How do AMD64 page entry base address fields encode a 52-bit address in 40 bits?
I'm trying to manually walk the paging structures in order to convert a virtual address into its physical address. I have a question about the physical base address fields stored in the PML4E, PDPE, PDE, and PTE. The page size on my system is 4KB. I'm doing this on Windows in kernel mode.
As the amd64 manual says, bits 51-12 of cr3 contain the physical base address of the PML4. However, it says that bits 11-0 should be assumed as 0. I was wondering if the same thing applies to the base address fields of the other paging structures, because the diagrams that describe the translation process says 52, however the actual size is just 40 (bits 51-12).
Sample of how I'm doing the translation in C:
// clear out everything except base address field
ULONG_PTR pPml4 = __readcr3() & ~0xFFF0000000000FFF,
dataEntry;
copyAddress.PhysicalAddress.QuadPart = pPml4 + (sourceAddress.Hard.PageMapLevel4Index * 8);
if (MmCopyMemory(&dataEntry, copyAddress, 8, MM_COPY_MEMORY_PHYSICAL, &trans) != STATUS_SUCCESS) {
...
}
// dataEntry now has correct PML4E
// clear out everything except base address field
dataEntry &= ~0xFFF0000000000FFF;
// do I skip this?
dataEntry >>= 12;
From section 5.4 of the manual:
Translation-Table Base Address Field. The translation-table base-address field points to the physical base address of the next-lower-level table in the page-translation hierarchy. Page datastructure tables are always aligned on 4-Kbyte boundaries, so only the address bits above bit 11 are stored in the translation-table base-address field. Bits 11:0 are assumed to be 0. The size of the field depends on the mode...
So yes, the low 12 bits are 0 to make a 52-bit physical address.
- How to Enumerate Threads using CreateToolhelp32Snapshot and Python ctypes?
- Problem when adding dependencies to pyinstaller using poetry to manage dependencies
- Is there any way to run a Flutter app through background on macOS or Windows desktop?
- How do I allocate space to call GetInterfaceInfo using the windows crate?
- Are there issues with DTN_DATETIMECHANGE breakpoints and the date time picker control?
- Rust Windows Crate CreateWindowExW
- Docker compose V2: unknown shorthand flag 'f' (windows)
- Unicode (utf-8) with git-bash
- Cannot locate tkinter icon file when using pyinstaller with poetry on Windows10
- Why my ActiveMQ doesn't start
- How do I determine a mapped drive's actual path?
- How to find version of an application installed using c#
- How to detect Windows 8 Operating system using C# 4.0?
- "Run with PowerShell" gives execution policy error but running directly in PowerShell window does not
- Which comment style should I use in batch files?
- What is the closest thing Windows has to fork()?
- NPM: npm-cli.js not found when running npm
- Can PyTorch GPU Use Shared GPU Memory (from RAM, shows in Windows Task Manage)?
- Pipe dot graphviz with echo windows from command line gives corrupted output
- How to modify ~/.ssh folder & files in windows?
- How to save python script output in GitHub Actions running on windows-latest?
- Why is my VS Code always opened with the default profile?
- Where is MySQL's my.ini located on Windows?
- nmake: using environment variables and falling back to default values
- Build shared library with static library
- many missing .lib files in the installed OpenCV3.2.0 for Windows 10 64bit
- Why does a module from the WinApi crate not exist when its in the docs?
- "continue" equivalent command in nested loop in Windows Batch
- How to Intentionally cause Windows Heap Corruption?
- Flutter sqflite database location on desktop