Full Disclosure mailing list archives
Re: Bigger burger roll needed
From: Steve Friedl <steve () unixwiz net>
Date: Mon, 3 Oct 2005 13:09:45 -0700
On Mon, Oct 03, 2005 at 03:41:58PM -0400, TheGesus wrote:
In NT4 they redesigned the GDI so that the user could bypass "userland" and talk straight to the kernel. It's been so long I don't recall the exact details, but this re-hack paved the way for DirectX and sped up the response of the new desktop, which of course was lifted from WIndows 95. After NT4 anything that hooked into the GDI could BSOD. New video driver? BSOD. New printer driver? BSOD. It was quite a mess.
This is only partly the case; this is the history. In NT3.51, *all* GDI (printer and video) was done in userland, but GDI calls involved an expensive context switch and/or local procedure call. I guess for printer drivers this was not really a big deal, but for video it matters a lot. Gamers care about this, right? In NT4 all GDI dove into kernel space, and it provided a substantial performance boost, but it completely sucked for print driver writers. No thread support, no real support for floating point math, not any performance difference to write home about, and a BSOD was as easy as an assertion failure. Porting a complex user-mode driver to kernel mode could be a daunting task. Well, all that silly "but kernel-mode print drivers won't be as robust" talk turned out to be true, so Windows 2000 supported both kernel mode (version 2) and user mode (version 3) drivers. I assume that version 1 drivers were NT3.51 usermode. XP is the same way, and in Server 2003 there is a Group Policy option that disables kernel mode drivers, and I understand that Vista/Longhorn will forbid kernel mode print drivers altogether. Saying that the user "bypasses user mode and talks directly to the kernel" is not really that meaningful: it doesn't talk "to the kernel", just to the GDI, and it's not really any different from an IOCTL. It wasn't terribly robust, but I don't think it was inherently insecure. Steve (who writes print drivers too) --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve () unixwiz net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Bigger burger roll needed, (continued)
- Re: Bigger burger roll needed security curmudgeon (Oct 04)
- Re: Bigger burger roll needed bkfsec (Oct 06)
- Re: Bigger burger roll needed Micheal Espinola Jr (Oct 06)
- Message not available
- Re: Bigger burger roll needed bkfsec (Oct 11)
- Re: Bigger burger roll needed James Tucker (Oct 12)
- Re: Bigger burger roll needed Steve Friedl (Oct 04)
- Re: Bigger burger roll needed bkfsec (Oct 06)
- Re: Bigger burger roll needed Steve Friedl (Oct 03)
- Re: Bigger burger roll needed Valdis . Kletnieks (Oct 03)
- Re: Bigger burger roll needed TheGesus (Oct 03)
- Re: Bigger burger roll needed Steve Friedl (Oct 03)
- Re: Bigger burger roll needed Micheal Espinola Jr (Oct 03)