PC-DOS]], but resulted in an error message on competing disk operating systems such as [[DR-DOS]]. The name was derived from Microsoft programmer Aaron R. Reynolds (1955–2008), who used "AARD" to sign his work. ("AARD" was found in the machine code of the installer.)<ref>{{cite journal |last=Dellert |first=Brian |date=1998-10-21 |title=Microsoft Plays Hardball |journal=Eat the State! |volume=3 |issue=7 |url=http://eatthestate.org/03-07/MicrosoftPlaysHardball.htm |accessdate=2008-08-21 |quote= |archiveurl = http://web.archive.org/web/20080420194217/http://eatthestate.org/03-07/MicrosoftPlaysHardball.htm <!-- Bot retrieved archive --> |archivedate = 2008-04-20}}</ref><ref>{{cite web |url=http://jerrypournelle.com/debates/Microsoft1.html |title=The Microsoft Monopoly Debates |accessdate=2008-08-21 |last=Pournelle |first=Jerry |authorlink=Jerry Pournelle |date=2000-04-01| archiveurl= http://web.archive.org/web/20080829102926/http://www.jerrypournelle.com/debates/Microsoft1.html| archivedate= 29 August 2008 <!--DASHBot-->| deadurl= no}}</ref> Microsoft disabled the AARD code for the final release of Windows 3.1, but did not remove it, so that it could have become reactivated anytime later by the change of a single byte in an installed system, thereby constituting a "smoking gun".
The AARD code ran several functional tests on the underlying [[DOS]] that succeeded on [[MS-DOS]] and [[PC-DOS]], but resulted in an error message on competing disk operating systems such as [[DR-DOS]]. The name was derived from Microsoft programmer Aaron R. Reynolds (1955–2008), who used "AARD" to sign his work. ("AARD" was found in the machine code of the installer.)<ref>{{cite journal |last=Dellert |first=Brian |date=1998-10-21 |title=Microsoft Plays Hardball |journal=Eat the State! |volume=3 |issue=7 |url=http://eatthestate.org/03-07/MicrosoftPlaysHardball.htm |accessdate=2008-08-21 |quote= |archiveurl = http://web.archive.org/web/20080420194217/http://eatthestate.org/03-07/MicrosoftPlaysHardball.htm <!-- Bot retrieved archive --> |archivedate = 2008-04-20}}</ref><ref>{{cite web |url=http://jerrypournelle.com/debates/Microsoft1.html |title=The Microsoft Monopoly Debates |accessdate=2008-08-21 |last=Pournelle |first=Jerry |authorlink=Jerry Pournelle |date=2000-04-01| archiveurl= http://web.archive.org/web/20080829102926/http://www.jerrypournelle.com/debates/Microsoft1.html| archivedate= 29 August 2008 <!--DASHBot-->| deadurl= no}}</ref> Microsoft disabled the AARD code for the final release of Windows 3.1, but did not remove it, so that it could have become reactivated anytime later by the change of a single byte in an installed system, thereby constituting a "smoking gun".{{fact}}


[[Digital Research]] released a [[Patch (computing)|patch]] to enable the AARD tests to pass on DR-DOS in 1992.<ref>[http://www.freedos.org/freedos/news/press/2000-drdos-hist.txt DR DOS versions]; see footnote #19</ref>
[[Digital Research]] released a [[Patch (computing)|patch]] to enable the AARD tests to pass on DR-DOS in 1992.<ref>[http://www.freedos.org/freedos/news/press/2000-drdos-hist.txt DR DOS versions]; see footnote #19</ref>

Revision as of 13:32, 3 June 2012

The AARD code was a segment of obfuscated machine code that was included in several executables, including the installer and WIN.COM, in a beta release of Microsoft Windows 3.1. It was XOR-encrypted, self-modifying, and deliberately obfuscated, using a variety of undocumented DOS structures and functions to determine whether or not Windows really was running on MS-DOS. It was originally discovered by Geoff Chappell on 17 April 1992 and then further analyzed and documented in a joint effort with Andrew Schulman.[1][2][3][4]

The AARD code ran several functional tests on the underlying DOS that succeeded on MS-DOS and PC-DOS, but resulted in an error message on competing disk operating systems such as DR-DOS. The name was derived from Microsoft programmer Aaron R. Reynolds (1955–2008), who used "AARD" to sign his work. ("AARD" was found in the machine code of the installer.)[5][6] Microsoft disabled the AARD code for the final release of Windows 3.1, but did not remove it, so that it could have become reactivated anytime later by the change of a single byte in an installed system, thereby constituting a "smoking gun".[citation needed]

Digital Research released a patch to enable the AARD tests to pass on DR-DOS in 1992.[7]

The rationale for the AARD code came to light when internal memos were released during the United States Microsoft antitrust case. Internal memos released by Microsoft revealed that the specific focus of these tests was DR-DOS. At one point, Microsoft CEO Bill Gates sent a memo to a number of employees, reading "You never sent me a response on the question of what things an app would do that would make it run with MSDOS and not run with DR-DOS. Is there [sic] feature they have that might get in our way?"[8] Microsoft Senior Vice President Brad Silverberg later sent another memo, stating: "What the [user] is supposed to do is feel uncomfortable, and when he has bugs, suspect that the problem is DR-DOS and then go out to buy MS-DOS."[8]

Following the purchase of DR-DOS by Novell and its renaming to "Novell DOS", Microsoft Co-President Jim Allchin stated in a memo, "If you're going to kill someone there isn't much reason to get all worked up about it and angry. Any discussions beforehand are a waste of time. We need to smile at Novell while we pull the trigger."[8]

What had been DR-DOS changed hands again. The new owner, Caldera, Inc., began a lawsuit against Microsoft over the AARD code, Caldera v. Microsoft, which was later settled.[8][9] It was believed that the settlement ran in the order of $150m,[10] but was revealed in November 2009 with the release of the Settlement Agreement to be $280m.[11]

References

  1. ^ Geoff Chappell. Record of AARD Research. Web article published by Geoff Chappell on 3 September 1999 about an e-mail sent to Andrew Schulman on 17th April 1992 ([1]).
  2. ^ Geoff Chappell. First Public AARD Details. Web article published by Geoff Chappell on 8 May 1999 about public messages documenting the AARD code in the CIX message system on 8 June 1992 ([2]).
  3. ^ Schulman, Andrew (1993-09-01). "Examining the Windows AARD Detection Code". Dr. Dobb's Journal. Archived from the original on 25 February 2011. Retrieved 2008-08-21.
  4. ^ Andrew Schulman, Ralf Brown, David Maxey, Raymond J. Michels, Jim Kyle. Undocumented DOS - A programmer's guide to reserved MS-DOS functions and data structures - expanded to include MS-DOS 6, Novell DOS and Windows 3.1. Addison Wesley, 2nd edition, 1994, p. 11. ISBN 0-201-63287
  5. ^ Dellert, Brian (1998-10-21). "Microsoft Plays Hardball". Eat the State!. 3 (7). Archived from the original on 2008-04-20. Retrieved 2008-08-21.
  6. ^ Pournelle, Jerry (2000-04-01). "The Microsoft Monopoly Debates". Archived from the original on 29 August 2008. Retrieved 2008-08-21. {{cite web}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
  7. ^ DR DOS versions; see footnote #19
  8. ^ a b c d Goodin, Dan (1999-04-28). "Microsoft emails focus on DR-DOS threat". CNET News. Retrieved 2008-08-21.
  9. ^ Lea, Graham (2000-01-13). "Caldera vs Microsoft - the settlement". BBC News. Archived from the original on 5 October 2008. Retrieved 2008-08-21. {{cite news}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
  10. ^ Wilcox, Joe (2000-01-11). "Caldera settlement shows a new side of Microsoft". cnet. Retrieved 2009-01-19.
  11. ^ "Exhibits to Microsoft's Cross Motion for Summary Judgment in Novell WordPerfect Case". Groklaw. 2009-11-23. Retrieved 2011-10-22.
Retrieved from "https://en.wikipedia.org/w/index.php?title=AARD_code&oldid=495768099"