Windows debugging 7

Address Translation

====================

The memory manager creates a data structure (page tables) called a page table. The CPU uses this data structure to convert a virtual address to a physical address. each virtual address is related to a system space structure called page table entry. the PTE structure contains the physical address corresponding to the virtual address. for example, it shows how to map consecutive virtual pages to three discontinuous physical pages (x86)

By default, Windows x86 uses a double-layer table structure to convert a virtual address to a physical address. A 32-bit virtual address is translated into three independent components.

1. page Directory Index

2. page table Index

3. byte Index

These three indexes are used together to describe and map. see. the size of a page is 4 kb, and the 12 power of 2 is 4 kb (4096), so the byte index is 12 binary digits.

The page Directory Index is used to locate the page table in the PTE of the virtual address. It shows how the three indexes work together to find the physical address.

To convert a virtual address, follow these steps:

1. the memory management hardware locates the page Directory of the current process. during each process context switch, the hardware is notified of the address of the directory on the new process page. A typical situation is that the operating system sets a specific register to record the address.

2. the page Directory Index is used to locate the page Directory Entry (DE) In the page Directory ). this topic describes the location of the page table used to map virtual addresses. the PDE contains a page frame number (PFn ).

3. The page table index is used to find the physical address of the requested virtual page in the table.

4. find a physical page through Pte. If this page is valid, the PFN of the physical page containing this virtual page must be included by this page. if PTE indicates that this page is invalid, the Falt handler in memory management will locate this page and try to make it legal. if the page cannot be in a valid State (for example, due to a protection error), Fault Handler will generate an access violation or a bug check.

5. When PTE points to a valid page, the byte index is used to read the requested data from the physical page.

 

Page Directory

==================

Each process has only one page Directory. The memory manager creates such a page to film all the page table locations. the physical address of the Process page Directory is stored in the kernel process block (kprocess), but it only maps the virtual address (x86) starting from 0xc0300000 ). all codes running in kernel state reference virtual addresses instead of physical addresses.

The CPU knows the location of the page Directory, because the CPU has a special internal register (S3. this register is loaded by the operating system and stores the physical address of the page Directory. this register is loaded from the kprocess block of the target process every time the context is converted to the thread of another process, this is the context switch routine function of the kernel ). thread context switching in the same process does not cause the physical address of the page Directory to be reloaded, because all threads in the same process share the same process address space.

The page Directory is composed of page directory entries (PDES), each of which is 4 bytes long (x86). The partial de describes the possible location of the page table of all that process.

Because Windows provides a private address space for each process, each process has its own page table set to map the private address space of the process. in any case, the page table describing the system address space is shared among all processes (Session space is shared among processes in a session ). to avoid many page tables describing the same virtual memory, when a process is created, the page directory entry describing the system space is initialized to point to an existing system page table. if a process is part of a session, the page table of the session space is shared by directing the page Directory Entry of the session space to an existing session page table.

 

Page table and page table entry

==================

The process page directory entries are directed to page tables. A page table consists of a group of PTE (page table entry ). the page table index field in the virtual address specifies which PTE in the page table maps the requested Memory Page. in x86 systems, the index of a page table is 10 binary digits, allowing you to reference 1024 4-byte Pte. because 32bit Windows supports 4-GB private address space, a page table is not enough to map the whole address space.

Calculate the number of page tables required for addressing a 4 GB virtual address space:

1. Split the 4 GB address in the unit of the page table

2. The size of each data page is 4 kb, and each page table has 1024 pages. Therefore, each page table can map 4 MB data pages.

3. Therefore, only 1024 page tables can take care of all 4 GB of virtual address space.

Valid Pte has two main data domains: PFN (page frame number) and some flags. PFN is the page Framework address of the physical page containing data, or the physical address of pages in the memory.

 

Byte in the page

==============

Once the memory manager finds the physical page of the request, the rest is to find the request data in that page. it is time to use byte index (byte index. the Byte index tells the CPU which byte of data on the page is what you want, and the length of the byte index is 12 binary BITs, which can address 4096 bytes, the size of a page. therefore, after getting the address of the physical page back from the page table entry (PTE) and adding the byte index, you can complete the conversion from a virtual address to a physical address.

 

Page error handling

==================

Error cause	Result
Access a page that is not in memory but on the disk, or a shadow file.	Allocate a physical page, read the required page into the physical page, and put it in the working set.
Access a page in the standby or modified list.	Switch this page to the working set of the system or process.
Access a page without committed (for example, reserved address space or unallocated address space)	Access violation)
Access a page in the user mode that can only be accessed by the Kernel Mode	Access violation
Write to a read-only page	Access violation
Access a demand-zero page	Add a page initialized with 0 to the working set of the process.
Write to guard page	Guard-page violation (if the stack in the user mode is referenced, the stack is automatically expanded)
Write Data to the copy-on-write page	Make process-private (or session-private) Copy of page, and replace original in process, session, or system working set
Referencing a page in system space that is valid but not in the process page Directory (for example, if paged pool expanded after the process page Directory was created)	Copy page Directory Entry from Master system page directory structure, and dismiss exception
On a Multiprocessor System, writing to a page that is valid but hasn't yet been written	Set dirty bit in PTE
Executing code in a page that is marked as no Execute	Access violation (supported only on hardware platforms that support no execute protection running Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 and later)

 

The valid PTE bits are cleared, indicating that the requested page is not accessible to the process for some reason (currently.

A reference to an invalid page is called page fault. The trap handler of the kernel assigns this error to Memory Manager Fault Handler (Mmaccessfault) To handle. This function runs in the context of the thread where an error occurs and is responsible for parsing the error or triggering an appropriate exception. This error can be caused for many reasons.