Re: Re[2]: !wlse extension [SEC=UNCLASSIFIED]

OSR_Community_User · May 31, 2012, 8:12am

0n Thu, May 31, 2012 at 02:55:19AM +0530, raj_r wrote:

each process has a dir base
>
>kd> dt nt!_EPROCESS pcb.DirectoryTableBase @$proc
> +0x000 Pcb :
> +0x018 DirectoryTableBase : [2] 0x3dfe000
>
>you can get the physical page for a virtual address using !vtop and
>this dirbase
>
>!kd> !vtop 03dfe 350000
>X86VtoP: Virt 00350000, pagedir 3dfe000
>X86VtoP: PDE 3dfe000 - 062ed067
>X86VtoP: PTE 62edd40 - 04024067
>X86VtoP: Mapped phys 4024000
>Virtual address 350000 translates to physical address 4024000.
>kd> !dc 4024000
># 4024000 656c7357 74736554 20656e4f 6f6c6c41 WsleTestOne Allo
># 4024010 20646574 73696854 67615020 20402065 ted This Page @
># 4024020 35333030 30303030 0000000a 00000000 00350000…

What is the purpose of a “dir base” for each process ?

-Alex

–
IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the
CRIMES ACT 1914. If you have received this email in error, you are
requested to contact the sender and delete the email.

Re: Re[2]: !wlse extension [SEC=UNCLASSIFIED]

– IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email.

–
IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the
CRIMES ACT 1914. If you have received this email in error, you are
requested to contact the sender and delete the email.