As the semester's deadlines approach, I decided to start working on a project in Operating Systems course at my college.
The problem with the project assignment is that it requires students to develop a user application (exe) that will execute as a simple kernel ( basic process and thread management ).
First thing that popped to my mind was : How the hell am I supposed to execute privileged code in user application?
After consulting with other students ( who did the project on time ), I learned that they were able to execute privileged code without problems using Borland 3.1 compiler. However, none of them found that weird nor knew why that worked. Why ( better question here would be how ) does Borland do this? Doesn't this violate fundamental principles of OS security?
Note: I added C++ tag because the project is supposed to be written as a C++ application, with most of the privileged code executed as inline assembly.
Update My question was somewhat poorly phrased originally. Of course I was able to compile code with privileged instructions with any compiler - running the code was the problem.
Two things:
Back in the days of 8086 real mode there were no privilege levels. Borland 3.1 was a 16-bit compiler. If you're running code it produces on a modern version of Windows, it will run in Virtual 8086 mode using the NTVDM, which also has no privilege levels.
Even when using a modern compiler / assembler, it generally won't complain about privileged instructions even in protected mode and long mode. This source code compiles just fine for me in MSVC 2015 but crashes whenever I run it because it tries to access a register that is off-limits to user-mode applications:
int main()
{
__asm
{
mov eax, cr0
or eax, 1
mov cr0, eax
}
return 0;
}
The compiler allows it because the compiler's job is strictly to convert the input into compiled output. It's not designed to impose or enforce any system security rules. That's the job of the execution environment, typically the OS or emulator that executes the compiled code.
来源:https://stackoverflow.com/questions/37448198/accessing-ring-0-mode-from-user-applications-and-why-borland-allows-this