Hi,
AFAIK there exist different types of Invalid PTEs. “Demand Zero” and “Unknown” PTE types have formats not so clear to me…
Quoting Windows Internals
“Demand zero: The desired page must be satisfied with a page of zeros. The pager looks at the zero page list. If the list is empty, the pager takes a page from the free list and zeroes it. If that list is empty, it takes a page from the standby list and zeroes it. The PTE format is the same as the page file PTE shown in the previous entry, but the page file number and offset are zeros”
“Unknown: The PTE is zero, or the page table doesn’t yet exist. In both cases, this flag means that you should examine the virtual address descriptors (VADs) to determine whether this virtual address has been committed. If so, page tables are built to represent the newly committed address space”
So, apart for ‘protection’ bits in the PTE, it seems Demand zero and Unknown types have all other bits zeroed… How can the system distinguish between them ?
Thanks.
Basically, as long as PTE’s ‘Present’ bit is not set the OS is free to use the remaining bits in any way that
allows page fault handler to handle the fault properly, i.e. to bring page into RAM if the target address is valid,
and to raise the exception otherwise.
Therefore, you are bothered about the implementation details that are simply irrelevant and may change at any moment…
Anton Bassov
You’ve already answered your question. Demand zero PTEs are distinguished from zeroed/non-existent PTEs based on the fact that they exist and their protection bits are not zero.
From: xxxxx@alice.itmailto:xxxxx
Sent: ?12/?29/?2012 10:18 AM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: [ntdev] Invalid PTE types
Hi,
AFAIK there exist different types of Invalid PTEs. “Demand Zero” and “Unknown” PTE types have formats not so clear to me…
Quoting Windows Internals
“Demand zero: The desired page must be satisfied with a page of zeros. The pager looks at the zero page list. If the list is empty, the pager takes a page from the free list and zeroes it. If that list is empty, it takes a page from the standby list and zeroes it. The PTE format is the same as the page file PTE shown in the previous entry, but the page file number and offset are zeros”
“Unknown: The PTE is zero, or the page table doesn’t yet exist. In both cases, this flag means that you should examine the virtual address descriptors (VADs) to determine whether this virtual address has been committed. If so, page tables are built to represent the newly committed address space”
So, apart for ‘protection’ bits in the PTE, it seems Demand zero and Unknown types have all other bits zeroed… How can the system distinguish between them ?
Thanks.
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>
1 Like
Thanks Pavel…I guessed that but having not information I was not sure…
I encountered an entirely zeroed PTE (all bits are 0), which after trying to access the VA, it returned a page and became valid.
I thought that completely zeroed PTEs are of unallocated VA, and if the page fault handler should consult the VAD tree, then the PTE should have at least some bits set (prototype).
The mentioned page was in the middle of the “.text” section of ntdll.dll mapped to smss.exe at session 0 (on Windows Server 2016, 14393).
any idea what’s the mechanism behind this zeroed PTE which actually do brings back a page when accessed???
Nice job, posting to a thread that’s almost ten years old. Which, you know, is something that’s against the rules.
Have a question? Start a new thread.
Peter