X-Authentication-Warning: delorie.com: mail set sender to djgpp-bounces using -f
From: "Rod Pemberton" <do_not_have AT nowhere DOT cmm>
Newsgroups: comp.os.msdos.djgpp
Subject: Re: running ring0 code under DJGPP
Date: Sat, 1 Sep 2007 02:01:57 -0400
Organization: Aioe.org NNTP Server
Lines: 50
Message-ID: <fbav4m$v9c$1@aioe.org>
References: <200708300412 DOT l7U4CdBI021314 AT delorie DOT com>   <OF09B0D706 DOT 223B898A-ON87257347 DOT 00534133-87257347 DOT 005365E6 AT seagate DOT com> <1188595285 DOT 964939 DOT 209070 AT d55g2000hsg DOT googlegroups DOT com>
NNTP-Posting-Host: IVw7K97ih4IohxRqyKkqFw.user.aioe.org
Mime-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse AT aioe DOT org
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
X-Priority: 3
X-MSMail-Priority: Normal
To: djgpp AT delorie DOT com
DJ-Gateway: from newsgroup comp.os.msdos.djgpp
Reply-To: djgpp AT delorie DOT com


"RayeR" <glaux AT centrum DOT cz> wrote in message
news:1188595285 DOT 964939 DOT 209070 AT d55g2000hsg DOT googlegroups DOT com...
<Gordon DOT Schumacher AT seagate DOT com> wrote in message
news:OF09B0D706 DOT 223B898A-ON87257347 DOT 00534133-87257347 DOT 005365E6 AT seagate DOT com...
> Glaux <glaux AT centrum DOT cz> wrote on Wed, 29 Aug 2007 13:38:34 -0700:
>
> > > Under win9x/mingw32 I use  special trick to setup a callgate in GDT
> > > for running my ring0 code and it works well, I tried to do something
> > > similar under DJGPP but always got GPF :( Is there a way to hack ring0
> > > under DJGPP+EMM386+CWSDPMI?

Not sure.  CWSDPR0 was available so I never looked into this.  Sandmann is
the author/expert here...

a) It appears that the CWSDPMI and CWSDPR0 DPMI code are hardcoded to ring 3
and 0 respectively.
b) It appears that CWSDPMI passively fails to set the CPL...  (
__dpmi_set_descriptor_access_rights() which is int 31h, ax=9)
c) The values of the CWSDPMI selectors seem to be somewhat larger than they
need to be.  This may indicate there may be other useful lower valued ones.
But, I didn't find any additional code or data selectors in the GDT which
are ring 0.
d) The sourcecode says there is a ring 0 callgate.  If you can modify it,
you could change it's address. (Unlikely, but a chance...)
e) The sourcecode says that some interrupts are ring 0.  It didn't say
whether they are RM or PM interrupts.  So, there is a slim chance that you
may be able to get ring 0 by changing an interrupt vector or descriptor...

> >
> > You might be able to use CWSDPR0, which will run the whole program in
> > ring 0...
>
> Well, and are there other possibilities? I don't want to be fixed on
> special version of DPMI server.

This really isn't as horrible as you make it seem.  I just switch DPMI
servers during the application build.  I put this in a .bat file which
builds the app., but you could probably put it into a makefile too.  Of
course, if it's not on your PATH, then you may need to pass the full
directory:

  stubedit myapp.exe dpmi=CWSDPR0.EXE

You can also run CWSDPR0 from the command line and, IIRC, it will run
instead of CWSDPMI for the next DJGPP DPMI application.


Rod Pemberton