On Mon, Oct 03, 2005 at 03:41:58PM -0400, TheGesus wrote: > In NT4 they redesigned the GDI so that the user could bypass > "userland" and talk straight to the kernel. > > It's been so long I don't recall the exact details, but this re-hack > paved the way for DirectX and sped up the response of the new > desktop, which of course was lifted from WIndows 95. > > After NT4 anything that hooked into the GDI could BSOD. New video > driver? BSOD. New printer driver? BSOD. It was quite a mess.
This is only partly the case; this is the history. In NT3.51, *all* GDI (printer and video) was done in userland, but GDI calls involved an expensive context switch and/or local procedure call. I guess for printer drivers this was not really a big deal, but for video it matters a lot. Gamers care about this, right? In NT4 all GDI dove into kernel space, and it provided a substantial performance boost, but it completely sucked for print driver writers. No thread support, no real support for floating point math, not any performance difference to write home about, and a BSOD was as easy as an assertion failure. Porting a complex user-mode driver to kernel mode could be a daunting task. Well, all that silly "but kernel-mode print drivers won't be as robust" talk turned out to be true, so Windows 2000 supported both kernel mode (version 2) and user mode (version 3) drivers. I assume that version 1 drivers were NT3.51 usermode. XP is the same way, and in Server 2003 there is a Group Policy option that disables kernel mode drivers, and I understand that Vista/Longhorn will forbid kernel mode print drivers altogether. Saying that the user "bypasses user mode and talks directly to the kernel" is not really that meaningful: it doesn't talk "to the kernel", just to the GDI, and it's not really any different from an IOCTL. It wasn't terribly robust, but I don't think it was inherently insecure. Steve (who writes print drivers too) --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
