x86下的分页机制有一个特点:PAE模式
物理地址扩展,是基于x86 的服务器的一种功能,它使运行 Windows Server 2003, Enterprise Edition 和 Windows Server 2003,Datacenter Edition 的计算机可以支持4GB 以上物理内存。物理地址扩展 (PAE) 允许将最多64GB 的物理内存用作常规的4 KB 页面,并扩展内核能使用的位数以将物理内存地址从32扩展到36。
一般情况下都是一页大小都是4KB,4M为大页面转化方式
测试代码:
int main()
{
char* v1 = "HelloWorld";
printf("%p\r\n", v1);
while (1)
}
return 0;
虚拟地址的意义
13ff6c = 转二进制=》 0000000000 0100111111 111101101100
高10位=0 12到21位=13f 低12位=f6c
PDE索引 PTE索引 页内偏移
PROCESS 866639c8 SessionId: 0 Cid: 0330 Peb: 7ffd7000 ParentCid: 0700
DirBase: 1d50c000 ObjectTable: e1382268 HandleCount: 13.
Image: hello.exe
PROCESS 8619c428 SessionId: 0 Cid: 0f2c Peb: 7ffdd000 ParentCid: 0330
DirBase: 1d78a000 ObjectTable: e21e0270 HandleCount: 38.
Image: conime.exe
kd> !dq 1d50c000
#1d50c000 1d7b7067`1d6f8067 00000000`00000000
#1d50c010 00000000`00000000 00000000`00000000
#1d50c020 00000000`00000000 00000000`00000000
#1d50c030 00000000`00000000 00000000`00000000
#1d50c040 00000000`00000000 00000000`00000000
#1d50c050 00000000`00000000 00000000`00000000
#1d50c060 00000000`00000000 00000000`00000000
#1d50c070 00000000`00000000 00000000`00000000
kd> !dd 1d50c000 PDE索引=0
#1d50c000 1d6f8067 1d7b7067 00000000 00000000
#1d50c010 00000000 00000000 00000000 00000000
#1d50c020 00000000 00000000 00000000 00000000
#1d50c030 00000000 00000000 00000000 00000000
#1d50c040 00000000 00000000 00000000 00000000
#1d50c050 00000000 00000000 00000000 00000000
#1d50c060 00000000 00000000 00000000 00000000
#1d50c070 00000000 00000000 00000000 00000000
kd> !dd 1d6f8000+0x13f*4 PTE索引=13f 每一项4字节
#1d6f84fc 1d560067 13391025 133d2025 00000000
#1d6f850c 00000000 00000000 00000000 00000000
#1d6f851c 00000000 00000000 00000000 00000000
#1d6f852c 00000000 00000000 00000000 00000000
#1d6f853c 00000000 1d665067 1d666067 1d4a9067
#1d6f854c 1d673067 1d5fb067 1d6c3067 1d688067
#1d6f855c 1d821067 00000080 00000000 00000000
#1d6f856c 00000000 00000000 00000000 00000000
kd> !db 1d560000+f6c 页内偏移f6c
#1d560f6c 48 65 6c 6c 6f 57 6f 72-6c 64 00 00 00 00 00 00 HelloWorld......
#1d560f7c 00 00 00 00 c0 ff 13 00-d9 87 40 00 01 00 00 00 ..........@.....
#1d560f8c 80 0e 44 00 c0 0d 44 00-39 00 39 00 34 00 34 00 ..D...D.9.9.4.4.
#1d560f9c 00 70 fd 7f 06 00 00 00-04 1d 45 ee 94 ff 13 00 .p........E.....
#1d560fac 9f 2c 58 80 e0 ff 13 00-04 f8 40 00 f8 f3 42 00 .,[email protected].
#1d560fbc 00 00 00 00 f0 ff 13 00-67 70 81 7c 39 00 39 00 ........gp.|9.9.
#1d560fcc 34 00 34 00 00 70 fd 7f-00 ac 19 e2 c8 ff 13 00 4.4..p..........
#1d560fdc a8 6d 34 86 ff ff ff ff-c0 9a 83 7c 70 70 81 7c .m4........|pp.|
找到HelloWorld。
开启PAE模式的情况:30~31位变成了PDPTE
相关博客:http://blog.csdn.net/zfdyq0/article/details/40954721