Can I use MS symbol files to disassemble code?

Ray · November 29, 2010, 5:42pm

Hi,

I see IDA uses Microsoft symbol files to help analyze code and I want to do the similar thing in our products to scan functions in DLLs to find malicious injection code - surely will need to disassemble pieces of code. However when firstly connecting to MS public symbol server it shows a license dialog saying “reverse engineer, decompile or disassemble are not allowed”. Then how can we understand the license statement?

mm1 · November 29, 2010, 5:52pm

This is an important question, but this is not the proper forum for it.
This is a legal question, the answer to which depends on where you are
located, what you are doing and for whom you are doing, at a minimum. While
you might get plenty of opinions here (like mine), for the purposes of a
commercial product, you need to consult with an appropriate lawyer.

Don’t get me wrong - this generally has a pretty simple answer, but it is in
my opinion not responsible to offer amateur opinions for something like this
and in the end, should your company ever be challenged on this, the major
reason that you should take to a lawyer is so that you can then say that you
talked to lawyer.

Good luck,

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@ybwork.com
Sent: Monday, November 29, 2010 5:41 PM
To: Kernel Debugging Interest List
Subject: [windbg] Can I use MS symbol files to disassemble code?

Hi,

I see IDA uses Microsoft symbol files to help analyze code and I want to do
the similar thing in our products to scan functions in DLLs to find
malicious injection code - surely will need to disassemble pieces of code.
However when firstly connecting to MS public symbol server it shows a
license dialog saying “reverse engineer, decompile or disassemble are not
allowed”. Then how can we understand the license statement?

WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Ray · November 29, 2010, 6:02pm

Thanks mm.

I initially thought this is the proper place to ask such questions since it’s used via WinDbg’s dlls.

You are right - I need to let company’s lawyer to deal with it.

Sorry for off-topic.