Offtopic: Kicking out NT or 95/98? 
Author Message
 Offtopic: Kicking out NT or 95/98?

Are there bugs(or features) in NT or 95/98 to kick them out completely and
get back to real mode...?

I want to do it relatively fast...



Fri, 09 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?


   >Are there bugs(or features) in NT or 95/98 to kick them out
   >completely and get back to real mode...?
   >I want to do it relatively fast...

Yes.  At the DOS prompt, type:  FORMAT C: /U  <Enter>

(NOTE: This is just a joke, son.  Don't actually do it unless you're
prepared to live without Mr. Gates' blue-hued pointee-clickee gooey,
as I do.  It would help if you have a set of DOS installation floppy
disks at hand.)

But seriously...the answer is "No."  Of course, you could always
boot from a DOS-formatted floppy.  That would get you into real mode
quite quickly.



Fri, 09 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?

Quote:


>    >Are there bugs(or features) in NT or 95/98 to kick them out
>    >completely and get back to real mode...?
>    >I want to do it relatively fast...

> But seriously...the answer is "No."  Of course, you could always
> boot from a DOS-formatted floppy.  That would get you into real mode
> quite quickly.

Huh, that was quite rude...

For Win95/98 you can get to ring 0 (see Black Phantom's doc on it, the
doc is floating on the net somewhere. hope somebody wil give the correct

link to it). After getting to ring 0 you can switch to real mode. Don't
forget
to backup system stuff in lowest Mb of memory if you intend to get back
to windows afterwards.
I haven't used such method for serious stuff, but reading the blocked P3

PSN worked fine. Of course DOS/BIOS services should not work in
such real-mode routine.
For NT/2000 you can do the same, but you will need a device driver to
get ring 0 privileges.

For testing native DOS apps the method mentioned in previous post is
much easier.



Fri, 09 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?
Quote:
>   >Are there bugs(or features) in NT or 95/98 to kick them out
>   >completely and get back to real mode...?
>   >I want to do it relatively fast...

>Yes.  At the DOS prompt, type:  FORMAT C: /U  <Enter>

Even if you do, the machine would still run in protected mode until you
reboot.
But now back to your problem:

Win95/98 are known to have some security bugs in their 16-bit Windows
Emulation Interface.
For example even you mark a DOS program to not being able to detect Windows
is running, I used the function "Get API entry point" and hey ... Windows
Version number is 0.00 (like it hides itself), but API pointer is unequal to
zero - just a DOS program calling one Windows 3.x function.

You might have a look at Ralf Brown's Interrupt List and Microsoft's full
API description (found at www.crackstore.com) and have a look for the device
"REBOOT" - this might help you.

Also a tricky way might be to modify the dosstart.bat and the _default.pif
and then make Windows go back into DOS mode (there are several ways to do
that), hook all INTs, disable NMI and all other hardware INTs, modify the
GDT, LDT and IDT, flush the cache, go back to real mode, clear the TLB and
prefetch queue, put all INTs back to the DOS kernel (get them from EMM386s
"old int store table" - somewhere in RAM), enable all INTs and then do
whatever you want.



Fri, 09 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?
I am not sure if groman asking the right question. The way I understand it,
he wants the capability in a program to exit Windows totally and enter real
or DOS mode. I don't believe there is way to do so.

What White Phantom was saying is to hijack the system IDT and access rign 0
from ring 3, the way the Cherynryl (sp please) virus does. This method will
no longer work if you have anti-virus installed on your system.

Quote:



> >    >Are there bugs(or features) in NT or 95/98 to kick them out
> >    >completely and get back to real mode...?
> >    >I want to do it relatively fast...

> > But seriously...the answer is "No."  Of course, you could always
> > boot from a DOS-formatted floppy.  That would get you into real mode
> > quite quickly.

> Huh, that was quite rude...

> For Win95/98 you can get to ring 0 (see Black Phantom's doc on it, the
> doc is floating on the net somewhere. hope somebody wil give the correct

> link to it). After getting to ring 0 you can switch to real mode. Don't
> forget
> to backup system stuff in lowest Mb of memory if you intend to get back
> to windows afterwards.
> I haven't used such method for serious stuff, but reading the blocked P3

> PSN worked fine. Of course DOS/BIOS services should not work in
> such real-mode routine.
> For NT/2000 you can do the same, but you will need a device driver to
> get ring 0 privileges.

> For testing native DOS apps the method mentioned in previous post is
> much easier.



Fri, 09 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?


Quote:

> Are there bugs(or features) in NT or 95/98 to kick them out
completely and
> get back to real mode...?

> I want to do it relatively fast...

   I have no idea as to why you would loke to do that but...

   I didn't try this so it may not work in several places (though it's
unlikely). The best way (feature) is to write a device driver for each
system. The driver should do:

1) turn interrupts off
2) get CR3 value and map to linear address
3) allocate (or have a static array) memory for page table that will
cover identity mapping of the first megabyte
4) set the page table from (3) into page dir. (2)
5) copy your real mode code and 16-bit switching code into first
megabyte
6) set a GDT descriptor for 16 bit code segment that will do a switch
to real mode.
7) get the physical address of your code and set it in your page dir as
identically mapped
8) get the physical address of GDT and set it in your page dir as
identically mapped
9) jump to linear address that is an identical mapping of your code
10) turn paging off
11) reload the GDT from identity mapped one (8)
12) far jump to 16 bit code segment set in (6)
13) reload the IDT with valid 256 entries IVT's base address
14) switch to real mode
15) far jump to your real mode entry point

   This won't be "back" to real mode, 'cause there is (on NT) no "back"
RM code.

-- http://bphantom.hypermart.net --

-- Too many flames with too much to burn
And life's only made of paper --

Sent via Deja.com http://www.deja.com/
Before you buy.



Sat, 10 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?

There are some in 95/98. But I don't know which.

I have a program for Win9x that starts in PL0 and shows GDT, TSS,...

AFAIK, Soft-ICE (PMode PL0 de{*filter*}) can be run under Win9x.

Hence, there are some such bugs.

Good Luck
Alexei A. Frounze

Quote:

> Are there bugs(or features) in NT or 95/98 to kick them out completely and
> get back to real mode...?

> I want to do it relatively fast...



Sat, 10 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?

Quote:
> Are there bugs(or features) in NT or 95/98 to kick them out completely and
> get back to real mode...?

In NT, there are possibly not-yet-fixed bugs which enable you to terminate
it
with a blue screen of death, but this will not take you to the real mode :-)

    Max



Sat, 10 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?



Quote:

> Are there bugs(or features) in NT or 95/98 to kick them out completely and
> get back to real mode...?

3.x & 9.x --> YES, you can alter the IDT to get Ring0 CPL via almost any
interrupt vector.

NT --> NO

Quote:
> I want to do it relatively fast...

It will be relatively fast... but you'll have to do some setting up.

T



Sat, 10 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?

Quote:
> > Are there bugs(or features) in NT or 95/98 to kick them out
> completely and
> > get back to real mode...?

> > I want to do it relatively fast...

>    I have no idea as to why you would loke to do that but...

>    I didn't try this so it may not work in several places (though it's
> unlikely). The best way (feature) is to write a device driver for each
> system. The driver should do:

> 1) turn interrupts off
> 2) get CR3 value and map to linear address
> 3) allocate (or have a static array) memory for page table that will
> cover identity mapping of the first megabyte
> 4) set the page table from (3) into page dir. (2)
> 5) copy your real mode code and 16-bit switching code into first
> megabyte
> 6) set a GDT descriptor for 16 bit code segment that will do a switch
> to real mode.
> 7) get the physical address of your code and set it in your page dir
as
> identically mapped
> 8) get the physical address of GDT and set it in your page dir as
> identically mapped
> 9) jump to linear address that is an identical mapping of your code
> 10) turn paging off
> 11) reload the GDT from identity mapped one (8)
> 12) far jump to 16 bit code segment set in (6)
> 13) reload the IDT with valid 256 entries IVT's base address
> 14) switch to real mode
> 15) far jump to your real mode entry point

>    This won't be "back" to real mode, 'cause there is (on NT)
no "back"
> RM code.

I wouldn't try this code. At least the disk cache must be flushed to
disk before you enter the code, otherwise you might get serious disk
corruption.

-Leif

Sent via Deja.com http://www.deja.com/
Before you buy.



Sat, 10 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?
Quote:
> from ring 3, the way the Cherynryl (sp please) virus does. This method

will

Chernobyl.



Sat, 10 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?

Quote:


> > Are there bugs(or features) in NT or 95/98 to kick them out
> completely and
> > get back to real mode...?

> > I want to do it relatively fast...

>    I have no idea as to why you would loke to do that but...

[snip]

   White Phantom reminded me of another, much simpler way to do this:
starting as a device driver,

1) Locate a physical location withing the first Mb where your real mode
code starts
2) Map some linear address to it
3) Copy your real mode code
4) Set real mode start up entry point to your code in BDA and set
shutdown value in CMOS.
5) Shut down interrupts
6) Send RESET# to CPU via 8042

or, another option - variation of Bob Smith's idea:

steps (1) - (3) as before
4) Set exception 6 handler as an entry point to your code
5) Turn A20 off
6) Reset the CPU

   Note that the later method will work only for so-called "full-
terminated" buses, those that keep unconnected data lines in high
impedance state. Most buses are like this but it's a good idea to check
it anyway. The first method is supposed to work on any AT compatible.

-- http://bphantom.hypermart.net --

-- Too many flames with too much to burn
And life's only made of paper --

Sent via Deja.com http://www.deja.com/
Before you buy.



Sun, 11 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?

Quote:
>6) Send RESET# to CPU via 8042

This won't work.
Even if you get ring0 and IOPL 0 the Windows kernel will just quit the
program :-(


Mon, 12 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?


Quote:
> >6) Send RESET# to CPU via 8042
> This won't work.
> Even if you get ring0 and IOPL 0 the Windows kernel will just quit the
> program :-(

   It will work, don't worry ;) Try and see.

-- http://bphantom.hypermart.net --

-- Too many flames with too much to burn
And life's only made of paper --

Sent via Deja.com http://www.deja.com/
Before you buy.



Mon, 12 Aug 2002 03:00:00 GMT  
 Offtopic: Kicking out NT or 95/98?

becuase of the pentiums I/O trapment?



Wed, 14 Aug 2002 03:00:00 GMT  
 
 [ 16 post ]  Go to page: [1] [2]

 Relevant Pages 

1. Offtopic: Kicking out NT or 95/98?

2. 95, 98 & Win NT

3. 95/98/nt/2000/me

4. 95, 98 & Win NT

5. Clipper development for Windows 95, 98 & NT

6. Native XDS-x86 2.32 and XDS-C 2.32 for Windows NT/95/98 released

7. PL/I Comipler for Window NT/95/98

8. REXX API for 95/98/NT Sample Code?

9. Native XDS-x86 2.32 and XDS-C 2.32 for Windows NT/95/98 released

10. AdaGIDE 7.00 release (Ada GUI IDE for Windows 95,98,ME,NT,2000,XP)

11. Windows 95/98/NT assembler programming

12. Windows 95/98/NT assembler programming

 

 
Powered by phpBB® Forum Software