vxd-e1.html

汇编语言编写的虚拟驱动程序

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="Author" content="Iczelion">
   <meta name="GENERATOR" content="Mozilla/4.7 [en] (Win98; I) [Netscape]">
   <title>Virtual Device Driver Basic</title>
</head>
<body text="#FFFFFF" bgcolor="#000080" link="#FFFF00" vlink="#8080FF" alink="#FF00FF">

<center>
<h1>
<font face="Arial,Helvetica"><font color="#FFFF99">Virtual Device Driver
Basics</font></font></h1></center>
<font face="Arial,Helvetica"><font size=-1>In this tutorial series, I assume
you, the reader, are familiar with Intel 80x86's protected mode operations
such as virtual 8086 mode, paging, GDT, LDT, IDT. If you don't know about
them, read Intel documentations first at <a href="http://developer.intel.com/design/pentium/manuals/">http://developer.intel.com/design/pentium/manuals/</a></font></font>
<h3>
<font face="Arial,Helvetica"><font color="#66FFFF"><font size=-1>Content:</font></font></font></h3>
<font face="Arial,Helvetica"><font size=-1>Windows 95 is a multithreaded
operating system running in the most privileged level, ring 0. All application
programs run at ring 3, the least privileged level. As such, application
programs are restricted in what they can do to the system. They cannot
use privileged CPU instructions, they cannot access I/O port directly and
so on. You're undoubtedly familiar with the big three system components:
gdi32, kernel32 and user32. You would think that such important pieces
of code should be running in ring 0. But in reality, they run in ring 3,
like all other applications. Thus they don't have more privilege than,
say, the Window calculator or the minesweeper game. The real power of the
system is under control of <b><font color="#FFFF99">the virtual machine
manager (VMM)</font></b> and <b><font color="#FFFF99">virtual device drivers
(VxD)</font></b>.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>All this may not happen
if DOS doesn't make the picture more complicated. During Windows 3.x era,
there are lots of successful DOS programs in the market. Windows 3.x <b><font color="#FFFF99">has
to</font></b> be able to run them alongside normal Windows programs else
it will fail commercially.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>This dilemma is not easy
to solve. DOS and Windows programs are drastically different from each
other. DOS programs are <b><font color="#FFCC33">BAD</font></b> in that
they think they own <b><i><font color="#FFFF99">everything</font></i></b>
in the system: keyboard, CPU, memory, disk etc. They don't know how to
cooperate with other programs while Windows programs (at that time) rely
on cooperative multitasking, i.e. every Windows program must yield control
to other programs via GetMessage or PeekMessage.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>The solution is to run each
DOS program in a virtual 8086 machine while all other Windows programs
run in another virtual machine called <b><font color="#FFFF99">system virtual
machine</font></b>. Windows is responsible for giving CPU time to each
virtual machine in a round-robin way. Thus under Windows 3.x, Windows programs
use cooperative multitasking but virtual machines use preemptive multitasking.</font></font>
<br><font face="Arial,Helvetica"><font size=-1><b><font color="#66FF99">What
is a virtual machine?</font></b> A virtual machine is a fiction created
solely by software. A virtual machine reacts to programs running in it
like a real machine. Thus a program doesn't know that it runs in a virtual
machine and it doesn't care. So long as the virtual machine responds to
the program <b><font color="#FFFF99">exactly</font></b> like a real machine,
it can be treated like the real thing.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>You can think of the interface
between the real machine and its software as a kind of API. This unusual
API consists of interrupts, BIOS calls, and I/O ports. If Windows can somehow
emulate this API perfectly, the programs running in the virtual machine
will behave exactly like they run in the real machine.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>This is where VMM and VxDs
come into the scene. To coordinate and supervise virtual machines (VMs),
Windows needs a program dedicated to the task. That program is the Virtual
Machine Manager.</font></font>
<h3>
<font face="Arial,Helvetica"><font color="#66FFFF"><font size=-1>Virtual
Machine Manager</font></font></font></h3>
<font face="Arial,Helvetica"><font size=-1>VMM is a 32-bit protected mode
program. Its primary responsibility is to erect and maintain the framework
that supports virtual machines. As such, it's responsible for creating,
running, and terminating VMs. VMM is one of the many system VxDs that are
stored in VMM32.VXD in your system folder. It's also a VxD but it can be
considered the supervisor of other VxDs. Let's examine the boot sequence
of Windows 95</font></font>
<ol>
<li>
<font face="Arial,Helvetica"><font size=-1>io.sys is loaded into memory</font></font></li>

<li>
<font face="Arial,Helvetica"><font size=-1>config.sys and autoexec.bat
are processed</font></font></li>

<li>
<font face="Arial,Helvetica"><font size=-1>win.com is called</font></font></li>

<li>
<font face="Arial,Helvetica"><font size=-1>win.com runs VMM32.VXD which
is actually a simple DOS EXE file.</font></font></li>

<li>
<font face="Arial,Helvetica"><font size=-1>VMM32.VXD loads VMM into extended
memory using the XMS driver</font></font></li>

<li>
<font face="Arial,Helvetica"><font size=-1>VMM initializes itself and other
default virtual device drivers.</font></font></li>

<li>
<font face="Arial,Helvetica"><font size=-1>VMM switches the machine into
protected mode and creates the system virtual machine</font></font></li>

<li>
<font face="Arial,Helvetica"><font size=-1>Virtual Shell Device, which
is loaded last, starts Windows in the system VM by running krnl386.exe</font></font></li>

<li>
<font face="Arial,Helvetica"><font size=-1>krnl386.exe loads all other
files, culminating in the Windows 95 shell.</font></font></li>
</ol>
<font face="Arial,Helvetica"><font size=-1>As you can see, VMM is the first
VxD that is loaded into memory. It creates the system virtual machine and
initializes other VxDs. It also provides numerous services to those VxDs.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>VMM and VxDs' operation
mode is different from that of the <b><i><font color="#FFFF99">real</font></i></b>programs.
They are, most of the time, dormant. While application programs are running
in the system, those VxDs are not active. They will be awakened when some
interrupts/faults/events occur that need their attention.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>VMM is not reentrant. That
means VxDs must synchronize their accesses to VMM services. There are some
situations in which it's not safe to call VMM services such as when a hardware
interrupt is being serviced. During that time, VMM cannot tolerate reentrancy.
You as the VxD writer must be extremely careful about what you are doing.
Remember that, there is no one to take care of your code's errors for you.
You're absolutely on your own in ring 0.</font></font>
<h3>
<font face="Arial,Helvetica"><font color="#66FFFF"><font size=-1>Virtual
Device Driver</font></font></font></h3>
<font face="Arial,Helvetica"><font size=-1>Virtual Device Driver is abbreviated
as <b><font color="#FFCC33">VxD</font></b>. <b><font color="#FFFF99">x
</font></b>is
the placeholder for a device name such as virtual <b><font color="#FFFF99">keyboard</font></b>
driver, virtual <b><font color="#FFFF99">mouse</font></b> driver and so
on. VxDs are the keys to successful hardware virtualization. Remember that
DOS programs think they own everything in the system. When they run in
virtual machines, Windows has to provide them with stand-ins for the real
devices. VxDs are that stand-ins. VxDs usually virtualize some hardware
devices. So, for example, when a dos program thinks it is interacting with
the keyboard, it is actually the virtual keyboard device that works with
it. A VxD usually takes control of the real hardware device and manages
the sharing of the device between VMs.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>However, there is no rule
that a VxD <b><font color="#FFFF99">MUST</font></b> be associated with
a hardware device. It's true that VxDs are designed to virtualize hardware
devices but we can also treat VxDs like ring-0 DLLs. For example, if you
want some features that can only be achieved in ring 0, you can code a
VxD that performs the job for you. In this regard, you can view the VxD
as your program's extension since it doesn't virtualize any hardware device.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>Before plunging on and creating
your own VxDs, let me point out something about them first.</font></font>
<ul>
<li>