1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
| cr3=00000000001ad000
gdtr=fffff8003f677fb0
kd> !vtop 00000000001ad000 fffff8003f677fb0
Amd64VtoP: Virt fffff8003f677fb0, pagedir 00000000001ad000
Amd64VtoP: PML4E 00000000001adf80
Amd64VtoP: PDPE 0000000004209000
Amd64VtoP: PDE 000000000420afd8
Amd64VtoP: PTE 00000000042213b8
Amd64VtoP: Mapped phys 0000000005c77fb0
Virtual address fffff8003f677fb0 translates to physical address 5c77fb0.
kd> !pte fffff800`3f677fb0
VA fffff8003f677fb0
PXE at FFFFB158AC562F80 PPE at FFFFB158AC5F0000 PDE at FFFFB158BE000FD8 PTE at FFFFB17C001FB3B8
contains 0000000004209063 contains 000000000420A063 contains 0000000004221063 contains 8900000005C77963
pfn 4209 ---DA--KWEV pfn 420a ---DA--KWEV pfn 4221 ---DA--KWEV pfn 5c77 -G-DA--KW-V
----------------------------------------------------------------------------------------------------------
9-9-9-9-12分页
四级页表的两种叫法
PXE-PPE-PDE-PTE
PLM4E-PDPTE-PDE-PTE
手动拆分虚拟地址:
kd> .formats fffff800`3f677fb0
Evaluate expression:
Hex: fffff800`3f677fb0
Decimal: -8795029274704
Octal: 1777777600007731677660
Binary: 11111111 11111111 11111000 00000000 00111111 01100111 01111111 10110000
Chars: ....?g.
Time: ***** Invalid FILETIME
Float: low 0.904292 high -1.#QNAN
Double: -1.#QNAN
1 1111 0000 = 1f0
0 0000 0000 = 0
1 1111 1011 = 1fb
0 0111 0111 = 77
1111 1011 0000 = fb0
pagedir = CR3 = 00000000001ad000
PLM4E = pagedir + 1f0*8 = 00000000001adf80
PDPTE = *(QWORD*)PLM4E + 0*8 = 0000000004209000
PDE = *(QWORD*)PDPTE + 1fb*8 = 000000000420afd8
PTE = *(QWORD*)PDE + 77*8 = 00000000042213b8
Physical Address = *(QWORD)PTE + fb0 = 0000000005c77fb0
|