Perform a virtual-to-physical address translation on x64. Were there any major differences compared to x86?
To convert between a virtual to a physical address you must obtain the page frame number of the directory base. You add this offset to the beginning of the page address.
You can do this with a kernel debugger with the following commands. Here is an example with virtual address 0xff1a0000:
lkd> !process 0 0
PROCESS fffffba002ec0330
SessionId: 1 Cid: 04fc Peb: 7fffffdf000 ParentCid: 07a4
DirBase: 1f79b000 ObjectTable: fffff8a001a7b410 HandleCount: 6.
Image: test64.exe
PROCESS fffffba002ec0330
SessionId: 1 Cid: 04fc Peb: 7fffffdf000 ParentCid: 07a4
DirBase: 1f79b000 ObjectTable: fffff8a001a7b410 HandleCount: 6.
Image: test64.exe
lkd> !vtop 1f79b000 00000000ff1a0000
Amd64VtoP: Virt 00000000`ff460000, pagedir 1f79b000
Amd64VtoP: PML4E 1f79b000
Amd64VtoP: PDPE 2`21f70018
Amd64VtoP: PDE fa007fa0
Amd64VtoP: PTE 1a40c200
Amd64VtoP: Mapped phys 3a021000
Virtual address ff1a0000 translates to physical address 3a021000.
Amd64VtoP: Virt 00000000`ff460000, pagedir 1f79b000
Amd64VtoP: PML4E 1f79b000
Amd64VtoP: PDPE 2`21f70018
Amd64VtoP: PDE fa007fa0
Amd64VtoP: PTE 1a40c200
Amd64VtoP: Mapped phys 3a021000
Virtual address ff1a0000 translates to physical address 3a021000.
There are slightly different outputs between x64 and x86, but the general means of calculating a physical address from the virtual address is the same.
No comments :
Post a Comment