Microsoft Security Advisory: Vulnerability in Windows Kernel could allow To continue receiving security updates for application is running that is using NTVDM.

You have no Favorite Channels. To follow a channel click the If you wish to view your Favorite Channels from anywhere on the site, click on the My Favorites link.

Virtual DOS machine VDM is a technology that allows running 16-bit/32-bit DOS and 16-bit Windows programs on Intel 80386 or higher computers when there is already another operating system running and controlling the hardware.

Virtual DOS machines normally rely on the virtual 8086 mode of the Intel 80386 processor, which allows real mode 8086 software to run in a controlled environment by catching all operations which involve accessing protected hardware and forwarding them to the normal operating system as exceptions. The operating system can then perform an emulation and resume the execution of the DOS software.

VDMs generally also implement support for running 16- and 32-bit protected mode software DOS extenders, which has to conform to the DOS Protected Mode Interface DPMI. 1

When a DOS program running inside a VDM needs to access a peripheral, Windows will either allow this directly rarely, or will present the DOS program with a virtual device driver VDD which emulates the hardware using operating system functions. A VDM will systematically have emulations for the Intel 8259A interrupt controllers, the 8254 timer chips, the 8237 DMA controller, etc. 1

DOS-based VDMs appeared with Windows/386 2.01 in 1987 and were also present in Windows 3.0, 3.1x and Windows for Workgroups 3.1x running in 386 Enhanced Mode as well as in Windows 95, 98, 98 SE and ME.

Similar to Windows 3.x 386 Enhanced Mode in architecture, EMM386 3.xx of Novell DOS 7, 1 2 Caldera OpenDOS 7.01, 2 3 DR-DOS 7.02 4 and later also uses VDMs to support pre-emptive multitasking of multiple DOS applications, when the EMM386 /MULTI option is used. 2 3 4 This component has been under development at Digital Research / Novell since at least 1991 under the codename Vladivar originally a separate device driver KRNL386.SYS 1 2 instead of a module of EMM386. While primarily developed for the next major version of DR DOS, released as Novell DOS 7 in 1994, 1 2 it was also used in the never released Star Trek project in 1992/1993.

VDMs called MVDM Multiple Virtual DOS Machine are used in OS/2 2.0 and later. 1 OS/2 MVDMs are considerably more powerful than NTVDM. For example, block devices are supported, and various DOS versions can be booted into an OS/2 MVDM. 5 While the OS/2 1.x DOS box was based on DOS 3.0, OS/2 2.x MVDMs emulate DOS 5.0. 1

Seamless integration of Windows 3.1 and later Win32s applications in OS/2 is a concept looking similar on surface to the seamless integration of XP Mode based on Windows Virtual PC in Windows 7. A redirector in a guest VDM or NTVDM allows access on the disks of the OS/2 or NT host. Applications in a guest can use named pipes for communication with their host. citation needed

NTVDM is a system component of all IA-32 editions of the Windows NT family which allows execution of 16-bit Windows and 16-bit / 32-bit DOS applications. It is not included with 64-bit versions. The Windows NT 32-bit user-mode executable which forms the basis for a single DOS or Windows 3.x environment is called ntvdm.exe. 1

In order to execute DOS programs, NTVDM loads NTIO.SYS which in turn loads NTDOS.SYS, which executes a modified COMMAND.COM in order to run the application that was passed to NTVDM as command-line argument. The 16-bit real-mode system files are stripped down derivations of their MS-DOS 5.0 equivalents IO.SYS, MSDOS.SYS and COMMAND.COM 1 with all hard-wired assumptions on the FAT file system removed and using the invalid opcode 0xC4 0xC4 to bop down into the 32-bit NTVDM to handle the requests. 1 Originally, NTDOS reported a DOS version of 30.00 to programs, 1 but this was soon changed to report a version of 5.00 at INT 21h/AH 30h and 5.50 at INT 21h/AX 3306h to allow more programs to run unmodified. 1 This holds true even in the newest releases of Windows; many additional MS-DOS functions and commands introduced in MS-DOS versions 6.x and in Windows 9x are missing.

16-bit applications all run in their own thread within a single preemptively multithreaded 32-bit NTVDM process. The 16-bit processes are by default cooperatively multitasked with respect to each other, unless the Run in separate memory space option is checked in the Run box or the application s shortcut file. NTVDM emulates BIOS calls and tables as well as the Windows 3.1 kernel and 16-bit API stubs. 6 The 32-bit WoW translation layer thunks 16-bit API routines.

32-bit DOS emulation is present for DOS Protected Mode Interface DPMI and 32-bit memory access. This layer converts the necessary extended and expanded memory calls for DOS functions into Windows NT memory calls. wowexec.exe is the emulation layer that emulates 16-bit Windows. Windows 2000 and Windows XP added Sound Blaster 2.0 emulation. 7 16-bit virtual device drivers and DOS block device drivers e.g., RAM disks are not supported. Inter-process communication with other subsystems can take place through OLE, DDE and named pipes.

Since virtual 8086 mode is not available on non-x86-based processors, NTVDM was instead implemented as a full emulator in these versions of NT. 1 Up to Windows NT 3.51, only 80286 emulation was available. With Windows NT 4.0, 486 emulation was added. 8

In January 2010, Google security researcher Tavis Ormandy revealed a serious security flaw in Windows NT s VDM implementation that allowed unprivileged users to escalate their privileges to SYSTEM level, noted as applicable to the security of all x86 versions of the Windows NT kernel since 1993. This included all 32-bit versions of Windows NT, 2000, XP, Server 2003, Vista, Server 2008, and Windows 7. 9 Ormandy did publish a proof-of-concept exploit for the vulnerability. 10 Prior to Microsoft s release of a security patch, the workaround for this issue was to turn off 16-bit application support, which prevented older programs those written for DOS and Windows 3.1 from running. 64-bit versions of Windows were not affected since they do not include the NTVDM subsystem. 11 12 Once the Microsoft security patches had been applied to the affected operating systems the VDM could be safely reenabled. nb 1

A limitation exists in the Windows XP 16-bit subsystem but not in earlier versions of Windows NT because of the raised per-session limit for GDI objects which causes GDI handles to be shifted to the right by two bits, when converting them from 32 to 16 bits. 13 As a result, the actual handle cannot be larger than 14 bits and consequently 16-bit applications that happen to be served a handle larger than 16384 by the GDI system crash and terminate with an error message. 13

In an x86-64 CPU, virtual 8086 mode is available as a sub-mode only in its legacy mode for running 16- and 32-bit operating systems, not in the native, 64-bit long mode. 14

NTVDM is not supported in 64-bit versions of Windows, 15 which do not support 16-bit code of any kind, including MS-DOS programs. 16 The only way to run them is to use Windows XP Mode or other virtualization software.

In general, VDM and similar technologies do not satisfactorily run many older DOS programs on today s computers. Emulation is only provided for the most basic peripherals, often implemented incompletely citation needed. For example, sound emulation in NTVDM is very limited. NT-family versions of Windows only update the real screen a few times per second when a DOS program writes to it, and they do not emulate higher resolution graphics modes. Because software mostly runs native at the speed of the host CPU, all timing loops will expire prematurely. This either makes a game run much too fast or causes the software not even to notice the emulated hardware peripherals, because it does not wait long enough for an answer.

Comparison of platform virtualization software

List of Microsoft Windows components

DOSEMU, similar purpose compatibility layer for Linux

DOSBox, solves many issues of the Virtual DOS Machine by emulating software and hardware features of DOS.

A disabled VDM could be reenabled by setting the corresponding registry key back to HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows AppCompat VDMDisallowed dword:00000000.

a b c d e f g h i j k l m Schulman, Andrew; Brown, Ralf; Maxey, David; Michels, Raymond J.; Kyle, Jim 1994. Undocumented DOS - A programmer s guide to reserved MS-DOS functions and data structures - expanded to include MS-DOS 6, Novell DOS and Windows 3.1 2 ed.. Addison Wesley. ISBN 0-201-63287-X. ISBN 978-0-201-63287-3.

a b c d e Paul, Matthias 1997-07-30. NWDOS-TIPs Tips Tricks rund um Novell DOS 7, mit Blick auf undokumentierte Details, Bugs und Workarounds. MPDOSTIP e-book in German edition 3, release 157 ed.. Retrieved 2014-09-06.  NWDOSTIP.TXT is a comprehensive work on Novell DOS 7 and OpenDOS 7.01, including the description of many undocumented features and internals. It is part of the author s yet larger MPDOSTIP.ZIP collection maintained up to 2001 and distributed on many sites at the time. The provided link points to a HTML-converted older version of the NWDOSTIP.TXT file.

a b Caldera, Inc. 1997. OpenDOS Developer s Reference Series OpenDOS Multitasking API Guide Programmer s Guide. Printed in the UK, August 1997. Caldera Part No. 200-DOMG-004 1.

a b DR-DOS 7.02 User Guide. Caldera, Inc. 1998. Retrieved 2014-09-06.

OS/2 Workplace Shell Configuration Techniques PDF. IBM redbook. 1994. pp. 68–80. Retrieved 2011-07-05.

Chapter 27 - Windows Compatibility and Migration: Windows NT 4.0 Resource Kit

How do I troubleshoot MS-DOS programs running on Windows XP.

INFO: How Windows handles floating-point calculations

Microsoft Security Bulletin MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege 977165. Security TechCenter. Microsoft. 2010-03-17. Retrieved 2012-11-02.

Ormandy, Tavis 2010-01-19. Microsoft Windows NT GP Trap Handler Allows Users to Switch Kernel Stack. CVE-2010-0232. Full-disclosure. Retrieved 2013-04-13.

Farrell, Nick 2010-01-20. Ancient Windows flaw found after 17 years. The Inquirer. Incisive. Retrieved 21 January 2010.

Microsoft Security Advisory 979682 : Vulnerability in Windows Kernel Could Allow Elevation of Privilege. TechNet. Microsoft. 2010-01-20. Retrieved 21 January 2010.

a b The Win 16 Subsystem has insufficient resources to continue running problem on Windows XP

Intel 64 and IA-32 Architectures Software Developer s Manual Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B, and 3C PDF PDF. Intel. 2013-06 1997. 325462-047US. Retrieved 2013-07-02.  Check date values in: date help

Klein, Helge 11 March 2008. Windows x64 - All the Same Yet Very Different, Part 5: NTVDM, Services, WoW64. Retrieved 21 July 2013.

List of limitations in 64-Bit Windows. Microsoft Corporation. 11 October 2007. Retrieved 21 July 2013.

Troubleshooting MS-DOS-based programs in Windows XP

Troubleshooting an MS-DOS application which hangs the NTVDM subsystem in Windows XP and Windows Server 2003

Troubleshooting MS-DOS-based serial communication programs in Windows 2000 and later

Retrieved from https://en.wikipedia.org/w/index.php.title Virtual_DOS_machine oldid 695748897 NTVDM

Categories: Virtualization softwareDOS technologyWindows administrationDOS emulatorsWindows components.

NTVDM.EXE is a legitimate Windows file but To re-install current updates in case of error, if removing the latest security update did not fix the ntvdm.exe.

Microsoft Security Advisory 979682 including download links for an available security update, Disable the NTVDM subsystem.

How to Reinstall NTVDM.exe. The file NTVDM.exe is the Windows NT Virtual DOS Machine, which is responsible for running 16-bit tasks on 32-bit operating systems.

Ntvdm.exe Has Encountered A NTVDM encountered a Another common cause for Ntvdm.exe related errors is the installation of a specific security update.

Virtual DOS machine

Virtual DOS machine VDM Prior to Microsoft s release of a security patch, the workaround for this issue was to turn off 16-bit application support.

Support for Windows XP has ended. Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options.