On Sunday 14 July 2013 14:52, Virus Guy conveyed the following to
alt.os.linux.ubuntu...
> Aragorn wrote:
>
>> a. Microsoft did build deliberate backdoors into all NT-based
>> versions of Microsoft Windows [1] from day one. I don't know
>> whether that was also the case for the DOS-based versions of
>> Microsoft Windows [2], but those were easy to crack anyway.
>
> Just to correct your perception of win-9x/me as being "DOS-based" -
> they are not.
Uhh, I'm afraid they are, and very much so. I will explain below.
> Win-9x/ME are *booted*, loaded or invoked from DOS as it exists
> transiently during the boot process, but once invoked, Win-9x/ME runs
> from a kernel that puts i86 CPU in protected mode.
No, DOS does not exist "transiently during the boot process" in Windows
9x/ME. There is indeed a so-called Win-kernel, and the Win-kernel runs
in protected mode, that much is true. However, that Win-kernel is only
a _DPMI-based DOS extender_ with the addition of a task scheduler -
cooperative in Windows versions before 95, and (mainly) preemptive from
Win95 on.
The protected mode component of Win 3.x, 9x and ME also only uses ring
0, so there is no privilege separation between kernel processes and
userspace processes. There is only a single address space, and any
misbehaving process can grab hold of another process's memory, including
that of the system itself, plus that even so-called userspace processes
have full control of the processor, since they run in ring 0, which is
the kernel ring.
Furthermore, some 60% (at best) of all CPU time on a running Win
3.x/9x/ME system was spent in _real mode_ because although Win 9x/ME
(and Win 3.1/3.11, but not Win 3.0) offered direct 32-bit access for _a
limited subset of_ the I/O operations (such as filesystem access and
swapping), _all of its other_ I/O operations were still happening via
DOS-style real mode access and legacy BIOS calls. There was no
protected mode abstraction layer for the underlying hardware, and the
virtual device drivers (.vxd?) were all hooks into the underlying DOS
and its interface with the legacy BIOS.
Now, the NT-based Windows versions also do have virtual device drivers
for backward compatibility, but they work similar to how Wine works in
UNIX, i.e. by /translating/ the DOS-specific I/O requests into NT-
compatible I/O requests. NT doesn't use real mode and provides for a
complete abstraction layer of the hardware, similar to how other modern
operating systems do that. (The Windows NT kernel was modeled after VMS
and the Windows NT win32/win64 subsystem was largely based upon
Microsoft's contributions to OS/2, which is also a fully protected mode
operating system.) But this was definitely not the case in Windows 3.x,
Windows 9x and Windows ME.
> Win-9x/me and all NT-based OS (prior to 7) create virtual DOS
> environments for any process or application that needs them, but it's
> a complete fallacy to say that Win-9x/me is either "DOS-based" or
> "runs on top of DOS".
Windows NT creates a virtual DOS environment by using the V86 ("virtual
8086") mode of the IA32 processor architecture and by loading a DOS-
compatible command interpreter and DOS-compatible I/O abstraction layer
into the V86 session - which then essentially becomes a virtual machine
- but Win 9x/ME did not actually do it that way.
In Windows 386, 3.0, 3.1/3.11, 95, 98, 98 SE and ME, the DOS sessions
would also run in a V86 session (and could thus be multi-tasked), but
instead of loading a DOS-compatible command interpreter, it simply
loaded a copy of the underlying DOS into the V86 session. Windows 95
also offered the ability of actually switching to real mode for the
execution of DOS programs - in which case it would be like in Windows
3.x on an i286 processor, or even a "DOS box" session in the 16-bit
versions of OS/2, with all protected mode code being halted until the
real mode session had ended - but this was abandoned from Windows 98
onward because it made the system too unstable. Misbehaving software
could, while the processor was in real mode, hang the entire system,
because real mode offers full unmitigated access to all of the
processor's registers and to the BIOS, and with a 1:1 mapping of the
RAM.
You mention "prior to Windows 7" in the above paragraph of yours, and I
do not know whether Windows 7 has dropped DOS support altogether (even
in its 32-bit versions), but what I do know is that all 64-bit versions
of the NT-based Windows releases - and this included the experimental
64-bit XP release and the 64-bit release of Vista - do not support DOS
anymore - or at least, not without any third-party add-ons - because
when the x86-64 processor is in long mode (i.e. 64-bit mode), it no
longer features a V86 submode, which means that in order to offer DOS
and real mode compatibility, a real mode processor must be emulated in
software, which is slow. x86-64 does /have/ a V86 submode, but it is
only accessible from within its "32-bit legacy mode", i.e. when it is
running a 32-bit operating system natively - see the footnote [*].
Rationale: x86-64 has two 32-bit modes: legacy mode - which is
essentially IA32-compatibility mode - and the 32-bit compatibility mode
of long mode. When the processor is running a 64-bit operating system,
then it can still run 32-bit code and even 16-bit protected mode code,
but not real mode code. Real mode emulators for x86-64 long mode do
exist, but they perform a complete emulation in software of an IA32
processor in real mode. In UNIX systems, the 64-bit version of dosemu
does this as well, while the 32-bit version just uses the underlying
processor's V86 mode.
> Win-9x/me is a full Win32 operating system, [...
I'm afraid not. It's a DPMI-based DOS extender with a tasker scheduler
added on.
Here you can read how DPMI works...:
http://en.wikipedia.org/wiki/DPMI
> ...] and with the addition of a third-party API enhancement known as
> KernelEx, 9x/me can run many current "NT-only" programs.
KernelEx was indeed a third-party add-on which provided for the ability
to make use of ring 3 for NT-based userspace applications, but as such,
it wasn't part of the Win 9x/ME kernel natively.
Similarly, Cygwin offers a complete UNIX/POSIX-like subsystem for the
NT-based Windows versions - including GNU Bash and the X.Org display
server - but that doesn't mean that NT itself would be POSIX-compliant
or even POSIX-compatible, let alone that anyone could possibly suspect
NT to be a UNIX. And another similarity was the NT kernel hack called
WinFrame, written by Citrix Systems, which allowed for NT to become a
genuine multi-user operating system - in the sense of being multi-seat-
capable - and which was later on sold by Citrix to Microsoft, and then
re-marketed by Microsoft as Windows Terminal Server.
The bottom line is that these are bolted-on subsystems, and that they're
not part of the base kernel design. KernelEx was not part of Win 9x/ME,
and neither Cygwin nor the Citrix-developed Terminal Server add-on are
part of the NT kernel. (As of NT 6.0 (Windows Vista and 2008 Server)
on, Microsoft does offer its own Services For Unix subsystem which is
similar to Cygwin, but which - at least, to my knowledge - does not
include a complete and ready-to-use POSIX-like environment. As far as I
know, it's still only a compatibility layer without any userland
software - similar to Wine on UNIX - and a 32-bit/64-bit evolution of
the formerly 16-bit-only POSIX subsystem - think "Microsoft Xenix" - in
NT 3.x and NT 4.0, which was dropped as standard issue from NT 5.x
(Windows 2000, Windows XP and Windows 2003 Server) on.)
[*] x86-64 operation modes:
° Legacy mode
- 16-bit real mode
- 16-bit protected mode, segmented memory model
- 32-bit protected mode, flat memory model
- 32-bit protected mode with PAE pagetables
- V86 mode (16-bit real mode emulation from within 32-bit
protected mode)
° Long mode
* Compatibility mode
- supports 16-bit protected mode code
- 32-bit protected mode with PAE
° Native 64-bit mode
° Systems Management Mode: This is a special 16-bit mode which
was introduced on the i386SL and which uses a feature called
"unreal mode". In this mode, the pagetables are set up, but
the processor then switches back to real mode without a reset,
so that the pagetables remain active. This allows for 16-bit
real mode code to access the complete RAM capacity. Systems
Management Mode is triggered by the hardware, and while the
processor is in Systems Management Mode, all execution of the
operating system and its processes is temporarily halted. It
is mainly used for switching between power savings modes and
for switching fans on and off. The operating system itself
cannot trigger Systems Management Mode, but it will define a
timeout within which SMM must do whatever it was called to do.