Menu
As the semester's deadlines approach, I decided to start working on a project in Operating Systems course at my college.
The problem with the project assignment is that it requires students to develop a user application (exe) that will execute as a simple kernel ( basic process and thread management ).
First thing that popped to my mind was : How the hell am I supposed to execute privileged code in user application?
After consulting with other students ( who did the project on time ), I learned that they were able to execute privileged code without problems using Borland 3.1 compiler. However, none of them found that weird nor knew why that worked. Why ( better question here would be how ) does Borland do this? Doesn't this violate fundamental principles of OS security?
Note: I added C++ tag because the project is supposed to be written as a C++ application, with most of the privileged code executed as inline assembly.
Update My question was somewhat poorly phrased originally. Of course I was able to compile code with privileged instructions with any compiler - running the code was the problem.
832
Ring 0 (also known as kernel mode) has full access to every resource. It is the mode in which the Windows kernel runs. Rings 1 and 2 can be customized with levels of access but are generally unused unless there are virtual machines running. Ring 3 (also known as user mode) has restricted access to resources.
Ring 0 (most privileged) and 3 (least privileged) This ring has direct access to the CPU and the system memory, so any instructions requiring the use of either will be executed here. Ring 3, the least priviliged ring, is accessible to user processes that are running in user mode.
In the x86 family, protected mode uses four privilege levels, or rings, numbered 0 to 3. System memory is divided into segments, and each segment is assigned and dedicated to a particular ring. The processor uses the privilege level to determine what can and cannot be done with code or data within a segment.
CPU protection rings are structural layers that limit interaction between installed applications on a computer and core processes. They typically range from the outermost layer, which is Ring 3, to the innermost layer, which is Ring 0, also referred to as the kernel. Ring 0 is at the core of all system processes.
Two things:
Back in the days of 8086 real mode there were no privilege levels. Borland 3.1 was a 16-bit compiler. If you're running code it produces on a modern version of Windows, it will run in Virtual 8086 mode using the NTVDM, which also has no privilege levels.
Even when using a modern compiler / assembler, it generally won't complain about privileged instructions even in protected mode and long mode. This source code compiles just fine for me in MSVC 2015 but crashes whenever I run it because it tries to access a register that is off-limits to user-mode applications:
int main()
{
__asm
{
mov eax, cr0
or eax, 1
mov cr0, eax
}
return 0;
}
149
The compiler allows it because the compiler's job is strictly to convert the input into compiled output. It's not designed to impose or enforce any system security rules. That's the job of the execution environment, typically the OS or emulator that executes the compiled code.
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
