从用户应用程序访问ring 0模式（为什么Borland允许这样） [英] Accessing ring 0 mode from user applications ( and why Borland allows this )

问题描述

作为本学期的最后期限，我决定开始在我的大学的操作系统课程的一个项目上工作。
项目分配的问题是，它需要学生开发一个用户应用程序（ exe ），它将作为一个简单的内核（基本过程和线程管理） 。

我突然想到的第一件事是：我应该在用户应用程序中执行特权代码？ b
$ b

在与其他学生（按时完成项目）协商后，我了解到他们能够使用Borland 3.1编译器执行特权代码而没有问题。然而，他们没有发现奇怪，也不知道为什么这样工作。为什么（这里更好的问题是如何）Borland这样做？这不违反OS安全的基本原则吗？

注意：我添加了C ++标签，因为项目应该写成C ++应用程序，大多数特权代码作为内联汇编执行。

更新我的问题原来有些不太清楚。当然，我能够使用任何编译器的特权指令编译代码 - 运行代码是问题。

解决方案

两件事：

1. 回到8086实时模式的日子里没有特权级别。 Borland 3.1是一个16位编译器。如果你运行的代码，它生成的Windows现代版本，它将运行在虚拟8086模式使用NTVDM，也没有权限级别。




2. 即使在使用现代编译器/汇编器时，即使在保护模式和长模式下，它通常也不会报告特权指令。这个源代码在我的MSVC 2015中编译得很好，但崩溃，当我运行它，因为它试图访问一个注册，这是对用户模式应用程序的限制：

 
 int main（）
 {
 __asm 
 {
 mov eax，cr0 
或eax，1 
 mov cr0，eax 
} 
 return 0; 
} 
 

As the semester's deadlines approach, I decided to start working on a project in Operating Systems course at my college. The problem with the project assignment is that it requires students to develop a user application (exe) that will execute as a simple kernel ( basic process and thread management ).

First thing that popped to my mind was : How the hell am I supposed to execute privileged code in user application?

After consulting with other students ( who did the project on time ), I learned that they were able to execute privileged code without problems using Borland 3.1 compiler. However, none of them found that weird nor knew why that worked. Why ( better question here would be how ) does Borland do this? Doesn't this violate fundamental principles of OS security?

Note: I added C++ tag because the project is supposed to be written as a C++ application, with most of the privileged code executed as inline assembly.

Update My question was somewhat poorly phrased originally. Of course I was able to compile code with privileged instructions with any compiler - running the code was the problem.

解决方案

Two things:

1. Back in the days of 8086 real mode there were no privilege levels. Borland 3.1 was a 16-bit compiler. If you're running code it produces on a modern version of Windows, it will run in Virtual 8086 mode using the NTVDM, which also has no privilege levels.

2. Even when using a modern compiler / assembler, it generally won't complain about privileged instructions even in protected mode and long mode. This source code compiles just fine for me in MSVC 2015 but crashes whenever I run it because it tries to access a register that is off-limits to user-mode applications:

int  main()
{
    __asm
    {
        mov eax, cr0
        or eax, 1
        mov cr0, eax
    }
    return 0;
} 

这篇关于从用户应用程序访问ring 0模式（为什么Borland允许这样）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！