Saving Windows from the OS/2 Bulldozer

In my blog description, I promised to write occasionally about the early Windows days. So here's a post on how David Weise and I got Windows 2.0 into protected mode and blew away the old DOS 640 KB RAM barrier. If this hadn't happened, we'd probably be using some variant of OS/2 today instead of Windows. I wrote this text for Chapter 5 of the book The Personal Computer from the Inside Out, by Richard Shoemaker and myself, published by Addison-Wesley (3rd edition, 1994). Chapter 5 contains a wealth of information on the Intel x86 protected-mode architecture in case you're interested in more details. SST (Scroll Screen Tracer) is referred to below. It's the debugger I wrote that was popular back in the days when people still wrote assembly language. It could even execute backwards!

"Back in the summer of '88, one of us (Murray) was consulting at Microsoft with the mission to write a 286-compatible DOS extender and get Microsoft's CodeView debugger running in protected mode up out of the way of DOS programs running down below in the first megabyte of RAM. To get the ball rolling, Murray built the DOS extender into SST, with the idea that it would be separated out later, something Murray's colleague, Gene Apperson, did, in fact do.

"Aiding the project was SST's ability to load a real-mode .exe in a way that the .exe could run in protected mode. Basically, instead of relocating .exe segment values to the corresponding runtime paragraphs, SST replaced the segment values with selectors pointing to segment-descriptors with appropriate base addresses. In addition to identifying the .exe locations with segment values, the real-mode .exe header includes a far start address whose segment clearly has to be a code segment. Accordingly SST marked the descriptor attribute for that segment to be for code and all others to be for data. Of course, some of these allegedly data segments could be code segments and if you try to execute an instruction in a data segment, a general-protection (GP) exception occurs. So any time a GP exception occurred due to data being executed, SST changed the corresponding descriptor attribute to be for code and iret'd to the faulting instruction. Worked like a champ!

"Well, at a late-June Friday-night party celebrating the opening of Microsoft's big new Canyon-Park manufacturing facility, Murray spied his good friend David Weise, a Windows developer, fellow physicist, and all-round computer whiz. Looking for some fun, Murray teased David that David's new Windows 286 (Windows 2.x with access to the 64-KB HMA) was basically a joke. What one really should do was to get Windows into protected mode and blow away the 640-KB RAM barrier altogether. Much to Murray's surprise, David said, "Yes, let's go do it!" So Murray said, "OK, how about tomorrow?" David said, "No, let's go right now!" And so the two left the party, went over to the Microsoft campus, and used SST to load the Windows 2.x kernel.exe into protected mode. They single stepped along for a while and then, sure enough, GP fault! David fixed the code for that GP fault and single stepped on to the next. Things looked really exciting.

"For several weeks, David worked through the main Windows 2.x dynamic link libraries (DLLs), kernel.exe, gdi.exe, and user.exe, ironing out the GPs, and getting Murray to add features to SST to aid the debugging process. Thanks to Steve Wood's original memory-allocation design, many of the changes involved bypassing real-mode code that served only to emulate the protected mode of the 286. For a whole month following the Friday-evening party, David and Murray told no one what they were doing. The buzzword of the day was "OS/2" and many people at Microsoft (let alone at IBM) might have been really upset to learn that Windows would soon grow out of its baby clothes.

"Meanwhile, as well documented, in the book by Manes and Andrews (1992) and elsewhere, Bill Gates and Steve Ballmer had had it up to their ears with IBM's old-fashioned software development methods and continual specification changes on OS/2. So when David showed Steve how close he was to getting Windows into protected mode, Steve said "Let's go for it," a decision enthusiastically endorsed by Bill in the Windows 3.0 planning meeting three days later.

"There's a whole lot between that early version of protected-mode Windows and the ones described in the following section. But there's no doubt that busting the 640-KB RAM barrier was akin to letting a genie out of the bottle."

For interesting related reading, check out Larry Osterman's post on DavidW.

Comments (15)
  1. Yuhong Bao says:

    Of course, when that happened, Microsoft was simotinusly developing Windows/386 and later when they became aware of it, they realized that they will need an interface to cooperate with Windows/386. Thus DPMI was born.

  2. Yuhong Bao says:

    And the DOS extender changed to support it.

  3. Yuhong Bao says:

    And so what about the CodeView running in protected mode that the DOS extender work were originally for?

    That DOS extender later got into CodeView 4.x, Microsoft’s Segmented-Executable Linker versions 5.2x and 5.3x, Microsoft C 6.0ax, MASM 6.0x and many other MS development tools.

  4. Yuhong Bao says:

    BTW, in these products the DOS extender was called DOSX16.

  5. Yuhong Bao says:

    BTW, Microsoft C 7.0 used a different, 32-bit, DOS extender called DOSX32 that were famous for requiring DPMI to run. It shipped with 386MAX, but soon prompted Quarterdeck to release QDPMI for DPMI support.

    And the later DOSXNT for Win32 API emulation (used in MASM 6.1(1), 16-bit versions of Visual C++ 1.x, …) is licensed from Phar Lap, so it is completely different from DOSX16 and DOSX32.

  6. Btw, Murry; I want to apologize to you for leaving you out of my version of this story (, Dave gave me the demo and I’d totally forgotten your contribution to the effort.

  7. MurrayS3 says:

    Yuhong, thanks for your observations about Windows 386 and DOS extenders. Please note that Windows 386 provided the capability to run multiple DOS applications simultaneously in extended memory. It did not enable Windows to use all of memory. Windows itself was still stuck in one of those DOS windows until Windows 3.0 was released. My post describes the origins of Windows 3.0. Also the way we generalized Windows to use all of memory, it could do so on the 286 as well as on the 386. This was important at the time, since 286 machines were prevelant.

    Larry, apology accepted. History can get lost in translation 🙂

  8. Thomas L. Scott says:

     Hi Murray !   Is Tom S’ your  Bro ?  

     He Did Forth CAD/68000  on W.  Grant rd …  

    I did SST+ ( great ! ) writing a Forth .

    Now i am doing Forth on  ARM-9 .

    I lack hardware , i want an  ATMEL EVB .

     I need similar to SST+ , but on ARM-9 .

      any help is appreciated  .

       Thanks …

  9. MurrayS says:

    I Hi Tom Scott. I have a brother named Tom, but he didn’t write any Forth code to my knowledge. I’m not writing any SST+ code these days. The math stuff is too intense 🙂

  10. Thanks, for the SST, that program is many help to me for understund Assembler programming in past. Great works!

  11. Frank Gottfried says:

    at least the USBs are the true sex appeal of hardwares

  12. jose says:

    I buy the book 10 years ago (France) with SST include, but today i dont have. It’s possible

    to obtain one copy or adress for download.

    merçi, gracias.

  13. Hello, I purchased your book  "The Personal Computer from the Inside Out" 3rd ed. It has been awhile since then and I just started reading it lately. I want to get into assembly language but noticed the debugger disk was not included. Is this still available? As a download maybe? Thanks for your time.


  14. kc7cc says:

    old email address was zzxx@ ..

    Continuing the above post …

    " Is Tom Sargent your bro’ ..

    Murray and Tom S’  were at Op Sci , UofA Tucson AZ ,

    about same time , and later than

      Chuck moore was at Kitt Peak .

    Tom Sargeant ( spelling) went to west Grant  rd to

    create a Forth on  68000 .  I talked with Tom , there

    in the 70’s .  He was in top form .

     I am now waiting for a convenient piece of hardware

    to create an integrated O.S. for the P.C.

      I have 10 AcerAspireONE netbooks . They will do ,

    as they have no closed doors .  No 50 watt cpu’s ,

    no lack of RAM,ROM ,HDD .

      And the most important , they have

    Spread Spectrum , wide band  wifi radio .

    It would be convenient to run SST+ on Acer netbook ,

    but not critical , as my methods of assembly lang’ dont

    need to study op codes w/ debugger .

       i learn not only the op codes , but all the low level

    hardware and its registers by a trial/error method , using the

    BIOS .

      Acer has BIOS and Linpus-Linux  .  

    Starting with Linux in the middle

    and the BIOS at the bottom ,

    an O.S. can be created much faster.

     After all , we know Linpus runs well, and

    we can characterize

    all its successes ,and copy these successes as modules.

     I dont need to start from scratch ! I merely copy them ,

    nixing the obvious bloat ..

    If i get slowed , i merely boot an unmodified Acer Netbook ,

    write some linux scipts …

     Any hardware that has a good O.S. and BIOS to insulate

    you from the hardware , is the fastest "teacher" .

      Thus its far easier ( and cheaper *)to create a successor to WXP , than ever before .

     ha ha ha .. I paid $5000 to build my S-100 ! , now i get

    computers with WiFi , for $300 !

     I will not use hardware interupts ( polled only ).

    Priority tasking rather than Mult-Tasking .

    Kernel has priority list and hands it to the top task .

    Top task when idle , may allow time for 2nd task .

      Its simple , 2nd task must keep track of its failures ,

    so it can repeat them , when it gets the time .

  15. great works…….

Comments are closed.

Skip to main content