Virtual DOS machines (VDM) refer to a technology that allows running 16-bit/32-bit DOS and 16-bit Windows programs when there is already another operating system running and controlling the hardware.
Overview
Virtual DOS machines can operate either exclusively through typical software emulation methods (e.g. dynamic recompilation) or can rely on the virtual 8086 mode of the Intel 80386 processor, which allows real mode
8086 software to run in a controlled environment by catching all
operations which involve accessing protected hardware and forwarding
them to the normal operating system (as exceptions). The operating system can then perform an emulation and resume the execution of the DOS software.
VDMs generally also implement support for running 16- and 32-bit protected mode software (DOS extenders), which has to conform to the DOS Protected Mode Interface (DPMI).
When a DOS program running inside a VDM needs to access a peripheral, Windows will either allow this directly (rarely), or will present the DOS program with a virtual device driver (VDD) which emulates the hardware using operating system functions. A VDM will systematically have emulations for the Intel 8259A interrupt controllers, the 8254 timer chips, the 8237 DMA controller, etc.
Concurrent DOS 8086 emulation mode
In January 1985 Digital Research together with Intel previewed Concurrent DOS 286 1.0, a version of Concurrent DOS capable of running real mode DOS programs in the 80286's protected mode.
The method devised on B-1 stepping processor chips, however, in May
1985 stopped working on the C-1 and subsequent processor steppings
shortly before Digital Research was about to release the product. Although with the E-1 stepping Intel started to address the issues in
August 1985, so that Digital Research's "8086 emulation mode" worked
again utilizing the undocumented LOADALL processor instruction, it was too slow to be practical. Microcode changes for the E-2 stepping improved the speed again. This early implementation can be seen as a predecessor to actual virtual DOS machines.
Eventually, Concurrent DOS 286 was reworked from a potential desktop operating system to become FlexOS 286 for industrial use in 1986. It was also licenced by IBM for their 4680 OS in 1986.
When Intel's 80386 with its virtual 8086 mode became available
(as samples since October 1985 and in quantities since June 1986),
Digital Research switched to use this to run real mode DOS programs in
virtual DOS machines in protected mode under Concurrent DOS 386 1.0 (February 1987) and FlexOS 386 1.0 (June 1987). However, the architecture of these multiuser multitasking
protected mode operating systems was not DOS-based by themselves.
Concurrent DOS 386 was later developed to become Multiuser DOS (since 1991) and REAL/32 (since 1995). FlexOS 386 later became 4690 OS in 1993.
DOS-based VDMs
In
contrast to these protected mode operating systems, DOS, by default, is
a real-mode operating system, switching to protected mode and virtual
86 mode only on behalf of memory managers and DOS extenders in order to
provide access to extended memory or map in memory into the first
megabyte, which is accessible to normal DOS programs.
DOS-based VDMs appeared with Microsoft's Windows/386 2.01 in September 1987. DOS-based virtual DOS machines were also present in Windows 3.0, 3.1x and Windows for Workgroups 3.1x running in 386 Enhanced Mode as well as in Windows 95, 98, 98 SE and ME.
One of the characteristics of these solutions running on top of DOS is
that the memory layout shown inside virtual DOS machines are virtual
instances of the DOS system and DOS driver configuration run before the
multitasker is loaded, and that requests which cannot be handled in
protected mode are passed down into the system domain to be executed by
the underlying DOS system.
Similar to Windows 3.x 386 Enhanced Mode in architecture, EMM386 3.xx of Novell DOS 7, Caldera OpenDOS 7.01, DR-DOS 7.02 (and later) also uses DOS-based VDMs to support pre-emptive multitasking of multiple DOS applications, when the EMM386 /MULTI option is used. This component has been under development at Digital Research / Novell since 1991 under the codename "Vladivar" (originally a separate device driver KRNL386.SYS
instead of a module of EMM386). While primarily developed for the next
major version of DR DOS, released as Novell DOS 7 in 1994, it was also used in the never released DR DOS "Panther" and "Star Trek" project in 1992/1993.
OS/2 MVDM
VDMs called MVDM (Multiple Virtual DOS Machine) are used in OS/2 2.0 and later since 1992. OS/2 MVDMs are considerably more powerful than NTVDM. For example, block devices are supported, and various DOS versions can be booted into an OS/2 MVDM. While the OS/2 1.x DOS box was based on DOS 3.0, OS/2 2.x MVDMs emulate DOS 5.0.
Seamless integration of Windows 3.1 and later Win32s applications in OS/2 is a concept looking similar on surface to the seamless integration of XP Mode based on Windows Virtual PC in Windows 7. A redirector in a "guest" VDM or NTVDM allows access on the disks of the OS/2 or NT "host". Applications in a "guest" can use named pipes for communication with their "host".
Windows NTVDM
NTVDM is a system component of all IA-32 editions of the Windows NT
family since 1993 which allows execution of 16-bit Windows and 16-bit /
32-bit DOS applications. It is not included with 64-bit versions. The
Windows NT 32-bit user-mode executable which forms the basis for a
single DOS (or Windows 3.x) environment is called ntvdm.exe.
In order to execute DOS programs, NTVDM loads NTIO.SYS which in turn loads NTDOS.SYS, which executes a modified COMMAND.COM
in order to run the application that was passed to NTVDM as
command-line argument. The 16-bit real-mode system files are stripped
down derivations of their MS-DOS 5.0 equivalents IO.SYS, MSDOS.SYS and COMMAND.COM with all hard-wired assumptions on the FAT file system removed and using the invalid opcode 0xC4 0xC4 to bop down into the 32-bit NTVDM to handle the requests. Originally, NTDOS reported a DOS version of 30.00 to programs, but this was soon changed to report a version of 5.00 at INT 21h/AH=30h and 5.50 at INT 21h/AX=3306h to allow more programs to run unmodified.
This holds true even in the newest releases of Windows; many additional
MS-DOS functions and commands introduced in MS-DOS versions 6.x and in Windows 9x are missing.
16-bit applications all run in their own thread within a single
preemptively multithreaded 32-bit NTVDM process. The 16-bit processes
are by default cooperatively multitasked with respect to each other,
unless the "Run in separate memory space" option is checked in the Run
box or the application's shortcut file. NTVDM emulates BIOS calls and
tables as well as the Windows 3.1 kernel and 16-bit API stubs. The 32-bit WoW translation layer thunks 16-bit API routines.
32-bit DOS emulation is present for DOS Protected Mode Interface
(DPMI) and 32-bit memory access. This layer converts the necessary
extended and expanded memory calls for DOS functions into Windows NT
memory calls. wowexec.exe is the emulation layer that emulates 16-bit Windows. Windows 2000 and Windows XP added Sound Blaster 2.0 emulation. 16-bit virtual device drivers and DOS block device drivers (e.g., RAM disks) are not supported. Inter-process communication with other subsystems can take place through OLE, DDE and named pipes.
Since virtual 8086 mode is not available on non-x86-based processors (more specifically, MIPS, DEC Alpha, and PowerPC) NTVDM was instead implemented as a full emulator in these versions of NT, using code licensed from Insignia's SoftPC. Up to Windows NT 3.51, only 80286 emulation was available. With Windows NT 4.0, 486 emulation was added.
Commands
The following list of commands is part of the Windows XP MS-DOS subsystem.
Security issue
In January 2010, Google security researcher Tavis Ormandy
revealed a serious security flaw in Windows NT's VDM implementation
that allowed unprivileged users to escalate their privileges to SYSTEM
level, noted as applicable to the security of all x86 versions of the
Windows NT kernel since 1993. This included all 32-bit versions of
Windows NT, 2000, XP, Server 2003, Vista, Server 2008, and Windows 7. Ormandy did publish a proof-of-concept exploit for the vulnerability.
Prior to Microsoft's release of a security patch, the workaround for
this issue was to turn off 16-bit application support, which prevented
older programs (those written for DOS and Windows 3.1) from running.
64-bit versions of Windows were not affected since NTVDM subsystem is
not installed by default. Once the Microsoft security patches had been applied to the affected operating systems the VDM could be safely reenabled.
Limitations
A
limitation exists in the Windows XP 16-bit subsystem (but not in
earlier versions of Windows NT) because of the raised per-session limit
for GDI objects which causes GDI handles to be shifted to the right by
two bits, when converting them from 32 to 16 bits.
As a result, the actual handle cannot be larger than 14 bits and
consequently 16-bit applications that happen to be served a handle
larger than 16384 by the GDI system crash and terminate with an error
message.
In an x86-64 CPU, virtual 8086 mode is available as a sub-mode only in its legacy mode (for running 16- and 32-bit operating systems), not in the native, 64-bit long mode.
The NTVDM is not supported on x86-64 of Windows,, including DOS programs
because NTVDM uses VM86 CPU mode instead of the Local Descriptor Table
in order to enable 16‑bits segment required for addressing and AAarch64
because Microsoft didn’t release a full emulator for this incompatible
instruction set like it did on previous incompatible architecture. The
only way to run them is to use Windows XP Mode, other virtualization
software, or to use modernized versions like NTVDMx64, an unofficial
port of the older emulated implementation of the NTVDM which was
provided on NT 4 for non-x86 platforms. Another option is OTVDM, a 16-bit Windows interpreter based on the popular Windows simulator Wine.
In general, VDM and similar technologies do not satisfactorily
run most older DOS games on today's computers. Emulation is only
provided for the most basic peripherals, often implemented incompletely.
For example, sound emulation in NTVDM is very limited. NT-family
versions of Windows only update the real screen a few times per second
when a DOS program writes to it, and they do not emulate higher
resolution graphics modes. Because software mostly runs native at the
speed of the host CPU, all timing loops will expire prematurely.
This either makes a game run much too fast or causes the software not
even to notice the emulated hardware peripherals, because it does not
wait long enough for an answer.