x64 Windows implementation of virtual-address to physical-address translation
Modern x64 Windows uses PML4
Page Map Level 4 as paging mode. careful that interpretation of the mode is a bit different with long/legacy mode on AMD64 and Intel64.
This repository is an implementation of virtual address
a.k.a linear address
to physical address
translation, that usually done by the CPU's MMU
Memory Management Unit.
This implementation is similar to MmGetPhysicalAddress
.
DTB
is a Directory Table Base which represents the base physical address of paging table.
Can be found at nt!_EPROCESS.Pcb.DirectoryTableBase
, PCB
means Processor Control Block.
dt nt!_KPROCESS DirectoryTableBase
+0x028 DirectoryTableBase : Uint8B
If the virtual address is KVA
Kernel Virtual Address, we could use system process's DTB.
The system process's DTB represents exact same value contained in CR3
because it is a part of the kernels.
Also if it is user's virtual address, ofcourse the DTB is different with the every single processes, so we have to lookup from the structure.
There's 4 things we first understand,
PML4
Page Map Level 4PDP
Page Directory PointerPD
Page DirectoryPT
Page Table
- Lookup
DTB
- Lookup
PDP
entry usingDTB
entry's PFN and VA'spml4_index
- Lookup
PD
entry usingPDP
entry's PFN and VA'spd_index
- Lookup
PT
entry usingPD
entry's PFN and VA'spt_index
- Translate to the physical address using
PT
entry's PFN and VA'soffset
, the first 12-bits value of virtual address.
Some of you may know that there is PML5
Page Map Level 5 is available on Linux. (some versions)
The PML5
is expanded physical address to the 56-bits
allowing use of 4PiB
of physical address ranges and 128PiB
of virtual address ranges.
Do you think that Windows should have PML5
?
MIT copyright Kento Oki <[email protected]>