Virtual DOS machine
This article needs additional citations for verification. (December 2009) |
Virtual DOS machine (VDM) is Microsoft's technology that allows running legacy DOS and 16-bit Windows programs on Intel 80386 or higher computers when there is already another operating system running and controlling the hardware.
Overview
Virtual DOS machines rely on the virtual 8086 mode of the Intel 80386 processor, which allows real mode 8086 software to run in a controlled environment by catching and forwarding to the normal operating system (as exceptions) all operations which involve accessing hardware. The operating system can then perform an emulation and resume the execution of the DOS software.
VDMs generally also implement support for running 16- and 32-bit protected mode software (DOS extenders), which has to conform to the DOS Protected Mode Interface.
When a DOS program running inside a VDM needs to access a peripheral, Windows will either allow this directly (rarely), or will present the DOS program with a Virtual Device Driver which emulates the hardware using operating system functions. A VDM will systematically have emulations for the Intel 8259A interrupt controllers, the 8254 timer chips, the 8237 DMA, etc.
NTVDM
The NTVDM is present in all 32-bit NT-based Windows versions. Up to Windows NT 3.51, only 80286 emulation was available. With Windows NT 4.0, 486 emulation was added. [1] 16-bit applications all run in their own thread within a single preemptively multithreaded 32-bit NTVDM process. The 16-bit processes are by default cooperatively multitasked with respect to each other, unless the "Run in separate memory space" option is checked in the Run box or the application's shortcut file. NTVDM emulates BIOS calls and tables as well as the Windows 3.1 kernel and 16-bit API stubs. [2] The 32-bit WoW translation layer thunks 16-bit API routines. 32-bit DOS emulation is present for DOS Protected Mode Interface (DPMI) and 32-bit memory access. This layer converts the necessary extended and expanded memory calls for DOS functions into Windows NT memory calls. Wowexec.exe is the emulation layer that emulates 16-bit Windows. Windows XP added Sound Blaster 2.0 emulation. 16-bit virtual device drivers are not supported. Inter-process communication with other subsystems can take place through OLE, DDE and named pipes.
History
VDMs appeared with Windows/386 2.1 and are present in all subsequent 32-bit versions of Windows. In the Windows NT family, they are, however, relegated to running DOS and Windows 3.x programs and no longer participate in the implementation of the Windows API. The Windows NT executable which is used to handle a single DOS (and Windows 3.x) environment is called ntvdm.exe
. The DOS environment implemented in NTVDM is based on MS-DOS Version 5.0 even in the newest releases of Windows; many additional MS-DOS functions and commands introduced in MS-DOS Versions 6.x and in Windows 9x are missing.
VDMs were also used in OS/2 2.0 and later.
Similar to Windows 3.x 386 Enhanced Mode in architecture, EMM386 3.xx of Novell DOS 7, Caldera OpenDOS 7.01, DR-DOS 7.02 (and later) also utilizes VDMs to support pre-emptive multitasking of multiple DOS applications, when the EMM386 /MULTI option is used. This component has been under development at Digital Research / Novell since (at least) 1991 under the codename "Vladivar" (originally a separate device driver KRNL386.SYS instead of a module of EMM386). While primarily developed for the next major version of DR DOS, released as Novell DOS 7 in 1994, it was also utilized in the never released "Star Trek" project in 1992/1993.
Wine also includes a VDM, which it utilizes for running Win16 and DOS applications.[3] Wine's VDM is compatible with both 32-bit and 64-bit operating systems; however, compatibility is more limited on 64-bit systems.
In January 2010, Google security researcher Tavis Ormandy revealed a serious security flaw in Windows NT's VDM implementation that allowed unprivileged users to escalate their privileges to SYSTEM level, noted as applicable to the security of all versions of the Windows NT kernel since 1993. This included all 32-bit versions of Windows NT, 2000, XP, Server 2003, Vista, Server 2008, and Windows 7. Ormandy did publish a proof-of-concept exploit for the vulnerability. Prior to Microsoft's release of a security patch, the workaround for this issue was to turn off 16-bit application support, which prevented older programs (those written for DOS and Windows 3.1) from running. 64-bit versions of Windows were not affected since they do not include the NTVDM subsystem.[4][5]
Limitations
In an x86-64 CPU, virtual 8086 mode is available as a sub-mode only in its legacy mode (for running 16- and 32-bit operating systems), not in the native, 64-bit long mode; a hard reset of the CPU is required to switch to legacy mode. Thus versions of Windows NT for 64-bit architectures (x64 and IA-64) do not include the NTVDM and are unable to run DOS or 16-bit Windows applications.
In general, VDM and similar technologies do not satisfactorily run many older DOS programs on today's computers. Emulation is only provided for the most basic peripherals, often implemented incompletely[citation needed]. NT-family versions of Windows only update the real screen a few times per second when a DOS program writes to it, and they do not emulate higher resolution graphics modes. Because software mostly runs native at the speed of the host CPU, all timing loops will expire prematurely. This either makes a game run much too fast or causes the software not even to notice the emulated hardware peripherals, because it does not wait long enough for an answer.
See also
- Comparison of platform virtual machines
- List of Microsoft Windows components
- Hypervisor
- Windows on Windows
- DOSEMU, similar purpose compatibility layer for Linux
- DOSBox, solves many issues of the Virtual DOS Machine by emulating software and hardware features of DOS.
- Merge (software)
- VP/ix
References
- ^ INFO: How Windows handles floating-point calculations
- ^ Chapter 27 - Windows Compatibility and Migration: Windows NT 4.0 Resource Kit
- ^ 8.8.2. Win16 processes support, Chapter 8. Kernel modules, Wine Developer's Guide
- ^ Farrell, Nick (2010-01-20). "Ancient Windows flaw found after 17 years". The Inquirer. Incisive. Retrieved 21 January 2010.
- ^ "Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege". TechNet. Microsoft. 2010-01-20. Retrieved 21 January 2010.