Accessing ring 0 mode from user applications ( and why Borland allows this )

白昼怎懂夜的黑 提交于 2019-12-10 10:05:16

问题


As the semester's deadlines approach, I decided to start working on a project in Operating Systems course at my college. The problem with the project assignment is that it requires students to develop a user application (exe) that will execute as a simple kernel ( basic process and thread management ).

First thing that popped to my mind was : How the hell am I supposed to execute privileged code in user application?

After consulting with other students ( who did the project on time ), I learned that they were able to execute privileged code without problems using Borland 3.1 compiler. However, none of them found that weird nor knew why that worked. Why ( better question here would be how ) does Borland do this? Doesn't this violate fundamental principles of OS security?

Note: I added C++ tag because the project is supposed to be written as a C++ application, with most of the privileged code executed as inline assembly.

Update My question was somewhat poorly phrased originally. Of course I was able to compile code with privileged instructions with any compiler - running the code was the problem.


回答1:


Two things:

  1. Back in the days of 8086 real mode there were no privilege levels. Borland 3.1 was a 16-bit compiler. If you're running code it produces on a modern version of Windows, it will run in Virtual 8086 mode using the NTVDM, which also has no privilege levels.

  2. Even when using a modern compiler / assembler, it generally won't complain about privileged instructions even in protected mode and long mode. This source code compiles just fine for me in MSVC 2015 but crashes whenever I run it because it tries to access a register that is off-limits to user-mode applications:

int  main()
{
    __asm
    {
        mov eax, cr0
        or eax, 1
        mov cr0, eax
    }
    return 0;
} 



回答2:


The compiler allows it because the compiler's job is strictly to convert the input into compiled output. It's not designed to impose or enforce any system security rules. That's the job of the execution environment, typically the OS or emulator that executes the compiled code.



来源:https://stackoverflow.com/questions/37448198/accessing-ring-0-mode-from-user-applications-and-why-borland-allows-this

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!