BAARD on Windows

    An ambiguous reaction was caused by the story of Raymond Chen about how much effort Microsoft is making to ensure compatibility of new versions of Windows with other people's programs.

    The reverse case is also known: when Microsoft deliberately sought incompatibility of Windows with "unreliable" clones of MS-DOS. From the issue of Dr. Dobb's Journal , September 1993:

    Windows AARD Detection Code

    If you participated in beta testing of Windows 3.1, and DR-DOS was installed on your computer, then you probably came across this unusual error message:
    Non-Fatal error detected: error # 2726
    Please contact Windows 3.1 beta support
    Press ENTER to exit or C to continue

    Although this is a "non-fatal error" and pressing C continues to start Windows, the "default" action is to cancel the launch.
    Already suspicious: if the error is non-fatal, and Windows is able to work, despite it, then why report it to the user at all?

    This message provided by the program WIN.COM, SETUP.EXE, HIMEM.SYS, SMARTDRV.EXEand MSD.EXEa few pre-release editions of Windows 3.1.
    The final version of Windows 3.1 still contains the code that displays this message. This code is “off”, but just change one byte in WIN.COMto “turn it on”.

    The most interesting thing about this post is that it is displayed on all versions of DR-DOS, including the beta version of Novell DOS 7, but is not displayed on either MS-DOS or PC-DOS. What is this message reporting about?

    Maybe this is an accident?

    Microsoft rivals often whine about the Evil Empire deliberately disrupting their programs. In fact, Microsoft usually makes unprecedented efforts to support backward compatibility, even when faced with errors in competitor programs.

    Anyone who claims that Microsoft is "preventing" Windows from working on DR-DOS, I can point out the fact: Windows 3.1 Advanced Mode works fine on DR-DOS. Yes, Standard Mode does not work, but Novell has confirmed that this is due to a bug in DR-DOS.

    It could be assumed that a strange error message is displayed due to another bug in Novell DOS. This is not the first time that they have been trying to pass off bugs in N company programs as “intentionally incompatible" M programs.

    Debug Protection

    The first step in finding out the causes of a message is code analysis WIN.COM. Immediately we encounter an obstacle course: the corresponding fragment is WIN.COMXOR-encrypted, self-modifying, deliberately messed up, and in addition is stuffed with tricks to protect against step-by-step execution: for example, it sets debug interrupt vectors INT 1,2,3to non-existent addresses. This has no effect on modern debuggers (I used Soft-ICE from Nu-Mega), but attempts to complicate the research by themselves already show that the matter is not clean.

    Despite the fact that the main part of the code is encrypted, the line with Microsoft copyright remains unencrypted, and a couple of lines “AARD” and “RSAA” are probably the initials of the programmer.

    (The author guessed: AARD - the initials of Aaron Reynolds, who realized this "defense".)

    String of checks

    Essentially, the encrypted code checks to see if the operating system is genuine MS / PC-DOS. (Despite the fact that this code is part of Windows, an MS-DOS-independent product!) Various aspects of undocumented functions and internal DOS structures are tested. For example, the AARD code checks some pointers in SysVarsto make sure they are initialized. Interestingly, although the structure is SysVarsimplemented in any high-quality DOS clone, the DR-DOS 5/6 version does not pass the internal check HIMEM.SYS: this driver loads earlier than the initialization of the internal DR-DOS structures is completed.

    The following are even more confusing tests. The code first checks to see if the network redirector is running. If started, AARD checks to see if the lowercase and capital table of the current code page is in the same segment. If the redirector is not running, AARD makes sure that the first file control unit (FCB) is at offset 0.

    These tests pass all versions of MS-DOS, but no version of DR-DOS passes.

    Severe guardian

    What does linguistic information have to do with a network redirector? What is the difference in Windows, in which segment is the capital table, and at what offset is FCB? What are these “mistakes”?

    In fact, the capitalization segment is not used anywhere in Windows: the AARD code has nothing to do with the work of those five unrelated programs. It would be understandable if Windows analyzes the internal structures of DOS and determines its version in order to check whether certain functions are implemented. But neither WIN.COM, nor other programs with AARD-code use the result of checks in any way : the only thing they do is confuse users of "extraneous" versions of DOS with a meaningless error message.

    It definitely looks like "intentional incompatibility." If the “error” is non-fatal, and Windows continues to work normally, then what is the error? Is the user choosing the wrong version of DOS?

    I tried changing the pointers to the letter table and FCB in MS-DOS so that they pointed to the same data, but using a different pair (segment: offset). Windows and all my programs continued to work as if nothing had happened; the only change is that now I began to receive an AARD message at startup.
    It turns out that AARD is a test for absolute, byte-by-MS MS-DOS compatibility.

    I reported the find to Microsoft, and I received a response from a senior official: “We don’t care about DR-DOS ... They [Novell] claim 100% compatibility, but DR-DOS is full of bugs. If DR-DOS users have problems with Windows, let Novell figure it out. ”
    But, apparently, they care about DR-DOS - since they implemented such a sophisticated check, and even so carefully confused it.

    Microsoft is not new to using undocumented interfaces to communicate between its products. For example, DOS clones, including DR-DOS, have to impersonate older versions of MS-DOS, for example, MS-DOS 3.31, so that Windows runs on them in Advanced mode. This is because the driver DOSMGRinWIN386.EXEuses an undocumented protocol for communication with MS-DOS 5/6, which has not yet been decrypted by other companies. If the clones posed as modern versions of DOS, then Windows would try to communicate with them using an unsupported protocol.
    But the transition from undocumented interfaces to deliberately confused and encrypted is a hitherto unprecedented technology of competition.

    The answer of the author of the AARD-code , for the visa of the fathers of Windows - Bill Gates and Brad Silverberg, is very muddy and watery. In short, the Windows developers did find a number of problems with DOS clones when testing, and decided not to spend extra effort on detecting and circumventing all incompatibilities, but simply giving out a message when Windows starts up not on MS-DOS, “your operating system is not supported; continue at your own risk. ”

    Aaron is even indignant at the assumption that Microsoft should support Windows on other versions of DOS: “They have been living for many years now that they are tearing down our developments; it was still not enough for us to debug their crafts for them. ”

    At the time of beta testing, it was decided to make the message more foggy, and to include the mention of an incomprehensible error so that the user would not forget to report that a message appeared on his computer.
    It was important for the beta organizers to know which of the users works under MS-DOS (and reports real bugs on Windows) and which ones are under DOS clones (and, possibly, observe the bugs of these clones, not Windows).
    The code was then encrypted so that Novell did not have time to figure it out and release a version of DR-DOS that would pass it until the end of the Windows beta test - this would confuse the test organizers with the results.

    After beta testing, but before the release, the project management changed plans, and at the last moment, DOS “authentication” was removed altogether. Just in case, the existing code was left in place: the smaller the amount of change, the less chance of accidentally collapsing something in another place.

    Unusual memories "on the other side of the barricades" leads Larry Osterman :

    I do not know why it was confusing the AARD code; I think this is stupid. But I have to say that I absolutely agree with the idea of ​​DOS authentication. Windows developers decided that they owned all corners of the system, including undocumented OS structures. They knew how to find them, they knew their size, and they did not hesitate for a minute to replace these internal structures with their own. Needless to say, from the point of view of the MS-DOS developer, Windows support was a nightmare.

    One example: when Windows booted, it increased the size of the SFT - internal table of MS-DOS files (this is the same table that the line FILES=inconfig.sys) It was necessary to increase it then, in order to be able to open more than 20 files at the same time: imagine a multi-tasking OS in which it would be impossible to open 20 files. But for this, Windows programmers with an undocumented call received a pointer to the “interesting” MS-DOS structures, added a known offset, and replaced the system SFT with their own.

    When I was working on MS-DOS 4.0, and we needed to provide support for Windows, it was not difficult to leave the pointer in the place where Windows hoped to find it. The problem was that in MS-DOS 4.0 SFT was two bytes more than in MS-DOS 3.1. So that Windows can replace SFT, I added a code to the DOS bootloader that recognizes the launch WIN.COM; finds instruction in his codeMOVwith an operand equal to the size of the old SFT; and directly in memory it replaces this operand with the new SFT size.
    That's right: we had to patch Windows code on the fly so that it would continue to work.

    Now you understand why Windows did not want to run on DOS clones. Besides the fact that she hosted in undocumented structures, she actively used the features of specific implementations of system functions: at what moments they can be called, and at which it is impossible; which ones are reentrant and which are not. Imagine what could happen on an incompatible DOS: from unexplained freezes to data corruption on disk.

    Considering what subtle neurosurgery Windows did in the internals of MS-DOS, it is natural that the first thing she did was make sure that the patient was not replaced.

    Also popular now: