[Beta 探究] Windows 1.x 和 2.x 的彩蛋

Update: Sorry, was meant to publish this ages ago but didn’t get the time to film a proper video for it. You’ve probably read about it from somewhere else by now – but hey, at least this is the only article about the Easter egg written by the person who discovered it. Also that image up there is ugly lol.

I have discovered the Windows 1.x and 2.x Easter egg. Yep, you heard it right, Windows 1.x and 2.x Easter egg. Microsoft did a fantastic job at hiding the Easter egg, it took us 37 years to find it. So what is the Easter egg? It is basically a credits screen that displays a scrolling list of Windows 1.x and 2.x developers.

Windows 1.01’s Easter Egg

So how did they hide it so well? Encryption and obfuscation. The name list is just a list of null-terminated strings, but instead of storing it in the data segment or as a string table or binary resource, they encrypted it and appended it to the end of a bitmap. Back then there were no tools to view bitmap resources from executables, even if there were, people would’ve simply viewed the bitmap as an image and neglected the binary data at the end.

The encryption is also the strongest out of all of Microsoft’s Easter eggs. It encrypts and decrypts the data with chained XOR. To decrypt it, you need to decrypt a byte by XORing it with the key, XOR the key with the decrypted byte, and repeat for the next byte until the EOF mark is reached. This makes it impossible to recognize the data as encrypted text and needless to say, extremely hard to crack. Even if you were given the initial key, without knowing about the chained XOR operation, you can only decrypt a single byte – not going to be useful.

Now let’s talk about the obfuscation. It isn’t really the obfuscation we know today, but I call it obfuscation because it serves the same purpose of preventing people from getting anything useful out of the code. How did Microsoft do it? Back in the 80s obfuscating the code can severely impact the performance and potentially have all sorts of consequences, so they decided to obfuscate the function names instead. Very simple, all the Easter egg functions were given highly misleading names, so if you’re searching for Easter eggs, when you see them you’ll automatically skip them. They also wrote all the functions very carefully so that they have other purposes as well, for example to process system messages while checking for the Easter egg keystrokes.

How hard is it to trigger the Easter egg? Extremely hard. If you don’t already know the keystrokes, there is no way you can trigger it by accident. You must do the following to trigger it: Alt key down, Esc key down, Alt key up, Esc key up, Esc (down and up), Esc (down and up) and finally hit the Backspace key. You also have to press them fast, otherwise they’ll be treated as multiple keypresses. In Windows 2.x, it became F1, F5, F9, F4 and Backspace, but still, not something you can type by accident.

Now the interesting part, why did they put in so much effort just to hide a credits list? Well, here is the full story. It wasn’t well-hidden at all in the beginning, you only needed to hit a few commonly-used keys for it to pop up. One day the co-founder of Microsoft, Bill Gates, decided to take a look at the progress of Windows, he pressed a few keys to test the input or something, and the Easter egg popped up. He ordered the person who wrote the Easter egg to remove it, as it was a waste of memory and machine cycles (every input event needs to be checked for the sequence, that’s a few hundred cycles per mouse click and keypress). Did he obey Bill Gates’ order? Nope. Instead of removing it, he did the direct opposite, he buried it deeper – causing more memory to be used and machine cycles to be wasted. Windows back then performed very poorly and consumed huge amounts of memory, and that was one of Bill Gates’ biggest concerns, so knowing about the potential severe consequences, he made it almost impossible to find/trigger. I can imagine that he probably also made it very hard to find even with source code access, because I wouldn’t be surprised if Bill Gates also read over the Windows 1.0 source code some time before its release.

Well, a Windows 1.0 developer who knew about the Easter egg sold him out after I posted about it on Twitter. Unlucky. I’m not going to disclose names but it shouldn’t be too hard to find out.

Anyway, we’re not done with Easter eggs yet. This is only the Windows 1.x and 2.x Easter egg. I’ll write about the Windows 3.0, 3.1 and Windows 95 Easter eggs when I get time.