locked
How to switch CR3 context? RRS feed

  • Question

  • Hello,

    On a Windows 7 x64, app ABC is running.  Windbg is attached to this target machine.  After the below two commands were executed, shouldn't CR3's content showed the dir_base of app ABC?  Thanks for any help.

    .process /r /P ABC.exe (or eprocess address of app ABC)

    .thread /r /P ABC's thread.

    Tuesday, January 25, 2011 8:13 PM

All replies

  • Hello pleased to meet you again

    For me your cmds work quite right. Subsequent cmds of dd, dc are successful.

    Register CR3 does always point (for me) to the same address in different processes, because win2000/XP does map the page-directory always to linear address 0xc0300000. Running a vm, windbg  always shows me a linear address of 0x300000 in CR3 (not the physical one). And now, if you ask me why the older wins do map the page-directory to a linear address, i can only guess, because i read about it, but forgot most of it. Not remembering the book, my best guess is for inner book-keeping. But I wonder if Windows 7 x64 shows the same behaviour? So I would appreciate to hear about it.      

     

    Wednesday, January 26, 2011 1:15 PM