Virtual DOS machine
Virtual DOS machines can operate either exclusively through typical software emulation methods (e.g. dynamic recompilation) or can rely on the virtual 8086 mode of the Intel 80386 processor, which allows real mode 8086 software to run in a controlled environment by catching all operations which involve accessing protected hardware and forwarding them to the normal operating system (as exceptions). The operating system can then perform an emulation and resume the execution of the DOS software.
When a DOS program running inside a VDM needs to access a peripheral, Windows will either allow this directly (rarely), or will present the DOS program with a virtual device driver (VDD) which emulates the hardware using operating system functions. A VDM will systematically have emulations for the Intel 8259A interrupt controllers, the 8254 timer chips, the 8237 DMA controller, etc.
DOS-based VDMs appeared with Windows/386 2.10 in 1987 and were also present in Windows 3.0, 3.1x and Windows for Workgroups 3.1x running in 386 Enhanced Mode as well as in Windows 95, 98, 98 SE and ME.
Similar to Windows 3.x 386 Enhanced Mode in architecture, EMM386 3.xx of Novell DOS 7, Caldera OpenDOS 7.01, DR-DOS 7.02 (and later) also uses VDMs to support pre-emptive multitasking of multiple DOS applications, when the EMM386 /MULTI option is used. This component has been under development at Digital Research / Novell since (at least) 1991 under the codename "Vladivar" (originally a separate device driver KRNL386.SYS instead of a module of EMM386). While primarily developed for the next major version of DR DOS, released as Novell DOS 7 in 1994, it was also used in the never released "Star Trek" project in 1992/1993.
VDMs called MVDM (Multiple Virtual DOS Machine) are used in OS/2 2.0 and later since 1992. OS/2 MVDMs are considerably more powerful than NTVDM. For example, block devices are supported, and various DOS versions can be booted into an OS/2 MVDM. While the OS/2 1.x DOS box was based on DOS 3.0, OS/2 2.x MVDMs emulate DOS 5.0.
Seamless integration of Windows 3.1 and later Win32s applications in OS/2 is a concept looking similar on surface to the seamless integration of XP Mode based on Windows Virtual PC in Windows 7. A redirector in a "guest" VDM or NTVDM allows access on the disks of the OS/2 or NT "host". Applications in a "guest" can use named pipes for communication with their "host".
NTVDM is a system component of all IA-32 editions of the Windows NT family since 1993 which allows execution of 16-bit Windows and 16-bit / 32-bit DOS applications. It is not included with 64-bit versions. The Windows NT 32-bit user-mode executable which forms the basis for a single DOS (or Windows 3.x) environment is called ntvdm.exe.
In order to execute DOS programs, NTVDM loads NTIO.SYS which in turn loads NTDOS.SYS, which executes a modified COMMAND.COM in order to run the application that was passed to NTVDM as command-line argument. The 16-bit real-mode system files are stripped down derivations of their MS-DOS 5.0 equivalents IO.SYS, MSDOS.SYS and COMMAND.COM with all hard-wired assumptions on the FAT file system removed and using the invalid opcode 0xC4 0xC4 to bop down into the 32-bit NTVDM to handle the requests. Originally, NTDOS reported a DOS version of 30.00 to programs, but this was soon changed to report a version of 5.00 at INT 21h/AH=30h and 5.50 at INT 21h/AX=3306h to allow more programs to run unmodified. This holds true even in the newest releases of Windows; many additional MS-DOS functions and commands introduced in MS-DOS versions 6.x and in Windows 9x are missing.
16-bit applications all run in their own thread within a single preemptively multithreaded 32-bit NTVDM process. The 16-bit processes are by default cooperatively multitasked with respect to each other, unless the "Run in separate memory space" option is checked in the Run box or the application's shortcut file. NTVDM emulates BIOS calls and tables as well as the Windows 3.1 kernel and 16-bit API stubs. The 32-bit WoW translation layer thunks 16-bit API routines.
32-bit DOS emulation is present for DOS Protected Mode Interface (DPMI) and 32-bit memory access. This layer converts the necessary extended and expanded memory calls for DOS functions into Windows NT memory calls. wowexec.exe is the emulation layer that emulates 16-bit Windows. Windows 2000 and Windows XP added Sound Blaster 2.0 emulation. 16-bit virtual device drivers and DOS block device drivers (e.g., RAM disks) are not supported. Inter-process communication with other subsystems can take place through OLE, DDE and named pipes.
Since virtual 8086 mode is not available on non-x86-based processors (more specifically, MIPS, DEC Alpha, and PowerPC) NTVDM was instead implemented as a full emulator in these versions of NT, using code licensed from Insignia's SoftPC. Up to Windows NT 3.51, only 80286 emulation was available. With Windows NT 4.0, 486 emulation was added.
In January 2010, Google security researcher Tavis Ormandy revealed a serious security flaw in Windows NT's VDM implementation that allowed unprivileged users to escalate their privileges to SYSTEM level, noted as applicable to the security of all x86 versions of the Windows NT kernel since 1993. This included all 32-bit versions of Windows NT, 2000, XP, Server 2003, Vista, Server 2008, and Windows 7. Ormandy did publish a proof-of-concept exploit for the vulnerability. Prior to Microsoft's release of a security patch, the workaround for this issue was to turn off 16-bit application support, which prevented older programs (those written for DOS and Windows 3.1) from running. 64-bit versions of Windows were not affected since they do not include the NTVDM subsystem. Once the Microsoft security patches had been applied to the affected operating systems the VDM could be safely reenabled.[nb 1]
A limitation exists in the Windows XP 16-bit subsystem (but not in earlier versions of Windows NT) because of the raised per-session limit for GDI objects which causes GDI handles to be shifted to the right by two bits, when converting them from 32 to 16 bits. As a result, the actual handle cannot be larger than 14 bits and consequently 16-bit applications that happen to be served a handle larger than 16384 by the GDI system crash and terminate with an error message.
The NTVDM is not supported on x86-64 and AAarch64 versions of Windows, which do not support 16-bit x86 code of any kind, including DOS programs. The only way to run them is to use Windows XP Mode, other virtualization software, or to use NTVDMx64, an unofficial port of the older emulated implementation of the NTVDM which was provided on NT 4 for non-x86 platforms.
In general, VDM and similar technologies do not satisfactorily run most older DOS games on today's computers. Emulation is only provided for the most basic peripherals, often implemented incompletely. For example, sound emulation in NTVDM is very limited. NT-family versions of Windows only update the real screen a few times per second when a DOS program writes to it, and they do not emulate higher resolution graphics modes. Because software mostly runs native at the speed of the host CPU, all timing loops will expire prematurely. This either makes a game run much too fast or causes the software not even to notice the emulated hardware peripherals, because it does not wait long enough for an answer.
- Comparison of platform virtualization software
- FlexOS 386 (since 1987), 4690 OS (since 1993)
- Concurrent DOS 386 (since 1987), Multiuser DOS (since 1991), REAL/32 (since 1995)
- DESQview 386 (since 1988)
- Unix-like/DOS compatibilities
- List of Microsoft Windows components
- Windows on Windows (WoW)
- Virtual machine (VM)
- vDOS  - A DOS emulator designed for the running the more "serious" DOS apps (not games) on 64-bit NT systems (effectively a replacement for NTVDM on modern systems).
- A disabled VDM could be reenabled by setting the corresponding registry key back to
- Schulman, Andrew; Brown, Ralf D.; Maxey, David; Michels, Raymond J.; Kyle, Jim (1994). Undocumented DOS - A programmer's guide to reserved MS-DOS functions and data structures - expanded to include MS-DOS 6, Novell DOS and Windows 3.1 (2 ed.). Addison Wesley. ISBN 0-201-63287-X.
- Paul, Matthias (1997-07-30). NWDOS-TIPs — Tips & Tricks rund um Novell DOS 7, mit Blick auf undokumentierte Details, Bugs und Workarounds. MPDOSTIP (e-book) (in German) (edition 3, release 157 ed.). Archived from the original on 2016-11-03. Retrieved 2014-09-06. NWDOSTIP.TXT is a comprehensive work on Novell DOS 7 and OpenDOS 7.01, including the description of many undocumented features and internals. It is part of the author's yet larger MPDOSTIP.ZIP collection maintained up to 2001 and distributed on many sites at the time. The provided link points to a HTML-converted older version of the NWDOSTIP.TXT file.
- OpenDOS Developer's Reference Series — OpenDOS Multitasking API Guide — Programmer's Guide. UK: Caldera, Inc. August 1997. Caldera Part No. 200-DOMG-004. Archived from the original on 2017-09-10. Retrieved 2016-11-02.
- DR-DOS 7.02 User Guide. Caldera, Inc. 1998. Archived from the original on 2016-11-05. Retrieved 2014-09-06.
- "OS/2 Workplace Shell Configuration Techniques" (PDF). IBM redbook. 1994. pp. 68–80. Archived from the original (PDF) on 2012-03-20. Retrieved 2011-07-05.
- "Chapter 27 - Windows Compatibility and Migration". Windows NT 4.0 Resource Kit. Microsoft. Retrieved 2017-07-19.
- Schulman, Jerold (2002-12-04). "How do I troubleshoot MS-DOS programs running on Windows XP?". ITPro Windows. Retrieved 2017-07-19.
- "leecher1337/ntvdmx64". GitHub. Retrieved 2018-11-03.
- "INFO: How Windows handles floating-point calculations". Microsoft Support. 2006-11-21. Archived from the original on 2013-02-24. Retrieved 2017-07-19.
- "Microsoft Security Bulletin MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)". Security TechCenter. Microsoft. 2010-03-17. Retrieved 2012-11-02.
- Ormandy, Tavis (2010-01-19). "Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack". CVE-2010-0232. Full-disclosure. Retrieved 2013-04-13.
- Farrell, Nick (2010-01-20). "Ancient Windows flaw found after 17 years". The Inquirer. Incisive. Retrieved 2010-01-21.
- "Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege". TechNet. Microsoft. 2010-01-20. Retrieved 2010-01-21.
- The "Win 16 Subsystem has insufficient resources to continue running" problem on Windows XP
- Intel 64 and IA-32 Architectures Software Developer's Manual Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B, and 3C (PDF) (PDF). Intel. June 2013 . 325462-047US. Retrieved 2013-07-02.
- Klein, Helge (2008-03-11). "Windows x64 - All the Same Yet Very Different, Part 5: NTVDM, Services, WoW64". Retrieved 2013-07-21.
- "List of limitations in 64-Bit Windows". Microsoft Corporation. 2007-10-11. Retrieved 2017-07-19.