On 5/31/12, Wilkinson, Alex wrote:
> What is the purpose of a “dir base” for each process ?
kd> ? @$proc;? @$thread; Rm 0x80;dt nt!_EPROCESS -y pcb.Dir* @$proc;r
Evaluate expression: -5428360 = ffad2b78
Evaluate expression: -2129150704 = 8117bd10
+0x000 Pcb :
+0x018 DirectoryTableBase : [2] 0xb4c000
cr0=8001003b cr2=00360000 cr3=00b4c000
7c90120e cc int 3
you can read about the pagedirectoryTable / Relation to Cr3 Register
and a bit more in this article by Scott Noone
http://analyze-v.com/?p=410