Virtual DOS machine

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Virtual DOS machine (VDM) is a technology that allows running 16-bit/32-bit DOS and 16-bit Windows programs on Intel 80386 or higher computers when there is already another operating system running and controlling the hardware.

Overview[edit]

Virtual DOS machines normally rely on the virtual 8086 mode of the Intel 80386 processor, which allows real mode 8086 software to run in a controlled environment by catching and forwarding to the normal operating system (as exceptions), all operations which involve accessing protected hardware. The operating system can then perform an emulation and resume the execution of the DOS software.

VDMs generally also implement support for running 16- and 32-bit protected mode software (DOS extenders), which has to conform to the DOS Protected Mode Interface (DPMI).[1]

When a DOS program running inside a VDM needs to access a peripheral, Windows will either allow this directly (rarely), or will present the DOS program with a virtual device driver (VDD) which emulates the hardware using operating system functions. A VDM will systematically have emulations for the Intel 8259A interrupt controllers, the 8254 timer chips, the 8237 DMA controller, etc.[1]

DOS-based VDMs[edit]

DOS-based VDMs appeared with Windows/386 2.01 in 1987 and were also present in Windows 3.0, 3.1x and Windows for Workgroups 3.1x running in 386 Enhanced Mode as well as in Windows 95, 98, 98 SE and ME.

Similar to Windows 3.x 386 Enhanced Mode in architecture, EMM386 3.xx of Novell DOS 7,[1][2] Caldera OpenDOS 7.01,[3][2] DR-DOS 7.02[4] (and later) also uses VDMs to support pre-emptive multitasking of multiple DOS applications, when the EMM386 /MULTI option is used.[3][4][2] This component has been under development at Digital Research / Novell since (at least) 1991 under the codename "Vladivar" (originally a separate device driver KRNL386.SYS[1][2] instead of a module of EMM386). While primarily developed for the next major version of DR DOS, released as Novell DOS 7 in 1994,[1][2] it was also used in the never released "Star Trek" project in 1992/1993.

OS/2 MVDM[edit]

VDMs called MVDM (Multiple Virtual DOS Machine) are used in OS/2 2.0 and later.[1] OS/2 MVDMs are considerably more powerful than NTVDM. For example, block devices are supported, and various DOS versions can be booted into an OS/2 MVDM.[5] While the OS/2 1.x DOS box was based on DOS 3.0, OS/2 2.x MVDMs emulate DOS 5.0.[1]

Seamless integration of Windows 3.1 and later Win32s applications in OS/2 is a concept looking similar on surface to the seamless integration of XP Mode based on Windows Virtual PC in Windows 7. A redirector in a "guest" VDM or NTVDM allows access on the disks of the OS/2 or NT "host". Applications in a "guest" can use named pipes for communication with their "host".[citation needed]

Windows NTVDM[edit]

NTVDM is a system component of all IA-32 editions of the Windows NT family which allows execution of 16-bit Windows and 16-bit / 32-bit DOS applications. It is not included with 64-bit versions. The Windows NT 32-bit user-mode executable which forms the basis for a single DOS (or Windows 3.x) environment is called ntvdm.exe.[1]

In order to execute DOS programs, NTVDM loads NTIO.SYS which in turn loads NTDOS.SYS, which executes a modified COMMAND.COM in order to run the application that was passed to NTVDM as command-line argument. The 16-bit real-mode system files are stripped down derivations of their MS-DOS 5.0 equivalents IO.SYS, MSDOS.SYS and COMMAND.COM[1] with all hard-wired assumptions on the FAT file system removed and using the invalid opcode 0xC4 0xC4 to bop down into the 32-bit NTVDM to handle the requests.[1] Originally, NTDOS reported a DOS version of 30.00 to programs,[1] but this was soon changed to report a version of 5.00 at INT 21h/AH=30h and 5.50 at INT 21h/AH=3306h to allow more programs to run unmodified.[1] This holds true even in the newest releases of Windows; many additional MS-DOS functions and commands introduced in MS-DOS versions 6.x and in Windows 9x are missing.

16-bit applications all run in their own thread within a single preemptively multithreaded 32-bit NTVDM process. The 16-bit processes are by default cooperatively multitasked with respect to each other, unless the "Run in separate memory space" option is checked in the Run box or the application's shortcut file. NTVDM emulates BIOS calls and tables as well as the Windows 3.1 kernel and 16-bit API stubs.[6] The 32-bit WoW translation layer thunks 16-bit API routines.

32-bit DOS emulation is present for DOS Protected Mode Interface (DPMI) and 32-bit memory access. This layer converts the necessary extended and expanded memory calls for DOS functions into Windows NT memory calls. wowexec.exe is the emulation layer that emulates 16-bit Windows. Windows 2000 and Windows XP added Sound Blaster 2.0 emulation.[7] 16-bit virtual device drivers and DOS block device drivers (e.g., RAM disks) are not supported. Inter-process communication with other subsystems can take place through OLE, DDE and named pipes.

Since virtual 8086 mode is not available on RISC-based processors, NTVDM was instead implemented as a full emulator in these versions of NT.[1] Up to Windows NT 3.51, only 80286 emulation was available. With Windows NT 4.0, 486 emulation was added.[8]

Security issue[edit]

In January 2010, Google security researcher Tavis Ormandy revealed a serious security flaw in Windows NT's VDM implementation that allowed unprivileged users to escalate their privileges to SYSTEM level, noted as applicable to the security of all x86 versions of the Windows NT kernel since 1993. This included all 32-bit versions of Windows NT, 2000, XP, Server 2003, Vista, Server 2008, and Windows 7.[9] Ormandy did publish a proof-of-concept exploit for the vulnerability.[10] Prior to Microsoft's release of a security patch, the workaround for this issue was to turn off 16-bit application support, which prevented older programs (those written for DOS and Windows 3.1) from running. 64-bit versions of Windows were not affected since they do not include the NTVDM subsystem.[11][12] Once the Microsoft security patches had been applied to the affected operating systems the VDM could be safely reenabled.[nb 1]

Limitations[edit]

A limitation exists in the Windows XP 16-bit subsystem (but not in earlier versions of Windows NT) because of the raised per-session limit for GDI objects which causes GDI handles to be shifted to the right by two bits, when converting them from 32 to 16 bits.[13] As a result, the actual handle cannot be larger than 14 bits and consequently 16-bit applications that happen to be served a handle larger than 16384 by the GDI system crash and terminate with an error message.[13]

In an x86-64 CPU, virtual 8086 mode is available as a sub-mode only in its legacy mode (for running 16- and 32-bit operating systems), not in the native, 64-bit long mode.[14]

NTVDM is not supported in 64-bit versions of Windows,[15] which do not support 16-bit code of any kind, including MS-DOS programs.[16] The only way to run them is to use Windows XP Mode or other virtualization software.

In general, VDM and similar technologies do not satisfactorily run many older DOS programs on today's computers. Emulation is only provided for the most basic peripherals, often implemented incompletely[citation needed]. For example, sound emulation in NTVDM is very limited. NT-family versions of Windows only update the real screen a few times per second when a DOS program writes to it, and they do not emulate higher resolution graphics modes. Because software mostly runs native at the speed of the host CPU, all timing loops will expire prematurely. This either makes a game run much too fast or causes the software not even to notice the emulated hardware peripherals, because it does not wait long enough for an answer.

Other VDMs[edit]

Wine also includes a VDM, which it uses for running Win16 and DOS applications.[17] Wine's VDM is compatible with both 32-bit and 64-bit operating systems. However, due to utilization of long mode,[14] 16-bit applications did not run on 64-bit Linux kernel.

See also[edit]

Notes[edit]

  1. ^ A disabled VDM could be reenabled by setting the corresponding registry key back to "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat\VDMDisallowed"=dword:00000000.

References[edit]

  1. ^ a b c d e f g h i j k l m Schulman, Andrew; Brown, Ralf; Maxey, David; Michels, Raymond J.; Kyle, Jim (1994). Undocumented DOS - A programmer's guide to reserved MS-DOS functions and data structures - expanded to include MS-DOS 6, Novell DOS and Windows 3.1 (2 ed.). Addison Wesley. ISBN 0-201-63287-X. ISBN 978-0-201-63287-3. 
  2. ^ a b c d e Paul, Matthias (1997-07-30). "NWDOS-TIPs — Tips & Tricks rund um Novell DOS 7, mit Blick auf undokumentierte Details, Bugs und Workarounds". MPDOSTIP (e-book) (in German) (edition 3, release 157 ed.). Retrieved 2014-09-06.  NWDOSTIP.TXT is a comprehensive work on Novell DOS 7 and OpenDOS 7.01, including the description of many undocumented features and internals. It is part of the author's yet larger MPDOSTIP.ZIP collection maintained up to 2001 and distributed on many sites at the time. The provided link points to a HTML-converted older version of the NWDOSTIP.TXT file.
  3. ^ a b Caldera, Inc. (1997). OpenDOS Developer's Reference Series — OpenDOS Multitasking API Guide — Programmer's Guide. Printed in the UK, August 1997. Caldera Part No. 200-DOMG-004 ([1]).
  4. ^ a b DR-DOS 7.02 User Guide. Caldera, Inc. 1998. Retrieved 2014-09-06. 
  5. ^ "OS/2 Workplace Shell Configuration Techniques" (PDF). IBM redbook. 1994. pp. 68–80. Retrieved 2011-07-05. 
  6. ^ Chapter 27 - Windows Compatibility and Migration: Windows NT 4.0 Resource Kit
  7. ^ How do I troubleshoot MS-DOS programs running on Windows XP?
  8. ^ INFO: How Windows handles floating-point calculations
  9. ^ "Microsoft Security Bulletin MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)". Security TechCenter. Microsoft. 2010-03-17. Retrieved 2012-11-02. 
  10. ^ Ormandy, Tavis (2010-01-19). "Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack". CVE-2010-0232. Full-disclosure. Retrieved 2013-04-13. 
  11. ^ Farrell, Nick (2010-01-20). "Ancient Windows flaw found after 17 years". The Inquirer. Incisive. Retrieved 21 January 2010. 
  12. ^ "Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege". TechNet. Microsoft. 2010-01-20. Retrieved 21 January 2010. 
  13. ^ a b The "Win 16 Subsystem has insufficient resources to continue running" problem on Windows XP
  14. ^ a b Intel 64 and IA-32 Architectures Software Developer's Manual Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B, and 3C (PDF). Intel. 2013-06 [1997]. 325462-047US. Retrieved 2013-07-02. 
  15. ^ Klein, Helge (11 March 2008). "Windows x64 - All the Same Yet Very Different, Part 5: NTVDM, Services, WoW64". Retrieved 21 July 2013. 
  16. ^ "List of limitations in 64-Bit Windows". Microsoft Corporation. 11 October 2007. Retrieved 21 July 2013. 
  17. ^ 8.8.2. Win16 processes support, Chapter 8. Kernel modules, Wine Developer's Guide

External links[edit]