Andrew Schulman

Software Litigation Consultant

Please see newer site:


Andrew Schulman, based in San Francisco, is the author and editor of several computer-programming books (including Undocumented Windows, Undocumented DOS, and Unauthorized Windows 95) on the internal operation and undocumented features of Microsoft operating systems.

Since 1995 he has worked primarily as a software litigation consultant, providing technical details in legal cases involving patents, copyright, trade secrets, antitrust and Internet privacy, providing services such as source-code comparisons (for copyright and patent purposes), inspection of binary code, and assessments of bugs, incompatibilities, error and warning messages. Cases include Caldera v. Microsoft, Stac v. Microsoft, and consumer antitrust class actions in California, Minnesota, and Iowa (Comes v. Microsoft; see e.g. Schulman supplemental expert report and transcript of second Schulman deposition which were made public towards the end of the Iowa case).

Partial list of publications:

Andrew Schulman, “Finding Binary Clones with Opstrings & Function Digests,” Dr. Dobb’s Journal, July 2005 (Part I), August 2005 (Part II), and September 2005 (Part III) (available with registration at Dr. Dobb's web site: Part I, Part II, Part III)

Andrew Schulman, Unauthorized Windows 95: A Developer's Guide to Exploring the Foundations of Windows "Chicago" (Foster City CA: IDG Books, 1994); updates (August 1996) at

Coauthor and editor, Undocumented DOS: A Programmer's Guide to Reserved MS-DOS Functions and Data Structures (Reading MA: Addison-Wesley, 1990); 2nd edition (1994)

Coauthor and editor, Undocumented Windows: A Programmer's Guide to Reserved Microsoft Windows API Functions (Reading MA: Addison Wesley, 1992)

Coauthor, Extending DOS: A Programmer's Guide to Protected-Mode DOS, edited by Ray Duncan (Reading MA: Addison-Wesley, 1990); 2nd edition (1992)

Articles in Microsoft Systems Journal, Data Based Advisor, BYTE, Dr. Dobb's Journal, PC Magazine, Web Review, Infoworld, Newsweek, and other publications. Some representative articles:

The US/Mexico Border Crossing Card (BCC): A Case Study in Biometric, Machine-Readable ID. This is a paper I presented at CFP 2002 as a study in what "National ID" might look like. (It's a Microsoft Word .doc file; for a less-recent HTML version, click here.)

"Deanonymizing Users of the SafeWeb Anonymizing Service", written with Prof. David Martin (Boston University). We demonstrate spectacular failures of the SafeWeb (and PrivaSec) anonymizing services, based on simple JavaScript attacks.

"The Extent of Systematic Monitoring of Employee E-mail and Internet Use". A lengthy report for the Privacy Foundation, establishing that about one-third of the US online workforce has its internet and/or e-mail communications at work under continuous monitoring by employers.

Ongoing workplace surveillance (employee monitoring) projects.

"Computer and Internet Surveillance in the Workplace". A lengthy paper on employee monitoring, originally given at a privacy conference in Hong Kong.

"Business & Technology of Email Surveillance". PowerPoint slides from a presentation given in Sydney, Australia.

"Privacy Protection Strategies". PowerPoint slides from a presentation given in Melbourne, Australia. I'm not sure how much sense the slides make without the actual presentation though.

ID Card Conspiracy Theories. Submitted for the forthcoming Encyclopedia of American Conspiracy Theories.

"Fatline & AltaVista: 'Peer Pressure' Employee Monitoring?", Privacy Foundation, June 2001

"The 'Boss Button' Updated: Web Anonymizers vs. Employee Monitoring", Privacy Foundation, April 2001

"Client or Server: A Primer on Employee Monitoring Technology", Privacy Foundation, March 2001

"Consecutive numbers considered harmful: Compaq rebate tracking exposes customer names and addresses", September 2000

"AllAdvantage: A Front-End to DoubleClick", July 2000

"The Caldera v. Microsoft Dossier", O'Reilly Network, February 2000

"Java Shines When HTML Stars", Web Review, August 15, 1997

"Java on the Fly", Web Review, July 25, 1997

"Java: Will Invention Become the Father of Necessity?", Web Review, June 27, 1997

"InActiveX", Web Review, May 23, 1997

"Differences Between NT Server and Workstation are Minimal: Registry Settings Used to Force Use of Microsoft Web Server", O'Reilly, November 1996

"Microsoft Deliberately Limiting NT Workstation 4.0 as a Web Server", O'Reilly, September 1996

"Can Microsoft Catch Up to the Internet?" O'Reilly, March 1996; Part 2, February 1997

"SoftRAM 95: 'False and Misleading'", O'Reilly, August 1996; see especially "SoftRAM 95 and PC Magazine's 1MBFORT", O'Reilly, December 1995

"Windows 95: What It Is, What It Isn't, Why It Matters", O'Reilly, 1996

"Inside the Windows 95 Registration Wizard", O'Reilly, January 1996

"Notes on similarities between QTVHDW.DLL (Apple QuickTime for Windows) and DCISVGA.DRV (Microsoft/Intel Video for Windows)", Feb. 1995

"LA Law" (on Stac v. Microsoft), Dr. Dobb's Journal, May 1994

"Examining the AARD Detection Code", Dr. Dobb's Journal, September 1993

Old book reviews from Dr. Dobb's Journal:
Microprocessors From the Programmer's Perspective (Sept. 1990)
Object-Oriented Software Development: Reality Sets In (Nov. 1990)
Network Programming (Jan. 1991)
Subatomic Programming (March 1991)
C++: The Next Generation (May 1991)
Ten Pounds of Windows Books (July 1991)
You Could Look It Up (Oct. 1991)
Libraries and "the One Right Way" (Dec. 1991)
10 lbs. of Data in a 5-lb. Bag (Feb. 1992)
Beyond the Official Rules (April 1992)
Operating Systems: The Nightmare Continues (June 1992)
Literate Programming (Aug. 1992)
Slaying the Dragon (Oct. 1992)
Wake Up and Smell the Working Set (Dec. 1992)

Commercial Software:

Windows Source Disassembly Pre-Processor, versions 1 and 2, V Communications (San Jose CA, 1992-1998). Later versions were greatly changed and improved by Clive Turvey. See


Newer site: