you can read these series of entries by ntdebugging team to get a
more clearer
picture
http://blogs.msdn.com/b/ntdebugging/archive/2010/06/22/part-3-understanding-pte-non-pae-and-x64.aspx
On 5/31/12, raj_r wrote:
> On 5/31/12, Wilkinson, Alex wrote:
>
>> What is the purpose of a “dir base” for each process ?
>
>
> kd> ? @$proc;? @$thread; Rm 0x80;dt nt!_EPROCESS -y pcb.Dir* @$proc;r
> Evaluate expression: -5428360 = ffad2b78
> Evaluate expression: -2129150704 = 8117bd10
> +0x000 Pcb :
> +0x018 DirectoryTableBase : [2] 0xb4c000
>
> cr0=8001003b cr2=00360000 cr3=00b4c000
>
> 7c90120e cc int 3
>
>
> you can read about the pagedirectoryTable / Relation to Cr3 Register
> and a bit more in this article by Scott Noone
>
> http://analyze-v.com/?p=410
>