Windows 9x does not have true memory protection

In order to understand this node, you need to read my writeup in for(int *p=0;;*(p++)=0);
This node is something of a follow-up. The two nodes were separated in order that this node could be independently searched for.

Note that when The Loop linked to above is run on a machine running a Microsoft operating system based on the Windows 9x kernel, it will give you something along the lines of "general protection fault" or "This program has performed an illegal operation and has been shut down". Many windows users take such messages to mean that Windows is an OS with full protected memory. They are mistaken. Windows 9x has a form of memory protection, but it does not have true protected memory.

In a true protected memory system, such as any *n?x system or Windows NT, each program is given its own memory space, and is not able to touch or in any way access anything outside that space. This gives a great deal of security; it also means the entire system is more stable, because it means if a program crashes, only that program crashes-- the others are unaffected. Windows 9x, however, does not have true protected memory even though it does have a form of memory protection because it is still possible for one single program to crash the entire operating system and all other programs. The thing is, there are protected spaces within memory-- but there are also spaces which are not protected at all. The for(int *p=0;;*(p++)=0); loop will be caught by the Win9x pseudoprotected memory, because it begins at address zero, and address zero is one of the addresses Win9x attempts to trap you at.
So, all you have to do is start somewhere else.

void main() {for(int *p=(int *)0x00010000;;*(p++)=0);}

Try running the bit of code above.
Still believe windows has protected memory..?
Above code contributed by Phillip, this guy i know, who saw my original Loop and decided to try to find an address windows left unprotected. His tests on Windows 98 boxen have produced varying results, ranging from the machine simply shutting off to a BSOD followed by the monitor reporting it was no longer receiving signal from the computer. In no case did the computer in question continue to do anything that could remotely be called "function", including response to mouse events.

See also The quickest way to crash Windows NT/2000/XP

From a DOS Prompt under Windows 95:

C:\> debug
-f ffff:0000 ffff ff

Even a DOS program can take out Win95.

(This fills the area FFFF:0000-FFFF with the value FF. I believe this area is used by Windows for task-switching code while in Virtual 8086 Mode.)

Windows 9x (95, 98, and ME) were consumer operating systems. By consumer, I mean that they were built to be sold to the masses. They were not constructed with the same goals as a product such as Windows NT, and thus did not have true protected memory. If Microsoft had a superior product in hand (Windows NT 4.0 came out a few months after 95a did), why continue to build 9x OS's? There are several fairly rational reasons.

• Windows NT's requirements are too high. Windows 95 and 98 (all the way up to SE) needed a good deal of memory (like 16 megs) to run. At the time, that was a ton of memory, and you could not gaurantee a computer would have that. The "next generation" of Windows had to run on about the same hardware as Windows 3.1. That meant keeping the requirements to somewhere like four or 8 megs of memory. When we look at it, that's really tiny.
• The existing software base (especially DOS-ware) would be broken by protected memory. Certain DOS-based items took advantage of the fact that there was no memory protection, and did what they wanted with memory, with no regard for life, limb, or other programs. Different DOS shell managers, certain user-end apps, etc took advantage of cheap DOS hacks like watching certain values, catching events, overriding handlers and the like to accomplish their task-at-hand. MacOS is the same way. Apple is having a hell of a time going from Mac OS 9 to Mac OS X, seeing as one is a BSD, the other has weird memory setups (memory partitions on apps, etc).
• Windows NT has built in file permissions, DOS / Win9x doesn't Ton's of programs would break if suddenly their file handles were invalid because they didn't have permission to write to a directory (like C:\winnt, or C:\windows). While entirely not related to protected memory, a secured system like this would not be able to handle software (with 100% accuracy) with the assumption of an unprotected system.
• Compatibility and speed were the goals of Windows 95. My old friend Jac tells me the story of his manager doing a compatibility test for Windows 95, back in the old Chicago days. His manager walked into Egghead in Bellevue, WA (it was still a brick and mortar shop then) with his truck and the corporate credit card, and bought one of everything. They took it all home and looked at every trick DOS programmers used, and then made sure that the OS could handle the problems. It was built to be compatible with something that had older requirements. Windows 95 was meant to be a seamless transition.* That's where the "shielded" memory came in. One could anticipate the tricks, and the obvious pitfalls therein, and thus stop certain types of errors, if you knew what you were looking for (not calling the right entry point on a DLL, trying to execute memory that nobody owns, stop writes to NULL, etc). Windows got better and better at stopping memory stuff like that, but in the example above, if you want to brute force through memory, execution is going to stop.
• The hardware support bar was at a different height for NT and 9x Windows NT 4.0 supported like next to nothing in the hardware department because it wasn't worth it for third party people to write drivers that met the different and more tightly set up NT driver object model. You can't ship what is going to be the most popular OS on the planet, and then break everyone's odd hardware configuration.
• Windows NT wasn't ready for consumer demands Windows NT was terrible for games, and it didn't run much legacy DOS stuff (some, not a lot). It didn't do full screen DOS graphics, for instance, so people couldn't play their Warcraft 2. NT 4 wasn't the OS for the masses.. the install was a tad harder, the software wasn't all there for it, and user accounts were a tad foreign to the user base. Windows 95 was put together to handle all of these demands, while NT was set up to be a good workstation in a corporate environment. There was always a quiet MS internal competition between the two groups, as to who got what right (speed, stability, compatibility). Windows NT eventually won by taking the long path to compatibility, workability, ease of use, and thus quality, ending up as Microsoft's choice for the new PC with Windows 2000 (and Windows XP eventually).

People compare Windows 98 to Linux all the time, and that is definitely an apples to gorillas comparison. No one compares Linux to Macintosh (as Linux would surely win). The real bout the UNIX crowd has is against NT. Windows 9x was built for speed, wide hardware acceptance, low requirements, and compatibility with a huge software base (as stated above). Protected memory (while obviously do-able), didn't fit in these requirements. So what if people have to reboot a few times, or a bad program would take down the computer. How different is that from DOS, or from Windows 3.1? Windows 9x was a transition series of OS improvements until we are at the bar we are today... protected memory, good networking, and server capabilities. The PC has come a long way.. let's keep the comparisons on an even plane.

*One noticable difference in compatibility was that undelete was expressly forbidden from running on Windows 9x.