Virtual DOS machine

technology that allows running 16-bit/32-bit DOS and 16-bit Windows programs on Intel 80386 or higher computers when there is already another operating system running and controlling the hardware

A Virtual DOS machine (VDM) permits the users of computers to run 16-bit or 32-bit DOS and 16-bit Windows programs on 32-bit computers when there already is a different operating system using the hardware.

Overview

change

Virtual DOS machines normally use the virtual 8086 mode of the Intel 80386 (or later) processor, allowing many 8086 applications to function by translating operating system commands to make applications think that they are running on an 8086. The operating system can then emulate the DOS software. VDMs like Windows 3.x 386 Enhanced Mode can add support for using 16-/32-bit protected mode software if they use the DOS Protected Mode Interface (DPMI).[1] If a DOS program in a VDM needs to use a peripheral, Windows will give the DOS program a virtual device driver (VDD) which emulates the hardware using commands that the operating system it is running on can understand.[1]

DOS VDMs

change

DOS VDMs appeared on Windows/386 2.01 in 1987 and were also in Windows 3.x, if you were using 386 Enhanced Mode as well as in 95, 98, 98 SE and Me.

Similar to Windows 3.x, VDMs can let you run many DOS applications at one time if you use the EMM386 /MULTI option.[2][3][4] Digital Research / Novell was working on a similar system since 1991 under the codename "Vladivar" (originally a device driver KRNL386.SYS[1][2] and not part of EMM386). It was made for the next version of DR DOS, released as Novell DOS 7 in 1994,[1][2] but it was also used in their "Star Trek" project, which they stopped working on before finishing.

OS/2 MVDM

change

VDMs called MVDM (Multiple Virtual DOS Machine) are used in OS/2 2.0 and later.[1] OS/2 MVDMs are better than NTVDM in many ways, for example with block devices.[5] While the OS/2 1.x emulated DOS 3.0, 2.x emulated DOS 5.0.[1]

Running Windows 3.1 applications in OS/2 looks similar to XP Mode in Windows 7, but the technologies used are very different. A "guest" VDM permits programs to use the disks of the OS/2 or NT operating system that is running the VDM. Applications in a VDM can use named pipes to talk to their "host".[source?]

Windows NTVDM

change

NTVDM is included in all x86 versions of Windows made on NT, and let 16-bit Windows and 16-/32-bit DOS applications run. It is not included with 64-bit versions (see Limitations). ntvdm.exe helps emulate the APIs needed to run 16-bit DOS and Windows applications.[1]

NTVDM uses NTIO.SYS and NTDOS.SYS, which runs a changed version of COMMAND.COM. The 16-bit system files are smaller versions of their MS-DOS 5.0 counterparts, including IO.SYS, MSDOS.SYS and COMMAND.COM,[1] which remove biases with the FAT file system and can also call the 32-bit NTVDM if needed.[1] NTDOS originally gave a DOS version of 30.00 to programs,[1] but this soon was changed to 5.00 to let more programs to run without being changed[1] However, there are many newer MS-DOS functions and commands added to MS-DOS versions 6.x and in Windows 9x which are not there.

16-bit programs run separately within one 32-bit NTVDM process. Checking "Run in separate memory space" in the Run dialog box or shortcut of the program creates a new process instead. NTVDM emulates BIOS functions, the Windows 3.1 kernel, and its 16-bit API.[6]

32-bit DOS emulation is used for DPMI and using 32-bit memory. wowexec.exe is the emulator process for 16-bit Windows. Windows 2000 added Sound Blaster 2.0 emulation to 32-bit NTVDM.[7] 16-bit and DOS virtual device drivers can't be run. Win16 programs can communicate with other parts of Windows using OLE, DDE and named pipes.

As virtual 8086 mode isn't available on non-x86 processors, NTVDM was a full emulator for NT on these architectures.[1] NT 3.51 could only 80286, but since NT 4.0, 486 emulation was added.[8]

Security issues

change

In January 2010, Google security researcher Tavis Ormandy discovered a large security problem in NTVDM system letting non-Administrators to increase their permissions to the SYSTEM level. Ormandy claimed it was a problem for all x86 versions of Windows NT after 1993. 32-bit versions of NT 3.X/4.0, 2000, XP, 2003, Vista, 2008, and 7 were affected.[9] Ormandy published how the problem works.[10] Before Microsoft could fix it, you could turn off 16-bit application support to solve the problem, but it made so you could not run 16-bit programs. x64 Windows never had this problem because it doesn't use NTVDM.[11][12] After applying the security fixes Microsoft made available, NTVDM could be turned on safely.[nb 1]

Limitations

change

NTVDM and wowexec had limitations on Windows XP and later because of a GDI object limit per session, which might cause GDI handles to be moved two bits to the right when changing 32 to 16 bits.[13] Handles thus could not be larger than 14 bits, so 16-bit programs with a GDI handle larger than 16384 would crash.[13]

On x86-64 CPUs, virtual 8086 mode is only available as a legacy sub-mode (if running a 32-bit operating system), but not in 64-bit long mode, which is why NTVDM is not included with 64-bit versions of Windows,[14] so 16-bit applications cannot be run on 64-bit Windows. You'll need Windows XP Mode or similar virtualization software to run 16-bit programs within a 64-bit operating system.

NTVDM cannot run DOS games on computers of today. Emulation is only provided for simple peripherals. For example, sound in NTVDM can be limited. Windows NT only updates the screen a few times per second when DOS programs write on it, and they can't emulate high-resolution graphics options. As software runs at the speed of the CPU, all timing loops stop too early. This either makes games run too fast, or causes the software to not see some emulated hardware peripherals, because it can not wait that long for an answer.

change
  1. A disabled VDM could be reenabled by setting the corresponding registry key back to "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat\VDMDisallowed"=dword:00000000.


References

change
  1. 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 Schulman, Andrew; Brown, Ralf; Maxey, David; Michels, Raymond J.; Kyle, Jim (1994). Undocumented DOS - A programmer's guide to reserved MS-DOS functions and data structures - expanded to include MS-DOS 6, Novell DOS and Windows 3.1 (2 ed.). Addison Wesley. ISBN 0-201-63287-X. ISBN 978-0-201-63287-3.
  2. 2.0 2.1 2.2 Paul, Matthias (1997-07-30). NWDOS-TIPs — Tips & Tricks rund um Novell DOS 7, mit Blick auf undokumentierte Details, Bugs und Workarounds (e-book) (in German) (edition 3, release 157 ed.). Archived from the original on 2016-11-03. Retrieved 2014-09-06. {{cite book}}: |work= ignored (help) NWDOSTIP.TXT is a comprehensive work on Novell DOS 7 and OpenDOS 7.01, including the description of many undocumented features and internals. It is part of the author's yet larger MPDOSTIP.ZIP collection maintained up to 2001 and distributed on many sites at the time. The provided link points to a HTML-converted older version of the NWDOSTIP.TXT file.
  3. OpenDOS Developer's Reference Series — OpenDOS Multitasking API Guide — Programmer's Guide. UK: Caldera, Inc. August 1997. Caldera Part No. 200-DOMG-004. Archived from the original on 2017-09-10. Retrieved 2016-11-02.
  4. DR-DOS 7.02 User Guide. Caldera, Inc. 1998. Archived from the original on 2016-11-04. Retrieved 2014-09-06.
  5. "OS/2 Workplace Shell Configuration Techniques" (PDF). IBM redbook. 1994. pp. 68–80. Archived from the original (PDF) on 2012-03-20. Retrieved 2011-07-05.
  6. Chapter 27 - Windows Compatibility and Migration: Windows NT 4.0 Resource Kit
  7. "How do I troubleshoot MS-DOS programs running on Windows XP?". Archived from the original on 2012-09-27. Retrieved 2017-03-09.
  8. INFO: How Windows handles floating-point calculations
  9. "Microsoft Security Bulletin MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)". Security TechCenter. Microsoft. 2010-03-17. Retrieved 2012-11-02.
  10. Ormandy, Tavis (2010-01-19). "Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack". CVE-2010-0232. Full-disclosure. Archived from the original on 2013-08-02. Retrieved 2013-04-13.
  11. Farrell, Nick (2010-01-20). "Ancient Windows flaw found after 17 years". The Inquirer. Incisive. Archived from the original on 2010-01-23. Retrieved 2010-01-21.
  12. "Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege". TechNet. Microsoft. 2010-01-20. Retrieved 2010-01-21.
  13. 13.0 13.1 The "Win 16 Subsystem has insufficient resources to continue running" problem on Windows XP
  14. Intel 64 and IA-32 Architectures Software Developer's Manual Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B, and 3C (PDF) (PDF). Intel. June 2013 [1997]. 325462-047US. Retrieved 2013-07-02.

Other websites

change