this is what they found

this is what they found

Last year, more or less around this time, we echoed in Genbeta about an ‘Easter egg’ that a hacker had discovered in Windows 95, 25 years after its release. It consisted, specifically, of a credits window with the names of the developers of the Internet Mail program, the predecessor of Outlook Express, and the steps necessary to activate it were so convoluted that it would not have surprised us if another 25 years had passed without anyone noticing his existence.

But what happens when in the middle of 2022 the existence of an easter egg in Windows 1.0 is discovered, a version of Windows launched in 1985, and so little known that many users still think that the first version of this operating system was born with Windows 3.0 or Windows 95? Well, that is exactly what happened yesterday.

Wait, that name rings a bell

Now, a twitter expert in the internals of Windows, Lucas Brooks, revealed his find on Twitter. And again, the easter egg consists of a dialog with the list of members of ‘The Windows Team’the developers of that original version of the Microsoft operating system (at that time, little more than a graphical interface for the real operating system, MS-DOS).

The data has drawn particular attention because, among the list of developers, the name of Gabe Newell stands out, today famous for holding the position of CEO of Valve, the video game distributor also responsible for the Steam platform. Newell would also collaborate on some of the following versions of Windows before leaving the Mountain View company.

Brooks notes that “Microsoft did a very good job of hiding the easter egg and I still don’t know how to activate it. I had to patch some binaries to force their appearance,” Brooks explains on Twitter:

“It was very well hidden, they put the encrypted data at the end of a bitmap file (the smiley face bitmap) and at the time there were no tools to extract those kinds of bitmaps. Even if someone had managed to extract them , you wouldn’t have noticed the extra data at the end.”

Brooks then elaborates on an explanation of how this occurs that may be confusing to users outside of assembly language and hex editors:


Via @mswin_bat on Twitter.

“As you can see, [el ejecutable] changes the pointer to skip the first 32 bytes of the raw data (the actual bitmap) and then does a chained XOR starting with decimal 77”.