not supposed to use) into a register, you get immediate GPF. Unlike flat
freed. In this sense, segmented mode is more foolprof. Ultimate segmentation
runaway program. An example is Spy++ running on an app being debugged.
"Joseph M. Newcomer" <newcomer@flounder.com> wrote in message
Win16 was wonderful in this regard. With a bad pointer, you could damage
any program on
the system, because there was absolutely no protection mechanisms in
MS-DOS (and Win16 was
just raw MS-DOS). You could overwrite the cached root directory block and
erase your
disk.
Win9x had memory protection. Code segments were protected, data segments
were unreachable
from another process. There were a few key data blocks you could access
that represented
the MS-DOS state, and clobbering one of these woulld take down the system
rather solidly,
but it was really hard for an application to take down the entire system.
OTOH, most
third-party drivers were seriously flaky, and took it down regularly.
It is typically impossible for a user program to take down XP (even my
classic guaranteed
crash seems to have been fixed: create a window within a create-window
hook function), but
a driver does so without much effort. NT4 and 2000 were still vulnerable
to application
errors creating unrecoverable kernel state.
Now if we could only get kernel drivers into separate address spaces...
joe
On Mon, 28 May 2007 14:49:23 +0900, "Norman Diamond"
<ndiamond@community.nospam> wrote:
"Usually, a pointer running wild would usually not damage anything in the
kernel"?!
Uh, OK, that is possible. Pointers running wild and damaging the kernel
were unusual. Far more frequent was pointers running wild and
miraculously
not damaging the kernel. There must have been pointers running wild every
minute.
"Joseph M. Newcomer" <newcomer@flounder.com> wrote in message
news:373h535icmb51c8ced3g6jmrjid8br8oni@4ax.com...
Wiin9x kept programs in separate address spaces. Usually, a pointer
running wild would
usually not damage anything in the kernel (it took one of the early
Windows wizards less
than half an hour to create a guaranteed-to-crash-the-system 5-line
program, however).
There was, however, no real "protection" in that any user could actually
issue
instructions that would allow kernel access (the wizard program was pure
C
code, by the
way, and the C compiler won't generate privileged instructions). It was
a
malware
writer's dream come true.
joe
On Sat, 26 May 2007 15:23:24 +0100, Gerry Quinn <gerryq@indigo.ie>
wrote:
In article <k76c53p4lpinml5e6r77a76spbpg18dcuv@4ax.com>,
newcomer@flounder.com says...
MS-DOS, Win95, Win98 and WinME had no memory protection either, so
that
argument isn't a
strong one.
Well I'm no hardward wizard, but I had Amigas and Windows machines, and
whatever was the cause, Amiga programs (ordinary programs, not drivers)
were apt to corrupt just about anything if their pointers ran wild.
For whatever reason, this didn't happen so much on Windows.
- Gerry Quinn
Joseph M. Newcomer [MVP]
email: newcomer@flounder.com
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
Joseph M. Newcomer [MVP]
email: newcomer@flounder.com
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm