Windows memory management and protection discuss

Thanks to Bercea, i have read the wdk document and Microsoft windows
internals,Fourth edition, even the intel mamual Volume 3:
System Programming Guide, but that all do not tell me the answer:),maybe i
am not smart enough.

Tim, your wrote:

What can it possibly do? As I said, this is why rootkits and hooking
are so dangerous. If you have a solution, believe me, Microsoft is
interested in hearing about it.

I am not concerning how rootkits can subvert windows system, because in
kernel mode, CPU is in Ring0, or CPU instructions can be executed, like
anton have said, the driver even can change certain CR0 regester bit to
disable the page protect function of the CPU. what i concern is that the
driver can use an MDL to get a virtual address which mapped to physical
address that describes the system key structures and can write the dangerous
memory. In my opinion, for system point of view(VMM), the virtaul address
that i(VMM) return to you which mapped to system key structure should not be
writable. I means from MmProbeAndLockPages and MmMapLockedPagesSpecifyCache
functions, you can get the virtual address that mapped to the address like
SSDT , but they should be read only, want it to writalbe, no way!! Repeated
again, the given virtual address that get from VMM should be read only if
they are mapped to the system key structure, the system should really assure
this, isn’t it?

thanks
Ma

2008/9/26 Tim Roberts

> Carleton Ma wrote:
> > Tim, good reply. thanks. yeh, the same RAM be refered by two
> > PTE(remember the virtual address i mentioned is the system address
> > like IDT address or SSDT address), and the two PTE has different
> > protection properties: one has read only property and one has writable
> > property, then if the driver write the RAM, e.g. a driver write the
> > SSDT(assume), let the service routine address be itself’s, in this
> > case, what should the system do? It continue think that the SSDT is
> > real only, just call the service routine that has been replaced?
>
> What can it possibly do? As I said, this is why rootkits and hooking
> are so dangerous. If you have a solution, believe me, Microsoft is
> interested in hearing about it.
>
> Their approach to this in the x64 case is to periodically scan the SSDT
> to see if it has been changed. I don’t know whether they compare
> individual addresses or take a checksum.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

> -----Original Message-----

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Thursday, September 25, 2008 8:32 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Windows memory management and protection discuss

If I had both available to me right now for writing drivers, I’m not
sure I would choose Delphi. Kernel code necessarily does a lot of
pointer manipulation and casting of data types for buffers and such.
The Delphi syntax for that is really ugly to read, in my
unbiased opinion.

In my biased opinion, too. In my past life I wrote DOS TSR programs
using Borland Pascal (hey, I was young :). The reason (apart from I
didn’t know C well) then was mainly ‘quality’ of available C compilers
which were slow, buggy and runtime libraries caused problems. Results
were successful but code was ugly, sometimes, because of language
syntax. Some necessary things were unnatural there and I’d be the same
in Windows drivers. It applies mainly to pointers so it wouldn’t help
any way. Maybe I’m perverted but I like C syntax much more and is rather
natural for me. C++ is different story. But the best language I
sometimes use is my favorite editor macro language. It is like
simplified C with some Pascal features. Well, once I’ll have to check C#

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

> Maybe I’m perverted but I like C syntax much more and is rather natural for me.

This is hardly surprising, especially taking into consideration that C is the only language I know of that was designed particularly for programming computers, rather than some other purpose (i.e. “teaching good programming habits” like Pascal, “object orientation” like C++, “simplifying development” like managed languages,etc). Therefore, I suspect you are far from being the only one who thinks this way.

Certainly, some people tend to think the way they are told, which becomes obvious after reading this particular NG Just check the archives, and you will see how concepts/techniqes fall out of favor - someone who, at some point, says “events are the only blessed way for KM-UM communication”, after a short while starts slagging it off and claims that " the only blessed way for KM-UM communication is the inverted call"…

Apparently, now it is just the right time for promoting Singularity , so get ready to see “anti-C diatribes” and the paragraphs explaining the great advantages of C# from the usual suspects in not-so-distant future - there is nothing particularly new here…

Anton Bassov

Maybe you should see this in another light. Now if all the rest of the world
would resort to easy higher level languages that do everything for you and
we could keep low level C with its pointers and dangerous practices for the
privileged few of us, wouldn’t that be just great ?

Seriously, the young people who are starting out to learn programming now
are suffering from an incredible disadvantage of an unbridgeable gap
compared to those of us who were growing up in parallel with the evolution
of computer technology. That is a growing problem which manifests itself as
poor software quality which needs to be addressed.

//Daniel

wrote in message news:xxxxx@ntdev…
> This is hardly surprising, especially taking into consideration that C is
> the only language I know of that was designed particularly for
> programming computers, rather than some other purpose (i.e. “teaching good
> programming habits” like Pascal, “object orientation” like C++,
> “simplifying development” like managed languages,etc). Therefore, I
> suspect you are far from being the only one who thinks this way.
>
> Certainly, some people tend to think the way they are told, which
> becomes obvious after reading this particular NG Just check the archives,
> and you will see how concepts/techniqes fall out of favor - someone who,
> at some point, says “events are the only blessed way for KM-UM
> communication”, after a short while starts slagging it off and claims that
> " the only blessed way for KM-UM communication is the inverted call"…
>
>
> Apparently, now it is just the right time for promoting Singularity , so
> get ready to see “anti-C diatribes” and the paragraphs explaining the
> great advantages of C# from the usual suspects in not-so-distant future -
> there is nothing particularly new here…
>
>
> Anton Bassov
>
>
>

> Now if all the rest of the world would resort to easy higher level languages that do everything

for you and we could keep low level C with its pointers and dangerous practices
for the privileged few of us, wouldn’t that be just great ?

Well, I can assure you that you are not meant to be among these “privileged few” - they are meant to be located in Redmond. This is bad news. The good new is that the world is not limited to the one of MSFT-produced systems…

Seriously, the young people who are starting out to learn programming now are
suffering from an incredible disadvantage of an unbridgeable gap compared to those
of us who were growing up in parallel with the evolution of computer technology.

This is not true, because those who were growing up in parallel with the evolution of computer technology
just could not afford UNIX-like system at home, which limited the possibility of learning for the privileged few. However, these days it is possible to have the one, along with all programming tools, libraries, as well as the OS kernel source, and the hardware that is required to run this system is available practically for everyone. Therefore, those who are willing to learn are in quite favorable position, compared to those who were doing it 30-40 years ago - this is just the question of whether they want to learn so that they can take the advantage of it and become programmers, or to limit themselves to .NET/Java/etc and become lifelong “script kiddies”. The only thing that I find annoying is that the latter approach is being advertised and encouraged by some…

Anton Bassov

“become programmers”… they way ANTON defines programmers, I guess?

Hey Anton… When *I* became a programmer, nobody could call themselves a decent software engineer if they couldn’t write overlay descriptors… How’s your Overlay Descriptor Language?

For that matter… how’s your autocoder? Or your facility with channel command words and channel programming? Or your BAL? These facility with these things USED to define what it mean to be a “real OS programmer”

So it is, or will be in the future, with C and Unix-like systems. It is our responsibility, our OBLIGATION, to move the industry forward. The help it evolve. To explore strange new worlds. To seek out new life and new civilizations. To boldly go where no man has ever gone before! (oh, wait… that last part sounds sorta familiar…)

I’m placing my bets for the future on SOME sort of managed language for operating system development. Then again, maybe the industry has already evolved to its final state, as some seem to believe, and there will be nothing better than C ever developed. I think it’s a pretty safe bet that, eventually, we won’t be writing code in C… just like almost nobody writes BAL anymore.

Peter
Who used to think Macro-11 was the best and only language that a “real programmer” needed to know and that the x86 was a crappy “toy”. Evolve or die.

Does that mean we have to abandon (our) vaulted beliefs in MACRO-11
(remember, all caps, six-bit does not have lower case. Keep it real).

Sigh. I suppose you want me throw away my Teddy Bear (poor Hoptoe, 42
years and I hardly new yah) and my Etch-E-Sketch too?

Somehow, I have been able to keep them and accumulate a rather more
‘topical’ set of junk too

I will be happy to climb on the what-ever-frigg’n-language-# managed drivers
band-wagon for a trial spin just as long as I can take Hoptoe with me. He’s
been everywhere else.

-dave

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Friday, September 26, 2008 11:01 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Windows memory management and protection discuss

“become programmers”… they way ANTON defines programmers, I guess?

Hey Anton… When *I* became a programmer, nobody could call themselves a
decent software engineer if they couldn’t write overlay descriptors…
How’s your Overlay Descriptor Language?

For that matter… how’s your autocoder? Or your facility with channel
command words and channel programming? Or your BAL? These facility with
these things USED to define what it mean to be a “real OS programmer”

So it is, or will be in the future, with C and Unix-like systems. It is our
responsibility, our OBLIGATION, to move the industry forward. The help it
evolve. To explore strange new worlds. To seek out new life and new
civilizations. To boldly go where no man has ever gone before! (oh, wait…
that last part sounds sorta familiar…)

I’m placing my bets for the future on SOME sort of managed language for
operating system development. Then again, maybe the industry has already
evolved to its final state, as some seem to believe, and there will be
nothing better than C ever developed. I think it’s a pretty safe bet that,
eventually, we won’t be writing code in C… just like almost nobody writes
BAL anymore.

Peter
Who used to think Macro-11 was the best and only language that a “real
programmer” needed to know and that the x86 was a crappy “toy”. Evolve or
die.

I think a major problem with this is articulated quite well by Joel Spolsky:

http://www.joelonsoftware.com/articles/ThePerilsofJavaSchools.html

Ultimately someone who knows pointers, buffer overflows, recursion, and all
that yucky error prone stuff has to be there to write the managed code
tools.

It’s like a buddy of mine from Compuware (now at Microsoft) said once:

"Collective knowledge is increasing at a such an astounding rate that
everything that needs to be known will soon all be written down in books and
white papers.

UNFORTUNATELY, individual education and responsibility are decreasing so
rapidly that there will be no one left who can read!"

I am not opposed to managed OS code, but I doubt it will become “real”
before I retire and I am not sure of the ramifications on technology on the
whole. Not sure the world will be a better place for it?

Bill M.

wrote in message news:xxxxx@ntdev…
>

>
> “become programmers”… they way ANTON defines programmers, I guess?
>
> Hey Anton… When I became a programmer, nobody could call themselves a
> decent software engineer if they couldn’t write overlay descriptors…
> How’s your Overlay Descriptor Language?
>
> For that matter… how’s your autocoder? Or your facility with channel
> command words and channel programming? Or your BAL? These facility with
> these things USED to define what it mean to be a “real OS programmer”
>
> So it is, or will be in the future, with C and Unix-like systems. It is
> our responsibility, our OBLIGATION, to move the industry forward. The
> help it evolve. To explore strange new worlds. To seek out new life and
> new civilizations. To boldly go where no man has ever gone before! (oh,
> wait… that last part sounds sorta familiar…)
>
> I’m placing my bets for the future on SOME sort of managed language for
> operating system development. Then again, maybe the industry has already
> evolved to its final state, as some seem to believe, and there will be
> nothing better than C ever developed. I think it’s a pretty safe bet
> that, eventually, we won’t be writing code in C… just like almost nobody
> writes BAL anymore.
>
> Peter
> Who used to think Macro-11 was the best and only language that a “real
> programmer” needed to know and that the x86 was a crappy “toy”. Evolve or
> die.
>
>
>

I guess I have a serious comment hidden in here and it is this:

Programmers accumulate skills through experience. We accumulate arrogance
and rigidity too. “Evolve or Die” is exactly right. “Abandon or Die” is
definitely not the same thing.

Peter’s and other’s experiences with systems created years (decades, ouch)
ago are exactly the sort of things one needs to ‘carry along with them’ to
know evaluate and understand the trade-offs in the new-fangled toys of the
future.

Let’s face it; Just because we no longer have to code the overlay scheme
does not mean we should ignore the impact of paging/virtual memory/etc. in
designs of any sort. The same goes for C#, F# (whatever) as a language and
meta-machines executing them. One still needs to appreciate the machinery
beneath them to make good design decisions *even if you don’t need to
implement the facility*. So as much as I would love to never have to worry
about the correctness of my object references, validity of addresses, and of
course limit the scope of destruction I can impart on the remainder of the
system, we are better ‘programmers’ for understanding what is in the
trade-offs. All you have to do is watch the VM Bytes on a typical Java
program to know that lowering the barrier to programming is probably not a
good idea in the core OS (unless you have stock in
-insert-ram-company-here-).

Healthy skepticism, wealth of experience, and a willingness to evaluate new
things on their merits objectively are a solid combination in a ‘good
programmer’. So I agree it is our obligation to move the industry forward.
It is likewise our obligation to do so carefully (and I would not suggest
you were implying otherwise. I am just sticking it clearly.)

-dave
(what was this thread about? Memory management? I think I have lost mine.)

Sorry Dave PDP-11’s were 8bit bytes. I programmed a number of drivers for
DOS-11 and RT-11.

On whether we will move to a new language for OS work, consider a couple of
incidents in my career. In college I remember how horrified one of the
people in the lab was when I wrote a system utility in PDP-11 Fortran, since
I could do it in one evening instead of a week or two. I went to work and
the experts at the company I was at were sure that an early ethernet
protocol I wrote could never be efficient since it was in “C” they spent
months on their assembler version only to find it was 25% slower!

I think Peter may be right on OS’es moving to managed languages. I would
say it was sure but the needs to satisfy a ton of standards and the demands
of backwards compatibility have ossified most OS research to the point it is
general just re-implementations rather that innovation.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

“David R. Cattley” wrote in message news:xxxxx@ntdev…
> Does that mean we have to abandon (our) vaulted beliefs in MACRO-11
> (remember, all caps, six-bit does not have lower case. Keep it real).
>
> Sigh. I suppose you want me throw away my Teddy Bear (poor Hoptoe, 42
> years and I hardly new yah) and my Etch-E-Sketch too?
>
> Somehow, I have been able to keep them and accumulate a rather more
> ‘topical’ set of junk too
>
> I will be happy to climb on the what-ever-frigg’n-language-# managed
> drivers
> band-wagon for a trial spin just as long as I can take Hoptoe with me.
> He’s
> been everywhere else.
>
> -dave
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
> Sent: Friday, September 26, 2008 11:01 AM
> To: Windows System Software Devs Interest List
> Subject: RE:[ntdev] Windows memory management and protection discuss
>
>

>
> “become programmers”… they way ANTON defines programmers, I guess?
>
> Hey Anton… When I became a programmer, nobody could call themselves a
> decent software engineer if they couldn’t write overlay descriptors…
> How’s your Overlay Descriptor Language?
>
> For that matter… how’s your autocoder? Or your facility with channel
> command words and channel programming? Or your BAL? These facility with
> these things USED to define what it mean to be a “real OS programmer”
>
> So it is, or will be in the future, with C and Unix-like systems. It is
> our
> responsibility, our OBLIGATION, to move the industry forward. The help it
> evolve. To explore strange new worlds. To seek out new life and new
> civilizations. To boldly go where no man has ever gone before! (oh,
> wait…
> that last part sounds sorta familiar…)
>
> I’m placing my bets for the future on SOME sort of managed language for
> operating system development. Then again, maybe the industry has already
> evolved to its final state, as some seem to believe, and there will be
> nothing better than C ever developed. I think it’s a pretty safe bet
> that,
> eventually, we won’t be writing code in C… just like almost nobody
> writes
> BAL anymore.
>
> Peter
> Who used to think Macro-11 was the best and only language that a “real
> programmer” needed to know and that the x86 was a crappy “toy”. Evolve or
> die.
>
>

Sorry Dave PDP-11’s were 8bit bytes. I programmed a number of drivers for
DOS-11 and RT-11.

I was referring to the on-disk-structure limits on filenames not the machine
byte-size. But of course, Peter got to run RSX on his so he had ODS-1 and
could capitalize it any way he wanted ;). I had to live (quite happily)
with RT-11 and was ever fond of capital letter file names.

-dave

Ok, I see the confusion but that wasn’t 6-bit either, since Radix-50 packed
3 characters into a 16-bit word.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“David R. Cattley” wrote in message news:xxxxx@ntdev…
>
> Sorry Dave PDP-11’s were 8bit bytes. I programmed a number of drivers for
> DOS-11 and RT-11.
>
>
> I was referring to the on-disk-structure limits on filenames not the
> machine
> byte-size. But of course, Peter got to run RSX on his so he had ODS-1 and
> could capitalize it any way he wanted ;). I had to live (quite happily)
> with RT-11 and was ever fond of capital letter file names.
>
> -dave
>
>

Carleton Ma wrote:

I am not concerning how rootkits can subvert windows system, because
in kernel mode, CPU is in Ring0, or CPU instructions can be executed,
like anton have said, the driver even can change certain CR0 regester
bit to disable the page protect function of the CPU. what i concern is
that the driver can use an MDL to get a virtual address which mapped
to physical address that describes the system key structures and can
write the dangerous memory. In my opinion, for system point of
view(VMM), the virtaul address that i(VMM) return to you which mapped
to system key structure should not be writable. I means from
MmProbeAndLockPages and MmMapLockedPagesSpecifyCache functions, you
can get the virtual address that mapped to the address like SSDT , but
they should be read only, want it to writalbe, no way!! Repeated
again, the given virtual address that get from VMM should be read only
if they are mapped to the system key structure, the system should
really assure this, isn’t it?

There’s no way to do that. Remember, all kernel code is the same. The
operating system memory manager runs in kernel mode, exactly like a
driver. The processor can’t tell the difference. If a driver couldn’t
write the memory, then the memory manager couldn’t write the memory.
That wouldn’t be very useful, would it?

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Well put Mr. Cattley… VERY well said. AND Mr. Burn, of course.

HA! Indeed. Sixbit is to the DECSystem-10/20 as Rad50 is to the PDP-11. Neither had any provision for lowercase characters. But no REAL programmer – certainly no OS programmer – used lowercase, and the VT50 terminal wasn’t capable of typing lowercase characters anyhow.

Having a knowledge of how things work “under the hood” can never be a bad thing. Knowing how your car works will almost certainly increase your appreciation of the vehicle, and will almost certainly ensure that you really WILL get the oil changed on time. Maybe even you’ll change the oil MORE frequently than recommended, thus increasing your car’s useful life!

Thus… CORRECT. Knowing something is almost always better than not knowing.

But the need to evolve is paramount. To this, 3 points:

a) If you stick to doing the same thing, you won’t change anything.
b) If you don’t try to do something different, you won’t invent anything new
c) The “givens” of today may very well not be with us tomorrow… thus it is important to move our thinking BEYOND those givens.

Remember all the time and effort that was spent making NT V3.51 run in less than 16MB of memory? Everything, and I do mean EVERYthing possible, was made pageable. The Executive, drivers, etc.

Just this week, I read somebody write here on the forum words to the effect of “no ordinary driver that’s written today really needs to worry about having pageable code.” I agree. For MOST drivers (not every driver) whether your code is pageable or not has just ceased to be relevant. ESPECIALLY in like of the problems you’re likely to have in dealing with that pageable code.

And, who knows… in 5 years, 10 years… 20 years… next year… maybe casual mark/sweep GC of my managed code when it grows to what are today truly terrifying memory sizes, will be fine. Maybe there’ll be sooo much memory, it just won’t matter.

Maybe not.

But if we don’t TRY new stuff… PUSH the future… try crazy shit… we’re gonna keep doing what we do now. And I don’t know about you, but I am sick to death of putting "ecount"s in my code to make up for what is the inherent stupidity of the language in which I’m programming.

Peter
OSR

Bill McKenzie wrote:

It’s like a buddy of mine from Compuware (now at Microsoft) said once:

"Collective knowledge is increasing at a such an astounding rate that
everything that needs to be known will soon all be written down in books and
white papers.

UNFORTUNATELY, individual education and responsibility are decreasing so
rapidly that there will be no one left who can read!"

There is a science fiction story about a future society in which the
amount of printed material has grown to the point where it is simply
impossible to keep up. A startup company began offering a service to
the world: they go through all of the printed material that was produced
in a given day – newspapers, magazines, journals, novels, reports,
press releases, etc – and digest it all down to one word. For a fee,
they would send you that one word every day.

People all around the world signed up, and immediately felt greatly
relieved. They no longer had to feel guilty about getting behind in
their reading.

Today, I can imagine Google offering us exactly that service.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

I think we have already passed that point long ago as society has continued to grow towards deeper and deeper specializations.

(Wasn’t this thread supposed to have something related to “memory management”…?)

• S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Friday, September 26, 2008 1:15 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Windows memory management and protection discuss

Bill McKenzie wrote:

It’s like a buddy of mine from Compuware (now at Microsoft) said once:

"Collective knowledge is increasing at a such an astounding rate that
everything that needs to be known will soon all be written down in books and
white papers.

UNFORTUNATELY, individual education and responsibility are decreasing so
rapidly that there will be no one left who can read!"

There is a science fiction story about a future society in which the
amount of printed material has grown to the point where it is simply
impossible to keep up. A startup company began offering a service to
the world: they go through all of the printed material that was produced
in a given day – newspapers, magazines, journals, novels, reports,
press releases, etc – and digest it all down to one word. For a fee,
they would send you that one word every day.

People all around the world signed up, and immediately felt greatly
relieved. They no longer had to feel guilty about getting behind in
their reading.

Today, I can imagine Google offering us exactly that service.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Tim Roberts wrote:

Carleton Ma wrote:

> …Repeated
> again, the given virtual address that get from VMM should be read only
> if they are mapped to the system key structure, the system should
> really assure this, isn’t it?
>

There’s no way to do that. Remember, all kernel code is the same. The
operating system memory manager runs in kernel mode, exactly like a
driver. The processor can’t tell the difference. If a driver couldn’t
write the memory, then the memory manager couldn’t write the memory.
That wouldn’t be very useful, would it?

Allow me to follow up to my own post here.

It would be possible to write an XP-like operating system that used ring
1 for drivers, leaving ring 0 only for the key kernel routines, like the
memory manager. By doing that, drivers could be in a privileged, but
not wide open environment, and the kind of protection you’re talking
about would be possible.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Yes. But some of us got bored explaining the rudiments of memory management. And Anton set to trolling with talk of “anti C diatribes”, promoting “singularity”, and talk of what “real programmers” do or do not do/know.

So, because it was more fun than actually doing work, it’s a Friday and all I really need to do is get ready to go to Microsoft, I figured I’d “elaborate” and contribute further to side-tracking an already sidetracked thread.

Sic transit gloria mundi,

Peter
OSR

While we are at it …

I’ve always thought ( and still think about ) certain things ----

(0) what would it make or what do we need to make this programming to an
engineering discipline? Just don’t call it as you wish(ed), but take a back
sit a think what would it take to call it engineering … ? Well I would
buy that engineering is a combination of (a) art (b) science… Then what
the science part here… I know the art part somwhat: forexample don’t
initialize stack variables, use more the 16KB as locals in KM code, use
macros everywhere one fills like a gross ( gross == macro), write switch
stmt with atleast 379 cases otherwise use if-then-else, run your c code thru
lister so you get the assemble code, take/copy and paste back to your c code
and feel you touched the metal (hot or cold ) …

(1) When we find some science behind it, what are the ways to measure
things, units of measure, confidence analysis and all that …

I think, if not for anything else, verifiablity to an extent, and
adjustablity/managibilty would move us to different approach to programming
… C#, F# … no-sharp and whatever … And yes we need to move on before
we call us engineers … Please takeout the word engineer in your business
card ( it’s an earnest request ).

In the 50s, (I forgot the name) American person wanted to introduce Sampling
theory into the world of manufacturing/engineer, and was deeply rejected.
But japan took him as an expert and proved that there is such a thing we
need …

-pro

And what happens when one driver tries to interfere with another? How do you stop that without completely hosing driver compatibility?

This is a more complicated problem than just walling off the kernel from all drivers. A rootkit that can attack disk.sys but “not” the kernel is not really very much declawed after all.

• S

-----Original Message-----
From: Tim Roberts
Sent: Friday, September 26, 2008 12:31
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Windows memory management and protection discuss

Tim Roberts wrote:
> Carleton Ma wrote:
>
>> …Repeated
>> again, the given virtual address that get from VMM should be read only
>> if they are mapped to the system key structure, the system should
>> really assure this, isn’t it?
>>
>
> There’s no way to do that. Remember, all kernel code is the same. The
> operating system memory manager runs in kernel mode, exactly like a
> driver. The processor can’t tell the difference. If a driver couldn’t
> write the memory, then the memory manager couldn’t write the memory.
> That wouldn’t be very useful, would it?
>

Allow me to follow up to my own post here.

It would be possible to write an XP-like operating system that used ring
1 for drivers, leaving ring 0 only for the key kernel routines, like the
memory manager. By doing that, drivers could be in a privileged, but
not wide open environment, and the kind of protection you’re talking
about would be possible.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer