none
Virtual to Physical Address Translation RRS feed

  • Question

  • Hello, 

    I am in middle of something where I have to design a driver which can give me the address translation from virtual address of the application to the physical address. What I want to achieve is that I need the starting and the ending physical address of the applications that are loaded on RAM at a particular moment. 

    1. Is this possible ?
    2. If it is possible can you please give me some insights how can I achieve this? 

    PS: I am trying to achieve this in Windows 10 

    Thanks in advance

    Joe.


    Thursday, March 9, 2017 8:04 PM

Answers

  • What bigger problem are you trying to solve?   If you figure out a way to do this at all, it is going to involve a lot of undocumented data structures and calls, and probably be very fragile code.   A few examples of you problem are:

    1. There is no documented way in the kernel to get the used regions of a processes address space.
    2. If you solve #1 you need to get MDL's for these regions with the possibility that between collecting the data from item #1 and the time you create the MDL the region can change.
    3. Once you get the MDL's you are going to have a list of pages (remember these will not be physically contiguous) that represent the region at the time the MDL was created, but again things can change.
    4. Large portions of the process address space can be paged out, so unless you probe and lock the pages they will not be in memory, and if you do probe and lock you are taking huge amounts of address space.

    Abandon this idea now.  At least on a running system it will make it unusable.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Thursday, March 9, 2017 8:22 PM