> Computer and Education > courses > university courses > undergraduate courses > Operating System > ZSTU-(2020-2021)-1 > student homework > 2018529627017_ChipusileJohnSikasote >| Homework 9 Version 0 |
|
| 👤 Author: by chipusilesgmailcom 2020-12-15 07:48:46 | |
The virtual address of the PEB (0x7ffdf000) is also contained in the EPROCESS structure. This equates to 01111111111111011111000000000000 in binary, keeping in mind that this is little endian format and must be read from right to left. As detailed in Table 3.1, the most significant 10 bits of this virtual address tell us that the 511th entry in the page directory is associated with the PEB. The next most significant 10 bits tell use that the 991st entry in the page table is associated with the PEB.
Table 3.1. The Interpretation of Virtual Address 0x7ffdf000
| Descr iption | Bits | Binary | Hexadecimal | Decimal |
|---|---|---|---|---|
| Page Directory Entry | 31-22 | 0111111111 | 0x1ff | 511 |
| Page Table Entry | 21-12 | 1111011111 | 0x3df | 991 |
| Offset in Page | 11-0 | 000000000000 | 0x0 | 0 |
The fact that the DTB address is provided as a physical location, means that we start the address translation process by simply going to that location in the memory dump. Then we need to skip to the 511th entry. Because each entry in the page directory is 4 bytes in length, the physical location in the memory dump of the 511th directory entry is 0x0a0397fc (0x0a039000 + 0x1ff * 4).
The 511th entry in the DTB contains the data 0x0a102067, the 4 most significant bytes of which is the page table base address (0xa102). Because each page table is 4096 bytes, the location of this page table is 0x0a102000 (0xa102 * 0x1000). Therefore, the physical location in the memory dump of the 991-page table entry is 0x0a102f7c (0xa102 * 0x1000 + 0x3df * 4).
Please login to reply. Login