Welcome to Scribd!

Skip carousel

Windows Kernel Internals Advance Virtual Memory PDF

Uploaded by

tamthientai

0% found this document useful (0 votes)

43 views21 pages

Original Title

Windows Kernel Internals Advance Virtual Memory.pdf

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

0% found this document useful (0 votes)

43 views21 pages

Windows Kernel Internals Advance Virtual Memory PDF

Uploaded by

tamthientai

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

Jump to Page

You are on page 1of 21

Search inside document

Windows Kernel Internals Advance Virtual Memory

David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation

Microsoft Corporation 1

Microsoft Corporation

Solomon & Russinovich

Shared Memory Data Structures

Microsoft Corporation

PFN: Working Set Page

Microsoft Corporation

PFN: Free Page

Microsoft Corporation

PFN: Standby Page

Microsoft Corporation

PFN: Transition page

Microsoft Corporation

PFN Fields
PteAddress: VA of PTE referencing page RefCount: count of WS or IO locks OriginalPte: PTE to restore on soft-fault PteFrame: PageFrame for PteAddress Flags:
Modified : 1 ReadInProgress : 1 WriteInProgress : 1 PrototypePte: 1 PageColor : 4 PageLocation : 3 RemovalRequested : 1 CacheAttribute : 2
8

Microsoft Corporation

Page Table Entries

Some fields defined by hardware Six PTE states:
Active/valid Transition Modified-no-write Demand zero Page file Mapped file
Microsoft Corporation 9

Valid x86 Hardware PTEs

Reserved Global Dirty Accessed Cache disabled Write through Owner Write

Pageframe
31

R R R G R D A Cd Wt O W 1
12 11 10 9 8 7 6 5 4 3 2 1 0
10

Microsoft Corporation

x86 Invalid PTEs

Page file
Page file offset 0
31 12 11 10 9

Transition Prototype Protection

5 4

PFN

0
1 0

Transition
Page file offset 1
31 12 11 10 9

Transition Prototype Protection HW ctrl 0

5 4 1 0

Cache disable Write through Owner Microsoft Corporation Write

x86 Invalid PTEs

Demand zero:
PFN Page file PTE with zero offset and

Unknown:

PTE is completely zero or Page Table doesnt exist yet. Examine VADs.

Pointer to Prototype PTE

pPte bits 7-27
31 12 11 10 9 8 7
Microsoft Corporation

pPte bits 0-6

5 4

0
1 0
12

MMPAGING_FILE
PFN_NUMBER Size, MaxSize, MinSize, FreeSpace, CurrUsage, PeekUsage, HighestPage pFileObject ModWriterMdlEntries[] pPageFileName pAllocationBitmap Flags:
PageFileNumber, RefCount, BootPart
Microsoft Corporation 13

MMSUPPORT
// embedded in EPROCESS WorkingSetExpEntry[2] LastTrimTime Flags PageFaultCount, PeakWorkingSetSize, GrowthSinceLastEstimate MinimumWorkingSetSize, MaximumWorkingSetSize pVmWorkingSetList WSLE_NUMBER Claim, NextEstimationSlot, NextAgingSlot, EstimatedAvailable, WorkingSetSize

Microsoft Corporation

MMADDRESS_NODE
pParent, pLeft, pRight StartingVpn, EndingVpn

Microsoft Corporation

MMVAD
MMADDRESS_NODE AddressTreeNode pControlArea pFirstProtoPte pLastContigPte Flags:
CommitCharge, PhysMap, ImageMap, Awe, Prot, MemCommit, Private, LargePages, WriteWatch, NoChange, FileOffset64k, SecNoChange, ReadOnly, Extendable, Inherit, CopyOnWrite
Microsoft Corporation 16

CONTROL_AREA
pSegment DereferenceListEntry[2] nSectRefs, nPfnRefs, nMapViews, nCacheViews, nUserRefs nModWrites, nFlushesActive, Flags pFileObject iPfnBase Subsections[]
Microsoft Corporation 17

SUBSECTION
pControlArea Flags:
ReadOnly, ReadWrite, SubsectionStatic, GlobalMemory, Protection, StartingSector, SectorEndOffset

StartingSector nFullSectors pSubsectBasePtes nUnusedPtes nPtesInSubsection pNextSubsection nMappedViews

Microsoft Corporation 18

SECTION
MMADDRESS_NODE AddressTreeNode pSegment Size InitialPageProt Flags:
BeingDeleted, BeingCreated, BeingPurged, NoModifiedWriting, FailAllIo, Image, Based, File, Networked, NoCache, PhysicalMemory, CopyOnWrite, Commit, FloppyMedia, WasPurged, UserReference, GlobalMemory, DeleteOnClose, FilePointerNull, DebugSymbolsLoaded, SetMappedFileIoComplete, CollidedFlush, NoChange, HadUserReference, ImageMappedInSystemSpace, UserWritable, Accessed, GlobalOnlyPerSession, Rom
Microsoft Corporation 19

SEGMENT
pControlArea nPtes nWritableUserRefs Size PteTemplate nCommittedPages Flags BasedAddress PrototypePte ProtoPtes[]
Microsoft Corporation 20

Discussion

Microsoft Corporation

Solution Manual For Operating System Concepts Essentials 2nd Edition by Silberschatz
Document6 pages
Solution Manual For Operating System Concepts Essentials 2nd Edition by Silberschatz
tina tina
No ratings yet
MSDN - Debugging Guide
Document4,176 pages
MSDN - Debugging Guide
Ajit Kumar Singh
No ratings yet
© 2018 Caendra Inc. - Hera For Ptpv5 - Leveraging Powershell During Exploitation
Document26 pages
© 2018 Caendra Inc. - Hera For Ptpv5 - Leveraging Powershell During Exploitation
Saw Gyi
No ratings yet
NT Logon
Document38 pages
NT Logon
smilealwplz
No ratings yet
052 Iczelions - Win32 - Assembly - Tutorials PDF
Document273 pages
052 Iczelions - Win32 - Assembly - Tutorials PDF
z4rm4r
No ratings yet
CC Omake
Document202 pages
CC Omake
helloreader
No ratings yet
UNIX Programmer's Manual
Document336 pages
UNIX Programmer's Manual
Siva Sankar
No ratings yet
IBM I System Administration A Complete Guide - 2021 Edition
From Everand
IBM I System Administration A Complete Guide - 2021 Edition
Gerardus Blokdyk
No ratings yet
Introduction To Algebraic Topology and Algebraic Geometry - U. Bruzzo
Document132 pages
Introduction To Algebraic Topology and Algebraic Geometry - U. Bruzzo
Negoescu Mihai Cristian
No ratings yet
Basics of Hacking PDF
Document51 pages
Basics of Hacking PDF
tamthientai
No ratings yet
Windows Kernel Internals Virtual Memory Manager - I PDF
Document52 pages
Windows Kernel Internals Virtual Memory Manager - I PDF
tamthientai
No ratings yet
Optimizing Visual Studio Code for Python Development: Developing More Efficient and Effective Programs in Python
From Everand
Optimizing Visual Studio Code for Python Development: Developing More Efficient and Effective Programs in Python
Sufyan bin Uzayr
No ratings yet
Heap Exploitation
Document54 pages
Heap Exploitation
Jehu Shalom
No ratings yet
Windows Kernel Internals: David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation
Document20 pages
Windows Kernel Internals: David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation
shamagondal
No ratings yet
WIndows Kernel
Document22 pages
WIndows Kernel
Ikram Nazeer
No ratings yet
15 Redis Post Exploitation
Document74 pages
15 Redis Post Exploitation
Ayush Bhowmick
No ratings yet
Motivation: Daemon Win32 Process With Some Additional Code To Interact With The SCM
Document31 pages
Motivation: Daemon Win32 Process With Some Additional Code To Interact With The SCM
Kamaldeep Nainwal
No ratings yet
Object-Oriented Technology and Computing Systems Re-Engineering
From Everand
Object-Oriented Technology and Computing Systems Re-Engineering
H. S. M. Zedan
No ratings yet
Swap Files Anti-Forensics On Linux
Document7 pages
Swap Files Anti-Forensics On Linux
omar4821
No ratings yet
Windows Forensics: Dr. Phil Polstra @ppolstra PHD, Cissp, Ceh
Document15 pages
Windows Forensics: Dr. Phil Polstra @ppolstra PHD, Cissp, Ceh
karla
No ratings yet
x86 Disassembly
Document148 pages
x86 Disassembly
GothicFighter
100% (1)
Concurrent Window System - Rob Pike
Document11 pages
Concurrent Window System - Rob Pike
Ivan V
No ratings yet
Programming Windows With MFC
Document12 pages
Programming Windows With MFC
paultanasescu
No ratings yet
Israel Space Agency
Document12 pages
Israel Space Agency
samirsamira928
No ratings yet
Inside Windows NT High Resolution Timers
Document4 pages
Inside Windows NT High Resolution Timers
3433086271
No ratings yet
Mark Russinovich - Memory - A Must
Document60 pages
Mark Russinovich - Memory - A Must
yonnon
No ratings yet
Introduction To Programming With Basic
Document140 pages
Introduction To Programming With Basic
Malachy Eziechina
No ratings yet
L Linux Process Management PDF
Document11 pages
L Linux Process Management PDF
Vaishnavi Eswar
No ratings yet
Linear Algebra and Gaming
Document8 pages
Linear Algebra and Gaming
juan
No ratings yet
Beginning C: From Beginner to Pro
From Everand
Beginning C: From Beginner to Pro
German Gonzalez-Morris
No ratings yet
SSH Password Guessing: Linux Compromise and Forensics
Document6 pages
SSH Password Guessing: Linux Compromise and Forensics
karthik.forums1246
No ratings yet
Raymond Chen - The Old New Thing - Practical Development Throughout The Evolution of Windows-Addison-Wesley (2007)
Document518 pages
Raymond Chen - The Old New Thing - Practical Development Throughout The Evolution of Windows-Addison-Wesley (2007)
few
No ratings yet
Winsock Tutorial
Document13 pages
Winsock Tutorial
Ashwikaa Shah
No ratings yet
An In-Depth Look Into The Win32 PE File Format - Matt Pietrek 2002
Document30 pages
An In-Depth Look Into The Win32 PE File Format - Matt Pietrek 2002
Alex Beldner
100% (1)
Evolution of The Windows Kernel Architecture
Document30 pages
Evolution of The Windows Kernel Architecture
jpaulpra
No ratings yet
Storage Talk Mongodb
Document36 pages
Storage Talk Mongodb
Dev Fitriady
No ratings yet
Autotools A Practitioner's Guide To Autoconf, Automake and Libtool
Document17 pages
Autotools A Practitioner's Guide To Autoconf, Automake and Libtool
Hygor DTI
100% (1)
C Cplusplus Language Notes
Document68 pages
C Cplusplus Language Notes
Kairos Francisco Benitez
No ratings yet
Linux Kernel Primer
Document540 pages
Linux Kernel Primer
Kalimuthu Velappan
No ratings yet
Basics of Embedded Linux
Document55 pages
Basics of Embedded Linux
vansi84
No ratings yet
Vim For Humans
Document49 pages
Vim For Humans
Breno Santos
No ratings yet
Pthread Tutorial by Peter (Good One)
Document29 pages
Pthread Tutorial by Peter (Good One)
gunda_venu9856
No ratings yet
C++ Tutorial Part II - Advanced: Silan Liu
Document53 pages
C++ Tutorial Part II - Advanced: Silan Liu
abdulhakimu@yahoo.com
No ratings yet
Red Hat Linux 6.2 Reference Guide
Document375 pages
Red Hat Linux 6.2 Reference Guide
NikunjBhatt
No ratings yet
Advanced Exploit Development
Document57 pages
Advanced Exploit Development
Pooja Khare
No ratings yet
Arm Baremetal Ebook
Document96 pages
Arm Baremetal Ebook
Flavio Falcão
No ratings yet
Pthread PDF
Document33 pages
Pthread PDF
vineeth sagar
No ratings yet
Web Server
Document11 pages
Web Server
Faisal Sikander Khan
No ratings yet
Professional Assembly Language
From Everand
Professional Assembly Language
Richard Blum
Rating: 3.5 out of 5 stars
3.5/5 (2)
Windows Drivers
Document81 pages
Windows Drivers
Sony Hasan
No ratings yet
Web Server Performance Analysis PDF
Document14 pages
Web Server Performance Analysis PDF
Gaby Ramirez Azanza
No ratings yet
Winsock Programming
Document12 pages
Winsock Programming
vivekkumars
100% (1)
Modern Cmake
Document73 pages
Modern Cmake
Sabapathy Kannappan
No ratings yet
KDE Frameworks Cookbook
Document52 pages
KDE Frameworks Cookbook
jim_macbook
No ratings yet
book24x7書單2008 111
Document916 pages
book24x7書單2008 111
crampingpaul
No ratings yet
Ada Programming Language
Document32 pages
Ada Programming Language
Ranny Codilla
100% (1)
Assembly Programming Journal - Issue 8
Document59 pages
Assembly Programming Journal - Issue 8
lesuts
No ratings yet
Assembly Book
Document512 pages
Assembly Book
PreyanshMitharwal
No ratings yet
WIN32 API Programming
Document34 pages
WIN32 API Programming
sanu222
No ratings yet
Microsoft Macro Assembler - Wikipedia, The Free Encyclopedia
Document3 pages
Microsoft Macro Assembler - Wikipedia, The Free Encyclopedia
beta2009
No ratings yet
Pthreads Complete Self-Assessment Guide
From Everand
Pthreads Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
FreeBSD Mastery: Advanced ZFS: IT Mastery, #9
From Everand
FreeBSD Mastery: Advanced ZFS: IT Mastery, #9
Michael W. Lucas
No ratings yet
Geometric Algebra and Its Application To Mathematical Physics - C. Doran
Document187 pages
Geometric Algebra and Its Application To Mathematical Physics - C. Doran
tamthientai
No ratings yet
Algorithmic Algebra
Document425 pages
Algorithmic Algebra
tamthientai
No ratings yet
Windows Kernel Internals Advance Virtual Memory PDF
Document21 pages
Windows Kernel Internals Advance Virtual Memory PDF
tamthientai
No ratings yet
Algebraic Topology A Computational Approach - Kaczynski - Mischaikow - Mrozek
Document219 pages
Algebraic Topology A Computational Approach - Kaczynski - Mischaikow - Mrozek
tamthientai
No ratings yet
S (1) - Lefschetz-Algebraic Topology
Document396 pages
S (1) - Lefschetz-Algebraic Topology
max_2_0
No ratings yet
Algebraic Numbers and Fourier Analysis - R. Salem (1963) WW
Document41 pages
Algebraic Numbers and Fourier Analysis - R. Salem (1963) WW
cclan05
100% (1)
One Sense Per Collocation
Document6 pages
One Sense Per Collocation
tamthientai
No ratings yet
One Sense Per Collocation
Document6 pages
One Sense Per Collocation
tamthientai
No ratings yet
Windows Kernel Internals Virtual Memory Manager - I PDF
Document52 pages
Windows Kernel Internals Virtual Memory Manager - I PDF
tamthientai
No ratings yet