OSDev.org

Hi,

I run Windows 98 on Bochs, and watch its registers. Surprisingly, I see that not like normal OS, it uses 3 rings: ring 0, ring 1 and ring 3.
And with each ring, Win98 uses a lot of different segment selectors. For example, its kernel uses at least 10 different selectors for data segment (DS)
(Other normal OS only uses very few segment selectors, like 1 or 2 only)

Anybody knows any docs describing why Win 98 works that way? I am very curious, and looked around for Win98 design documentation, but none mentions this aspect.

Thanks,
Jun

I've never heard of this either, I would also be interested if anyone knows exactly why this would be the case?

My first guess is maybe it has something to do with how intertwined windows 9X was with MS DOS? Do you (or does someone here) have access to a copy of Windows 95 or Windows ME that they can run in bochs to see if they do the same thing?

Windows 98 includes a lot of 16-bit protected-mode code. That might explain the extra segment selectors. As for ring 1, I have no idea...

Colonel Kernel wrote: Windows 98 includes a lot of 16-bit protected-mode code.

Windows 2.x and 3.x could start in 16-bit protected mode. And as Windows 9x has been developed from
Windows 3.x, there are a lot of 16-bit code. This made the system very unstable.

Colonel Kernel wrote: As for ring 1, I have no idea...

Maybe for drivers. OS/2 used ring 2 for privileged code (user programs with I/O access permissions).
It is possible that Win9x uses ring 1 for this.

madeofstaples wrote:I've never heard of this either, I would also be interested if anyone knows exactly why this would be the case?

My first guess is maybe it has something to do with how intertwined windows 9X was with MS DOS? Do you (or does someone here) have access to a copy of Windows 95 or Windows ME that they can run in bochs to see if they do the same thing?

No, that is not Vm86 code. I checked the Eflags for VM bit, and it was off during my observation.

And I only have Windows 98 SE, not other 9x versions.

Colonel Kernel wrote:Windows 98 includes a lot of 16-bit protected-mode code. That might explain the extra segment selectors.

No, the OS was in 32 bit protected mode when I made observation.

Tommy wrote:

Colonel Kernel wrote: As for ring 1, I have no idea...

Maybe for drivers. OS/2 used ring 2 for privileged code (user programs with I/O access permissions).
It is possible that Win9x uses ring 1 for this.

That is interesting idea. Do you have any idea to confirm that ring 1 is actually used by driver code?

Thanks,
J

Windows 9x was really horrid, it had no real memory protection.. the entire system could be brought down with a single line of code.

You probably won't find out much about the design of 9x, or how it abuses features of the x86.. but this might answer some of your questions.

Now stop using Windows 98, we already have Dex & bewing on this forum.. we don't need another.

Brynet-Inc wrote: the entire system could be brought down with a single line of code.

Wow! Windows 9x is really great !
Seriously, I understand now why I had many BSOD with Windows 98 when I used it 10 years ago...
Programs I used were so badly designed?...

well, win98 isnt too much different from win3.1 (not to be confused with 3.0... 3.0 was a 16bit pmode os, where 3.1 and later were 32bit)

most hobby OSs are very simple, and do things in very simple ways, so most hobby OSs use flat mode -- that is only a few segments, all set to 4GB at 0 base, relying entirely on paging for memory protection... but windows doesnt

win3.1(win95 and win98 are little more than win3.1 with a few bundled utilities) actually use both paging and segmentation for memory protection -- but i recomend nobody else try it, as it tends to drive you insane if you try...

the x86 CPU, in PMode, applies both segmentation and paging to all memory references, by using flat mode, you essentially disable segmentation, simplifying the system, but if you use non-flatmode segments, then both are attributed, and both must be accounted, and thus, while allowing for more complex protection systems, it makes for a very complex and confusing address translation system -- which is one of the reasons very few OSs do it

JAAman wrote:well, win98 isnt too much different from win3.1 (not to be confused with 3.0... 3.0 was a 16bit pmode os, where 3.1 and later were 32bit)

most hobby OSs are very simple, and do things in very simple ways, so most hobby OSs use flat mode -- that is only a few segments, all set to 4GB at 0 base, relying entirely on paging for memory protection... but windows doesnt

win3.1(win95 and win98 are little more than win3.1 with a few bundled utilities) actually use both paging and segmentation for memory protection -- but i recomend nobody else try it, as it tends to drive you insane if you try...

the x86 CPU, in PMode, applies both segmentation and paging to all memory references, by using flat mode, you essentially disable segmentation, simplifying the system, but if you use non-flatmode segments, then both are attributed, and both must be accounted, and thus, while allowing for more complex protection systems, it makes for a very complex and confusing address translation system -- which is one of the reasons very few OSs do it

Actually, Windows 3.1 could run in a 286. I believe with windows 3.1 they dropped 8086 support though(I know windows 3.0 could run on that)

Windows '98 is fun. You can probe the state of your hardware while letting an existing driver make sure it does what you want.

Register dumps FTW.

I think Windows 98 used Ring 1 for display drivers. Other drivers used Ring 0.

After reading some docs, I think Windows 98 works this way:

- Win98 process doesnt have access to full 4GB of virtual memory (not like other OS). Instead, each process is assigned a chunk of memory (for ex, 5MB in size), starting from non-zero base (for ex, 3MB). These areas are made not to overlap each other.

- Each chunk of those areas is assigned a segment, and has a slot in GDT table. When kernel switch to a new process, segments like CS, DS and so on, must be pointed to that slot. This explains why CS, DS, ... use a lot of different segment selectors.

Is that the right assumption about Windows 98 (and Win 9x)?
Any comment?

Thanks!
J

No, each process has its own address space, made by switching out parts of the page directory. 32-bit programs use flat addressing, with CS, DS and ES both having a base of 0 and a limit of 0ffffffffh. Only 16-bit code uses different segments starting at various addresses. Each 16-bit module has its own set of segments, and they may be shared across processes.