Booting Linux from ohter Operating Systems (with out multi/rebooting)

Back around 5 years ago (or more?) they had an OS called BeOS.
It ran on nost things, PPC,OldMac,x68,etc,etc...
But they had a bigger trick.. it allowed an installation of a
BeOS shortcut to OTHER Operating systems.

I'm NOT talking about emulation, userland linux or
multi boot...

eg) in windows, double click and execute this link, and somehow,
the program takes over the cpu, along with address
of aready loaded drivers, and boots the BeOS, taking total controll
over the system...and even using drivers of other OS's...

The consept is, you have a application, that starts from userland memory.
It gains (through loopholes in the other OS's) enough privilidge
to acsess rong 0 of the CPU, and gets address of the BeOS
and (probably) loads OS bootloder into memory, and WOW.
It loads the BeOS...

Thecnicay it is S.I.C.K. but it is possible...
The nutty peple(with full compliment) in BeOS team has shown it
(It was called BeLoader)

Only problem is...It wasn't open sorse at the time...

I am currently stuck, where this might be the only way for
booting / inplimenting linux...

Reverse Engeneering of the full boot sequence code in asm
has failed, looks like someone was on CAT while they wrote this
spagetty code...

Is any one out there to know the technical details of the great work???

Would be an extra trick up the sleeve for Linux if it can be loaded
from an shortcut in windows desktop (and taking over windows)

hehe. SeeYa!

There's a program called Loadlin that will boot Linux from DOS, you might want to take a look at it. If I had to guess about this, I would guess that the BeLoader did that by using some of the hooks in Windows that allowed old DOS programs to run ... I could be completely wrong on that, though. It would be interesting to know.

Yep, I've aready looked into that...Thanks anyway :)
There is also a patch to allow it be used from windows(9X),
but It's done by terminating windows beforehand,
so there's nothing new there.

Furthermore, I could get the sourse code, but development
has halted somewhere around 1998 or 1999 from my memories.
and It's unlikely they will bring a update for current OS's.

What BeOS did was kind of a 10point trick at the time(94'),
we could probably call it torjan/stealth virus kind of thing these days since the program forces it self to higher privilidge.

some sites (eg- phrack.org) seems to still manage to
publish methods of getting into ring 0 from userland,on the Windows NT(inc Xp/2000) series kernel.

(various artics focus on getting back to windows safely, with out getting detected, but none for a positive use YET...)
I have not seeen anyone go from there to managing a kernel boot...

WindowsM$ dosen't like these articles published, so resourse is scare at the moment.

The most important point is, (assuming I can work out the
entry and types ) I could load data/drivers from the previous OS.
(On PPC(mac), Be managed to operate more devices then from booting up cold... :p)

The 2.6 kernel implimented new memory managenent,
so it should be worth a shot, dinamically hijacking the
windows memory structure.

WinXP-start->AllPrograms->HijackToLinux2.6
Wouldn't you want to try It... I would...

greets.
McDe

loadlin does what you want.
see a HOWTO here:
http://amigolinux.org/docs/killbill.htm

Taken from http://amigolinux.org/docs/killbill.htm
>If you want to boot a linux system where the root file system is on a Linux Native
> partition, you'll need to copy the kernel to a FAT partition along with loadlin.exe
>and linux.bat. See the linux.bat file and follow the directions in README.1ST
>for editing the file

Yes, What I have briefly mentioned is
going from userland mem to ring 0(where the OS works)
<- means internally inWINNT/XP/2000
because, in win9x, they don't give a%#@^& about things like that...
With full compliment, your answer is correct, but limited in the type of OS's to 9x series.

Remember in the old days, from win9x, you ran debug, and did int
to force reading the 0x000000 address, trus (not recommended but) rebooting
your PC(Don't pick on me, this is just a lame example, just proof of concept thing)
You were able to do that because you (practically) had direct hardware access.

Not in the new NT/XP/2000 kernel... But, by allowing various tricks
used by virus and Trojan houses, you can gain enough privilege in
these new OS's(although not recommended) to allow your USERLAND code (Ring 3)
to be run as ring 0 (high privilege, in CPU).

From here, you have direct hardware access, so in theory, nutty people
(like the guys from BeOS developers team)
should be able to write a boot loader, that maps the linux kernel
into the memory, and trus boot linux(with added info from previous OS's).

And in this approach, you don't need to store your linux kernel into any other
partition (theoretically, as long as you somehow get the address where it is stored).
while also allowing 'hijacking' other device drivers, that were meant to run on
other OS's, it can (and will) be used (provided you make a intercommunication
mechanism of windows device driver file structures and the Linux norm way)
to run 'Linux Unsupported Devices' from linux.

It has been done in PowerPC(The Macs), from BeOS.
With the 2.6 kernel, linux could...

Loadlin, unfortunately does not do these things... They just invoke(through DOS).

So I nEEEEEEd technical papers of BeOS loader, and combine it with
the Linux boot loader, AND THEN I can create a application that runs on
Windows NT kernel, form userland, that 'Dynamically' loads linux kernel, etc, etc...

A long way ahead... That's one of the reasons I am posting here...