http://blogs.msdn.com/b/ntdebugging/archive/2010/06/22/part-3-understanding-pte-non-pae-and-x64.aspx


Hello, Ryan Mangipano (ryanman) again with part three of my series on understanding the output of the !PTE command. In this last installment I’ll continue our manual conversion of Virtual Addresses by converting a Non-PAE VA. Afterwards I’ll convert a VA from X64 Long Mode. Then I’ll discuss the TLB. If you haven’t read part one10001

963

0: kd> !dd 1014000 + (0y1011000101 * @@(sizeof(nt!HARDWARE_PTE)))L1

# 1014b14 06ce7963

Now that I have the physical page base, I'll place  the last 3 hex digits (c00)  from the Virtual Address onto the address base.

0: kd> !dd 6ce7c00 L4

# 6ce7c00 00000001 c0000005 00000000 00000000

0: kd> dd f72c5c00 L4

f72c5c00  00000001 c0000005 00000000 00000000

X64 VA to Physical Address Conversion

Just as PAE added a third level to the non-PAE two-level system, x64 Long mode adds a fourth level to the hierarchy.  This table is called the Page-Map Level-4 (PML4 table). AMD refers to the entries in this table as PML4E (Page-Map Level-4 Entry).  Intel refers to each entry as PML4-Table Entry. Internally we refer to this as theeXtended Page directory Entry (PXE).  Regardless of how you refer to these entries they contain indexes into the PDP table (Page Directory Pointer Table).

Here is the output of the !pte command against a 64-bit address:

7: kd> !pte fffffade`c24eb7c0

VA fffffadec24eb7c0

PXE @ FFFFF6FB7DBEDFA8     PPE at FFFFF6FB7DBF5BD8    PDE at FFFFF6FB7EB7B090    PTE at FFFFF6FD6F612758

contains 0000000111800863  contains 0000000119826863  contains 0000000119839963  contains 0000000001FF6121

pfn 111800     ---DA--KWEV  pfn 119826     ---DA--KWEV  pfn 119839     -G-DA--KWEV  pfn 1ff6       -G--A—KREV

I'll break it down in binary and use data from the processor manuals to separate the bits

 

7: kd> .formats fffffade`c24eb7c0

Binary:  11111111 11111111 11111010 11011110 11000010 01001110 10110111 11000000

Sign extend               11111111 11111111

PML4 offset               11111010 1

PDP offset                1011110 11

PD offset                 000010 010

Page-Table offset         01110 1011

Physical Page Offset      0111 11000000

 Now that I have the numbers, I'll plug them in and find the physical address. If you are having problems following along, refer to part one of this blog and the AMD x64 System Programming manual. You should be comparing the output below to the !pte output above

7: kd> !dq @cr3 + ( 0y111110101 * @@(sizeof(ntkrnlmp!HARDWARE_PTE))) L1

#  147fa8 00000001`11800863

7: kd> !dq 0x00111800000 + (  0y101111011  * @@(sizeof(ntkrnlmp!HARDWARE_PTE))) L1

#111800bd8 00000001`19826863

7: kd> !dq 0x119826000 + ( 0y000010010  * @@(sizeof(ntkrnlmp!HARDWARE_PTE))) L1

#119826090 00000001`19839963

7: kd> !dq 0x119839000 + ( 0y011101011  * @@(sizeof(ntkrnlmp!HARDWARE_PTE))) L1

#119839758 00000000`01ff6121

7: kd> !dc 1ff67c0 L4

1ff67c0 5085ff48 48000005 68244c8b 04a8f633 H..P...H.L$h3...

7: kd> dc fffffade`c24eb7c0 L4

fffffade`c24eb7c0  5085ff48 48000005 68244c8b 04a8f633  H..P...H.L$h3...

TLB- Translation Lookaside Buffer and Conclusion

The CPU’s memory management unit performs these operations to translate virtual addresses to physical. Wouldn’t it be great if we could cache the virtual address to physical page information in a location that can be accessed very quickly so that the CPU doesn’t have to look this up for future references to this page?  That is just what the Translation Lookaside Buffer (TLB) does. Hopefully this will shed some light on some basic memory structures like Large Pages, Flags, and the TLB so I encourage you to read more about these topics from the following sources-

How PAE x86 works (on MSDN): http://technet.microsoft.com/en-us/library/cc736309(WS.10).aspx

Intel  & AMD processor manuals: http://www.intel.com/products/processor/manuals/index.htm andhttp://developer.amd.com/documentation/guides/Pages/default.aspx#manuals

“Windows Internals, 5th Edition” Mark E. Russinovich and David A. Solomon with Alex Ionescu  -Chapter 9: Memory Management


[转]Part 3: Understanding !PTE - Non-PAE and X64的更多相关文章

  1. [转]Part2: Understanding !PTE, Part2: Flags and Large Pages

    http://blogs.msdn.com/b/ntdebugging/archive/2010/04/14/understanding-pte-part2-flags-and-large-pages ...

  2. [转]Part1: Understanding !PTE , Part 1: Let’s get physical

    http://blogs.msdn.com/b/ntdebugging/archive/2010/02/05/understanding-pte-part-1-let-s-get-physical.a ...

  3. Windows内存放血篇,突破物理内存的CopyOnWrite

      本篇以x86(开启PAE) 以及x64 Win7系统 不借助微软API突破内存的写拷贝机制进行讲述 https://bbs.pediy.com/thread-222949.htm   0x01 B ...

  4. 10_PAE_非PAE

    前置知识: 在 windows 中 保护模式 有两种模式: 段保护 和 页保护 段保护 主要体现在 段选择子上:但是数据段.代码段.栈段等采用的都是4GB平坦模式,段的特征并没有那样展现.所以具体的保 ...

  5. 保护模式篇——PAE分页

    写在前面   此系列是本人一个字一个字码出来的,包括示例和实验截图.由于系统内核的复杂性,故可能有错误或者不全面的地方,如有错误,欢迎批评指正,本教程将会长期更新. 如有好的建议,欢迎反馈.码字不易, ...

  6. GOOD MEETINGS CREATE SHARED UNDERSTANDING, NOT BRDS!

      Deliverables and artifacts were a focal point of BA work during the early part of my career. If I ...

  7. Understanding delete

    简述 我们都知道无法通过delete关键字针对变量和函数进行操作,而对于显示的对象属性声明却可以进行,这个原因需要深究到js的实现层上去,让我们跟随 Understanding delete 来探究一 ...

  8. Life Cycle of Thread – Understanding Thread States in Java

    Life Cycle of Thread – Understanding Thread States in Java 深入理解java线程生命周期. Understanding Life Cycle ...

  9. Understanding the Internal Message Buffers of Storm

    Understanding the Internal Message Buffers of Storm Jun 21st, 2013 Table of Contents Internal messag ...

随机推荐

  1. 通过命令创建vue项目

    环境要求:  安装有 Node.js. vue. vue-cli . 创建项目: vue init webpack projectName 进入项目,下载依赖: npm install 或者 cnpm ...

  2. iscroll 加载不全解决方案

    例如上图中,get_kaijiang 中如果执行一段ajax跨域传输的话 function get_kaijiang(){ ajax------- $('#div').append(html); -- ...

  3. HTML5零基础学习Web前端需要知道哪些?

    HTML零基础学习Web前端网页制作,首先是要掌握一些常用标签的使用和他们的各个属性,常用的标签我总结了一下有以下这些: html:页面的根元素. head:页面的头部标签,是所有头部元素的容器. b ...

  4. Ms sql 2005 中的bit 数据类型

    bit 整型数据 1.0 或 NULL(在表中的表现形式). 注释: 不能对 bit 类型的列使用索引. Microsoft® SQL Server™ 优化用于 bit 列的存储.如果一个表中有不多于 ...

  5. centos7 firewalld

    1.firewalld简介 firewalld是centos7的一大特性,最大的好处有两个: 1.支持动态更新,不用重启服务: 2.加入了防火墙的"zone"概念   firewa ...

  6. Docker的镜像

    镜像是容器的运行基础,容器是镜像运行后台的形态 镜像的概念 镜像是一个包含程序运行必要依赖环境和代码的只读文件,它采用分层的文件系统,将每一次改变以读写层的形式增加到原来的只读文件上 镜像的系统结构 ...

  7. python成长之路-----day1----笔记(1)

    1.python语言介绍 python的创始人:Guido Van Rossum 2.python是一门什么样的语言 编程语言主要从以下几个角度进行分类:编译型,静态型,动态性,强类型定义语言和弱类型 ...

  8. CentOS6.6安装vmware workstation报错

    本人系统用的是centos6.6,安装了vmware workstation,启动后一直如下图报错,相关内核已经安装了的,哪位前辈如果解决过这样的问题,麻烦指点指点,小弟在此先谢过了.

  9. SQL语句总结

    SQL UNION 操作符合并两个或多个 SELECT 语句的结果. 语法: SELECT column_name(s) FROM table1        UNION        SELECT ...

  10. bzoj3884 上帝与集合的正确用法

    a^b mod P=a^(b mod phi(p)) mod p,利用欧拉公式递归做下去. 代码 #pragma comment(linker,"/STACK:1024000000,1024 ...