In this tutorial, I assume that readers are familiar with Intel 80x86 protection modes such as virtual 8086 mode, paging, Gdt,ldt,idt, and so on. If you don't understand this, you should first read Intel's documentation in http://developer.intel.com/design/pentium/manuals/.
Content:
Windows95 is a multithreaded operating system running at the highest level of privilege, layer No. 0. All applications run at the lowest level of privilege, layer 3rd. This limits the operation of the application to the system. They cannot use CPU privileged directives, they cannot access the I/O ports directly, and so on. You must be familiar with the three large system components of GDI32,KERNAL32 and User32. You would think that this important code snippet must be running at level No. 0. But in fact, they run at the third level, just like any other application. This means that they do not have more permissions than Windows calculators or minesweeper games. The control power of the system is in the hands of the virtual-level manager (VMM) and the virtual device driver (VxD).
All of this is caused by DOS. In the age of Window 3.x, there are many successful DOS software on the market. Windows 3.x must run common Windows programs and DOS programs at the same time, otherwise it will lose the market.
This situation is difficult to deal with because DOS and Windows programs are fundamentally different. DOS programs think they have everything in the system: keyboards, CPUs, memory, hard drives, and so on. DOS programs don't know how to work with other programs, and Windows programs (since then) are reliable multitasking systems. That is, every Windows program must communicate with other programs through GetMessage or PeekMessage.
The solution is to run all the DOS programs on a 8086 virtual machine and run all the other Windows programs on another virtual machine called the system virtual machine. Windows is responsible for the rotation of CPU operation time to each virtual machine. In this way, in Windows 3.x. Windows programs use cooperative multitasking, and virtual machines use a number of priority tasks.
What is a virtual machine? A virtual machine is an illusion created by software. A virtual machine interacts with a program running on it, just as the program is running on a real machine. This way, a program does not know or care if it is running on a virtual machine. As long as the virtual machine responds to the program exactly like a real machine, we can think of it as a real machine.
You can think of the interface between the virtual machine and the software as an API. This unusual API consists of interrupts, BIOS calls, and I/O ports. If Windows can simulate this API perfectly in some way, programs running on virtual machines will behave exactly as they would when they were running on the actual device.
That's why VMM and VxD appear. To coordinate and monitor virtual machines (VMs), Windows requires a program to assign tasks. This program is the virtual Machine Manager (VMM).
Virtual Machine Manager
VMM is a 32-bit protected-mode program. Its main task is to establish and maintain a framework to support virtual machines. For example, it wants to create, run, and end a virtual machine. VMM is one of many system VxD programs that are placed in the Vmm32.vxd file in your system directory. VMM itself is a VxD program, but it is treated as a monitor that monitors other VXD programs. Let's take a look at the starting order of Windows95:
Load Io.sys.
Perform Config.sys and Autoexec.bat.
Call Win.com.
Win.com run Vmm32.vxd,vmm32.vxd is actually a simple dos EXE file.
Vmm32.vxd uses the XMS driver to load VMM into extended memory.
VMM initializes itself and its default VxD.
VMM transfers the machine to protection mode and creates the system virtual machine.
The last loaded virtual shell device starts Windows on the system virtual machine by running Krnl386.exe.
Krnl386.exe loads all the files, and finally the Windows95 shell.
As you can see, VMM is the first VxD program to be loaded into memory. It creates a system virtual machine and initializes other VXD programs. It also provides many services for these VxD programs.
The operating modes of VMM and VxD are different from real programs. Most of the time, they are latent. These VXD programs are not activated when the application is running in the system. They are awakened when there are interrupts/errors/events that require their handling.
VMM is not reentrant. This means that the VXD program must synchronize their access to the VMM service. It is not safe to invoke VMM services in some cases, such as the VMM is processing a hardware interrupt. During this time, VMM is not allowed to re-enter. As a VxD writer, you have to be extremely careful about what you do. Remember, you are at the top level of privilege, level No. 0, and if your code is wrong, no one can control it.
Virtual device drivers
Virtual device drivers are referred to as VXD. X represents the names of various devices, such as virtual keyboard drivers (VKD), virtual mouse drivers (VMD), and so on. A VxD program is a way to successfully initialize hardware. Remember that DOS programs think they have everything in the system, and when they run in a virtual machine, Windows needs to give them a stand-in for the real machine. The VXD program is the surrogates. The VXD program is usually virtual with some hardware devices, so, for example, when a DOS program thinks it is communicating with the keyboard, the virtual keyboard driver is actually communicating with the DOS program. A VxD program usually controls the real hardware device and manages the sharing of the device among the various virtual machines.
However, it is not that each VxD program must be connected to a hardware device. Although the VXD program is used for virtual hardware devices, we can also think of a VxD program as a DLL at level No. 0. For example, if you need to do something that is only available at level No. 0, you can compile a VxD program to do the job for you. This way, because the VXD program doesn't have any virtual devices, you can just think of it as an extension of your program.
Before we discuss the VxD more deeply and create our VxD program, let me say something about VxD first.
The VXD program is unique to Windows 9x and cannot be run under Windows NT. So if your program relies on a VxD, it can't be ported to the Windows NT platform.
A VxD is the most powerful entity in the system. Because they can do anything to the system, they are extremely dangerous. A malicious/Wrong VxD program can destroy the entire system. There is no protection for a malicious/wrong VxD program.
Usually, there are many ways to achieve your goal without a VxD. Be sure to think twice before adopting a VxD solution. This approach is used if other approaches are implemented at the third level.