> Do page tables store virtual or physical addresses?
Page tables (the last stage in the address translation procedure)
store physical addresses.
> So for a process (with PAE enabled) CR3 is the physical address of the page
> directory pointer (PDP) table (let's say 0x69C0020). You take the last
> couple bits from the virtual address, multiply that by the size of an entry
> in the PDP (8 bytes) and you have the offset into the table (0x8), so the
> eight bytes at 0x69C0028 is an address to page directory. Is that address a
> virtual address or a physical address?
"last couple of bits" == the high order bits
The resulting address is a physical address.
> As I mentioned before, the process-data example program isn't working
> correctly. The problem seems to be when it is translating the virtual
> address of the PEB. It gets the EPROCESS block without a problem, and gets
> the value of CR3/DirectoryTableBase (x69C0020). It then converts that
> address to the virtual address (x865c0020), gets the offset (0x8) into the
> page directory pointer table and adds it to the virtual address, ending up
> with x865C0028. The problem comes when it tries to look up 0x865C0028; it
> tries to look up the address (with xa_read_long_long_virt()) with a PID of 0
> (System Idle Process) and can't find it.
>
> If the page tables know physical addresses, it seems the physical - virtual
> - physical translations are unnecessary.
Yeah, this is true that there are some extra translations happening.
This is a result of some code evolution. But I'm not sure that this
is the problem. If the various translations are working properly,
then these extra translations shouldn't be breaking the example.
-bryan
--
Bryan D. Payne
Graduate Student, Computer Science
Georgia Tech Information Security Center
http://www.bryanpayne.org
|
