{"id":27,"date":"2007-02-06T01:32:46","date_gmt":"2007-02-06T09:32:46","guid":{"rendered":"http:\/\/www.pagetable.com\/?p=27"},"modified":"2007-02-06T01:32:46","modified_gmt":"2007-02-06T09:32:46","slug":"skype-reads-your-bios-and-motherboard-serial-number","status":"publish","type":"post","link":"https:\/\/www.pagetable.com\/?p=27","title":{"rendered":"Skype Reads Your BIOS and Motherboard Serial Number"},"content":{"rendered":"<p>Users of Skype that run 64-bit versions of Windows like me <a target=\"_blank\" href=\"http:\/\/www.planetamd64.com\/lofiversion\/index.php\/t29640.html\" rel=\"noopener\">probably<\/a> <a target=\"_blank\" href=\"http:\/\/forum.skype.com\/lofiversion\/index.php\/t72320.html\" rel=\"noopener\">have<\/a> <a target=\"_blank\" href=\"http:\/\/forums.tomcoyote.org\/index.php?showtopic=74921\" rel=\"noopener\">noticed<\/a> that when starting Skype, the following dialog box appears:<\/p>\n<blockquote><p>The program or feature &#8220;??C:Documents and SettingsMyriaLocal SettingsTemp121.com&#8221; cannot start or run due to incompatibility with 64-bit versions of Windows. Please contact the software vendor to ask if a 64-bit Windows compatible version is available.<\/p><\/blockquote>\n<p>Well, that&#8217;s weird.  Skype&#8217;s trying to run a .com file, which won&#8217;t work on Win64 because there&#8217;s no NTVDM.  Let&#8217;s try opening it in Hex Workshop.  Access denied?  OK, I&#8217;ll terminate Skype to read it.  Still can&#8217;t?!  This thing is really starting to annoy me.  I&#8217;ll use WinDbg to terminate winlogon.exe to force a kernel panic.  I reboot and NOW I can read the damn file.<\/p>\n<p>An unreadable executable file coming from Skype sounds interesting, so I look at it.  It&#8217;s 46 bytes long.  For copyright reasons I can&#8217;t post the file or a complete disassembly.  However, I can describe the program in terms of 16-bit DOS C:<\/p>\n<p>int main(void)<br \/>\n{<br \/>\nfwrite((const void far*) 0xF0000000, 1, 0xFFFF, stdout);<br \/>\nfwrite((const void far*) 0xF000FFFF, 1, 1, stdout);<br \/>\nreturn 0;<br \/>\n}<\/p>\n<p>It&#8217;s dumping your system BIOS, which usually includes your motherboard&#8217;s serial number, and pipes it to the Skype application.  I have no idea what they&#8217;re using it for, or whether they send anything to their servers, but I bet whatever they&#8217;re doing is no good given their track record.<\/p>\n<p>In 32-bit Windows NT, including Vista, the kernel permits NTVDM to make a read-only mapping of the BIOS at address 000F0000.  This allows DOS programs running under NTVDM to make use of the BIOS.  That&#8217;s how this 46-byte program is capable of sending the BIOS to the Skype application, and also explains why they use this mechanism to begin with.<\/p>\n<p>If they hadn&#8217;t been ignorant of Win64&#8217;s lack of NTVDM, nobody would&#8217;ve noticed this happening.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Users of Skype that run 64-bit versions of Windows like me probably have noticed that when starting Skype, the following dialog box appears: The program or feature &#8220;??C:Documents and SettingsMyriaLocal SettingsTemp121.com&#8221; cannot start or run due to incompatibility with 64-bit versions of Windows. Please contact the software vendor to ask if a 64-bit Windows compatible &#8230; <a title=\"Skype Reads Your BIOS and Motherboard Serial Number\" class=\"read-more\" href=\"https:\/\/www.pagetable.com\/?p=27\" aria-label=\"Read more about Skype Reads Your BIOS and Motherboard Serial Number\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-27","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/posts\/27","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=27"}],"version-history":[{"count":0,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/posts\/27\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=27"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=27"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=27"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}