Никита
So he just disassembles w2k3 PnP stack and implementing it via C code. Or I can't understand how he implements these Pi*() functions o_O
Stas'M
Никита
Stas'M
Or just your own assumptions? 🤔
Никита
I just can't understand HOW?
Никита
Никита
Anonymous
Well, there can be info about it in MSDN?
Anonymous
I'm not too sure
Anonymous
well, that is suspicious
Никита
Никита
https://github.com/vgalnt/reactos/commit/af4058800bd3088ac6c72a8ea6e7cfe768157678
Никита
Try to find THIS one
Никита
Никита
(taken from some chinesee blog that is researching WRK)
Anonymous
The only search results I can find are from WRK
Никита
Benedict
I wish I understood russian damn
Anonymous
well, legally speaking, if he hasn't seen it himself, but someone else has told him, MS can't do anything
Никита
Anonymous
like someone else has explained
Никита
Никита
But still strange, isn't it?
Benedict
Anonymous
That's deffinetely strange.
Никита
That's deffinetely strange.
https://www.cnblogs.com/ahuo/archive/2011/05/29/2062398.html this page containing a list of WRK functions. This is one and only place where you can find these functions. But not the code.
Anonymous
Can we trust this work?
Anonymous
It's really suspicious
Никита
jk
Никита
Stas'M
Anonymous
There's zero information on Microsoft's own sites about this
Anonymous
and the naming is exact to WRK
Никита
Никита
Никита
and the naming is exact to WRK
Well that can be explained, he wants windows drivers to work in ReactOS. So he need to name functions like that's done in WRK.
Anonymous
I don't think we're allowed to do that if we're *clean* room reverse engineering.
Anonymous
Using IDA or anything else to reverse the PNP stack from Server 2003 would instantly fail the principles of contribution and ruin his credibility.
Anonymous
since it wasn't obtained in a clear way
Anonymous
Though, we shouldn't fearmonger until facts are presented.
Stas'M
Anonymous
and it would be caught during review process anyways
Anonymous
Anonymous
Kernel mode PnP isn't much talked about by Microsoft due to user mode interface being used by drivers
Никита
Никита
He is only modifying files in ntoskrnl folder right now)
Никита
and hal
Anonymous
He's doing kernel mode PnP, and it's not documented either due to driver developers having to use user-mode PnP
Никита
If you want, you can make an account in VK (russian social network) and write a message to him. Don't worry, it has English language, and you can register via Facebook.
Никита
Anonymous
I'm just saying that kernel-mode PnP isn't documented by Microsoft, and if he's getting exact namings of functions used there, it's even more suspicious
Никита
Никита
But ONLY NAMES
Никита
Not their src
Anonymous
public documentation
Anonymous
not from WRK
Никита
Anonymous
None in MSDN
Anonymous
legal public documentation*
Anonymous
WRK is not deemed legal for ReactOS
Никита
But you need to create a VK account. He doesn't have a Telegram profile
Anonymous
Well, you already have an account, you can do it right now
Никита
Already did, (blue light means he has not readed my message)
Anonymous
if he is IDA-ing, that means he's breaking the rules
Anonymous
and therefore his contributions can't be trusted
Anonymous
It'd be sad if that's the case.
Никита
We need to wait for an answer
Никита
He was online 2hrs ago, last commit was also done 2hrs ago, maybe he is sleeping.
Anonymous
isn't it early?