http://blogs.msdn.com/b/ntdebugging/archive/2010/06/22/part-3-understanding-pte-non-pae-and-x64.aspx


Hello, Ryan Mangipano (ryanman) again with part three of my series on understanding the output of the !PTE command. In this last installment I’ll continue our manual conversion of Virtual Addresses by converting a Non-PAE VA. Afterwards I’ll convert a VA from X64 Long Mode. Then I’ll discuss the TLB. If you haven’t read part one10001

963

0: kd> !dd 1014000 + (0y1011000101 * @@(sizeof(nt!HARDWARE_PTE)))L1

# 1014b14 06ce7963

Now that I have the physical page base, I'll place  the last 3 hex digits (c00)  from the Virtual Address onto the address base.

0: kd> !dd 6ce7c00 L4

# 6ce7c00 00000001 c0000005 00000000 00000000

0: kd> dd f72c5c00 L4

f72c5c00  00000001 c0000005 00000000 00000000

X64 VA to Physical Address Conversion

Just as PAE added a third level to the non-PAE two-level system, x64 Long mode adds a fourth level to the hierarchy.  This table is called the Page-Map Level-4 (PML4 table). AMD refers to the entries in this table as PML4E (Page-Map Level-4 Entry).  Intel refers to each entry as PML4-Table Entry. Internally we refer to this as theeXtended Page directory Entry (PXE).  Regardless of how you refer to these entries they contain indexes into the PDP table (Page Directory Pointer Table).

Here is the output of the !pte command against a 64-bit address:

7: kd> !pte fffffade`c24eb7c0

VA fffffadec24eb7c0

PXE @ FFFFF6FB7DBEDFA8     PPE at FFFFF6FB7DBF5BD8    PDE at FFFFF6FB7EB7B090    PTE at FFFFF6FD6F612758

contains 0000000111800863  contains 0000000119826863  contains 0000000119839963  contains 0000000001FF6121

pfn 111800     ---DA--KWEV  pfn 119826     ---DA--KWEV  pfn 119839     -G-DA--KWEV  pfn 1ff6       -G--A—KREV

I'll break it down in binary and use data from the processor manuals to separate the bits

 

7: kd> .formats fffffade`c24eb7c0

Binary:  11111111 11111111 11111010 11011110 11000010 01001110 10110111 11000000

Sign extend               11111111 11111111

PML4 offset               11111010 1

PDP offset                1011110 11

PD offset                 000010 010

Page-Table offset         01110 1011

Physical Page Offset      0111 11000000

 Now that I have the numbers, I'll plug them in and find the physical address. If you are having problems following along, refer to part one of this blog and the AMD x64 System Programming manual. You should be comparing the output below to the !pte output above

7: kd> !dq @cr3 + ( 0y111110101 * @@(sizeof(ntkrnlmp!HARDWARE_PTE))) L1

#  147fa8 00000001`11800863

7: kd> !dq 0x00111800000 + (  0y101111011  * @@(sizeof(ntkrnlmp!HARDWARE_PTE))) L1

#111800bd8 00000001`19826863

7: kd> !dq 0x119826000 + ( 0y000010010  * @@(sizeof(ntkrnlmp!HARDWARE_PTE))) L1

#119826090 00000001`19839963

7: kd> !dq 0x119839000 + ( 0y011101011  * @@(sizeof(ntkrnlmp!HARDWARE_PTE))) L1

#119839758 00000000`01ff6121

7: kd> !dc 1ff67c0 L4

1ff67c0 5085ff48 48000005 68244c8b 04a8f633 H..P...H.L$h3...

7: kd> dc fffffade`c24eb7c0 L4

fffffade`c24eb7c0  5085ff48 48000005 68244c8b 04a8f633  H..P...H.L$h3...

TLB- Translation Lookaside Buffer and Conclusion

The CPU’s memory management unit performs these operations to translate virtual addresses to physical. Wouldn’t it be great if we could cache the virtual address to physical page information in a location that can be accessed very quickly so that the CPU doesn’t have to look this up for future references to this page?  That is just what the Translation Lookaside Buffer (TLB) does. Hopefully this will shed some light on some basic memory structures like Large Pages, Flags, and the TLB so I encourage you to read more about these topics from the following sources-

How PAE x86 works (on MSDN): http://technet.microsoft.com/en-us/library/cc736309(WS.10).aspx

Intel  & AMD processor manuals: http://www.intel.com/products/processor/manuals/index.htm andhttp://developer.amd.com/documentation/guides/Pages/default.aspx#manuals

“Windows Internals, 5th Edition” Mark E. Russinovich and David A. Solomon with Alex Ionescu  -Chapter 9: Memory Management


[转]Part 3: Understanding !PTE - Non-PAE and X64的更多相关文章

  1. [转]Part2: Understanding !PTE, Part2: Flags and Large Pages

    http://blogs.msdn.com/b/ntdebugging/archive/2010/04/14/understanding-pte-part2-flags-and-large-pages ...

  2. [转]Part1: Understanding !PTE , Part 1: Let’s get physical

    http://blogs.msdn.com/b/ntdebugging/archive/2010/02/05/understanding-pte-part-1-let-s-get-physical.a ...

  3. Windows内存放血篇,突破物理内存的CopyOnWrite

      本篇以x86(开启PAE) 以及x64 Win7系统 不借助微软API突破内存的写拷贝机制进行讲述 https://bbs.pediy.com/thread-222949.htm   0x01 B ...

  4. 10_PAE_非PAE

    前置知识: 在 windows 中 保护模式 有两种模式: 段保护 和 页保护 段保护 主要体现在 段选择子上:但是数据段.代码段.栈段等采用的都是4GB平坦模式,段的特征并没有那样展现.所以具体的保 ...

  5. 保护模式篇——PAE分页

    写在前面   此系列是本人一个字一个字码出来的,包括示例和实验截图.由于系统内核的复杂性,故可能有错误或者不全面的地方,如有错误,欢迎批评指正,本教程将会长期更新. 如有好的建议,欢迎反馈.码字不易, ...

  6. GOOD MEETINGS CREATE SHARED UNDERSTANDING, NOT BRDS!

      Deliverables and artifacts were a focal point of BA work during the early part of my career. If I ...

  7. Understanding delete

    简述 我们都知道无法通过delete关键字针对变量和函数进行操作,而对于显示的对象属性声明却可以进行,这个原因需要深究到js的实现层上去,让我们跟随 Understanding delete 来探究一 ...

  8. Life Cycle of Thread – Understanding Thread States in Java

    Life Cycle of Thread – Understanding Thread States in Java 深入理解java线程生命周期. Understanding Life Cycle ...

  9. Understanding the Internal Message Buffers of Storm

    Understanding the Internal Message Buffers of Storm Jun 21st, 2013 Table of Contents Internal messag ...

随机推荐

  1. QList

    #include <QCoreApplication> #include<QList> #include<QDebug> int main(int argc, ch ...

  2. iOS 10的正确解锁方式

    在iOS 10上,锁屏状态通过按下电源键点亮屏幕之后,用手指轻触Home键,实际上手机是已经解锁了的,不信请看如下截图: 虽然手机已经解锁,但与iOS 9不同的是,此时手机还处在解锁界面而没有进入主屏 ...

  3. SQL编码乱码解决方法

    摘自 http://www.cnblogs.com/keke/archive/2011/08/05/2128557.html 使用SQL SERVER2005的时候常常遇到中文字符为乱码的情况,经过研 ...

  4. C# Console控制命令

    参考博客:C# 控制台程序(命令行程序)设置字体颜色,窗口宽高,光标行数 禁用控制台关闭按钮,参考博客:禁用C#控制台应用程序的关闭按钮 参考博客:c# 控制台程序禁用关闭按钮完美解决 #region ...

  5. ASP.NET Core – 2300% More Requests Served Per Second

    http://www.ageofascent.com/asp-net-core-exeeds-1-15-million-requests-12-6-gbps/ ASP.NET Core – Excee ...

  6. VIP

    高可用性HA(High Availability)指的是通过尽量缩短因日常维护操作(计划)和突发的系统崩溃(非计划)所导致的停机时间,以提高系统和应用的可用性.HA系统是目前企业防止核心计算机系统因故 ...

  7. CSS中可以和不可以继承的属性

    一.无继承性的属性 1.display:规定元素应该生成的框的类型 2.文本属性: vertical-align:垂直文本对齐 text-decoration:规定添加到文本的装饰 text-shad ...

  8. Html5shiv

    说明编辑 越来越多的站点开始使用 HTML5 标签.但情况是还有很多人在使用IE6,IE7,IE8.为了让所有网站浏览者都能正常的访问网站, 2解决方案编辑 有下面两个: 为网站创建多套模板,通过程序 ...

  9. Timer的故事----Jdk源码解读

    咱们今天也来说说定时器Timer Timer是什么? Timer  n. [电子] 定时器:计时器:计时员 从翻译来看,我们可以知道Timer的本意是,定时定点. 而JDK中Timer类也的确是这个本 ...

  10. JsonOperate 帮助类

    引用 Newtonsoft.Json using Newtonsoft.Json; using System; using System.Collections.Generic; using Syst ...