Retrieving MmPhysicalMemoryBlock regardless of the NT version.

最新推荐文章于 2023-03-26 13:36:39 发布
最新推荐文章于 2023-03-26 13:36:39 发布
阅读量1.4k 收藏
点赞数
分类专栏: windows底层核心編程 文章标签: descriptor structure function struct null system
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/iiprogram/article/details/3080059
版权
 

Here is a method I’m using in the next version of Win32DD (1.2), to retrieve MmPhysicalMemoryBlock regardless of the NT Version. The main problem with KDDEBUGGER_DATA64 structure is the version dependency. Then, we have to rebuild this field by ourselves.

To retrieve physical memory runs, I’m using MmGetPhysicalMemoryRanges() *undocumented* function. This function usage had been documented by Mark Russinovich in 1999, in the Volume 1 Number 5 edition of the Sysinternals Newsletter.

Actually, this function is defined in DDK. Even if, MSDN says “The following routines are reserved for system use. Do not use them in your driver.”

  1. #if (NTDDI_VERSION >= NTDDI_WIN2K)
  2. NTKERNELAPI
  3. PPHYSICAL_MEMORY_RANGE
  4. MmGetPhysicalMemoryRanges (
  5.     VOID
  6.     );
  7. #endif

MmPhysicalMemoryBlock is a structure that provides information regarding the physical memory ranges used by the system and also total physical memory size. These uses motivated me to write MmGetPhysicalMemoryBlock().

  1. []
  2.     // NT 5.1 Addition
  3.     ULONG64   MmPhysicalMemoryBlock;
  4. [.. ]

As we can read in the KDDEBUGGER_DATA64 definition, MmPhysicalMemoryBlock field is an NT 5.1 Addition.

definition.

  1. typedef struct _PHYSICAL_MEMORY_RUN {
  2.     PFN_NUMBER BasePage;
  3.     PFN_NUMBER PageCount;
  4. } PHYSICAL_MEMORY_RUN, *PPHYSICAL_MEMORY_RUN;
  5.  
  6. typedef struct _PHYSICAL_MEMORY_DESCRIPTOR {
  7.     ULONG NumberOfRuns;
  8.     PFN_NUMBER NumberOfPages; // NumberOfPages * PAGE_SIZE is physical memory size.
  9.     PHYSICAL_MEMORY_RUN Run [ 1 ]; // NumberOfRuns is the total entries.
  10. } PHYSICAL_MEMORY_DESCRIPTOR, *PPHYSICAL_MEMORY_DESCRIPTOR;
  11.  
  12. PPHYSICAL_MEMORY_DESCRIPTOR
  13. MmGetPhysicalMemoryBlock (
  14.         VOID
  15. );

code.

  1. /*++
  2. Function Name: MmGetPhysicalMemoryBlock
  3.  
  4. Overview:
  5.         - This function aims at retrieving MmPhysicalMemoryBlock, regardless
  6.         of the host version.
  7.  
  8.         The caller has to free the memory block.
  9.  
  10. Parameters:
  11.         -
  12.  
  13. Environment:
  14.         - Kernel Mode. PASSIVE_LEVEL.
  15.  
  16. Return Values:
  17.         - PPHYSICAL_MEMORY_DESCRIPTOR
  18. –*/
  19. PPHYSICAL_MEMORY_DESCRIPTOR
  20. MmGetPhysicalMemoryBlock ( VOID
  21.                           )
  22. {
  23. PPHYSICAL_MEMORY_DESCRIPTOR MmPhysicalMemoryBlock;
  24. PPHYSICAL_MEMORY_RANGE MmPhysicalMemoryRange;
  25. ULONG MemoryBlockSize;
  26. PFN_NUMBER NumberOfPages;
  27. ULONG NumberOfRuns;
  28. ULONG Run;
  29.  
  30.     //
  31.     // PHYSICAL_MEMORY_DESCRIPTOR isn’t exported into KDDEBUGGER_DATA64
  32.     // NT 5.0 and below. But MmGetPhysicalMemoryRanges() computes
  33.     // PHYSICAL_MEMORY_RANGE with PHYSICAL_MEMORY_DESCRIPTOR. Then,
  34.     // We can easily rewrite PHYSICAL_MEMORY_DESCRIPTOR.
  35.     //
  36.     MmPhysicalMemoryRange = MmGetPhysicalMemoryRanges ( );
  37.  
  38.     //
  39.     // Invalid ?
  40.     //
  41.     if (MmPhysicalMemoryRange == NULL ) return NULL;
  42.  
  43.     //
  44.     // Compute the number of runs and the number of pages
  45.     //
  46.     NumberOfRuns = 0;
  47.     NumberOfPages = 0;
  48.     while ( (MmPhysicalMemoryRange [NumberOfRuns ]. BaseAddress. QuadPart != 0 ) &&
  49.             (MmPhysicalMemoryRange [NumberOfRuns ]. NumberOfBytes. QuadPart != 0 ) )
  50.     {
  51.         NumberOfRuns++;
  52.         NumberOfPages += (PFN_NUMBER )BYTES_TO_PAGES (
  53.             MmPhysicalMemoryRange [NumberOfRuns ]. NumberOfBytes. QuadPart );
  54.     }
  55.  
  56.     //
  57.     // Invalid ?
  58.     //
  59.     if (NumberOfRuns == 0 ) return NULL;
  60.  
  61.     //
  62.     // Compute the size of the pool to allocate and then allocate
  63.     //
  64.     MemoryBlockSize = sizeof (ULONG ) +
  65.         sizeof (PFN_NUMBER ) +
  66.         sizeof (PHYSICAL_MEMORY_RUN ) * NumberOfRuns;
  67.  
  68.     MmPhysicalMemoryBlock = ExAllocatePoolWithTag (NonPagedPool,
  69.                                                   MemoryBlockSize,
  70.                                                   ‘  mM’ );
  71.  
  72.     //
  73.     // Define PHYSICAL_MEMORY_DESCRIPTOR Header.=
  74.     //
  75.     MmPhysicalMemoryBlock->NumberOfRuns = NumberOfRuns;
  76.     MmPhysicalMemoryBlock->NumberOfPages = NumberOfPages;
  77.  
  78.     for (Run = 0; Run < NumberOfRuns; Run++ )
  79.     {
  80.         //
  81.         // BasePage
  82.         //
  83.         MmPhysicalMemoryBlock->Run [Run ]. BasePage =
  84.             (PFN_NUMBER )MI_CONVERT_PHYSICAL_TO_PFN (
  85.             MmPhysicalMemoryRange [NumberOfRuns ]. BaseAddress. QuadPart
  86.  
  87.             );
  88.  
  89.         //
  90.         // PageCount
  91.         //
  92.         MmPhysicalMemoryBlock->Run [Run ]. PageCount =
  93.             (PFN_NUMBER )BYTES_TO_PAGES (
  94.             MmPhysicalMemoryRange [Run ]. NumberOfBytes. QuadPart
  95.             );
  96.     }
  97.  
  98.     return MmPhysicalMemoryBlock;
  99. }
iiprogram
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
The Portable Executable File Format from Top to Bottom
Just_Fancy的专栏
04-20 1887
  The Portable Executable File Format from Top to Bottom Randy Kath Microsoft Developer Network Technology Group Created: June 12, 1993Click to open or copy the files in the EXEVIEW sample application for this technical article.Click to open or copy th
Android.for.the.BeagleBone.Black
02-26
Title: Android for the BeagleBone Black Author: Andrew Henderson, Aravind Prakash Length: 120 pages Edition: 1 Language: English Publisher: Packt Publishing Publication Date: 2015-02-27 ISBN-10: 1784392162 ISBN-13: 9781784392161 Design and implement Android apps that interface with your own custom hardware circuits and the BeagleBone Black About This Book Design custom apps that interact with the outside world via BeagleBone Black Modify Android to recognize, configure, and communicate with sensors, LEDs, memory, and more A step-by-step guide full of practical Android app examples that will help the users to create Android controlled devices that will use BeagleBone as hardware Who This Book Is For If you are an Android app developer who wants to experiment with the hardware capabilities of the BeagleBone Black platform, then this book is ideal for you. You are expected to have basic knowledge of developing Android apps but no prior hardware experience is required. In Detail This book explores using the Android OS on the BeagleBone Black hardware platform and provides an introduction to Android's unique approach to hardware interfacing. You'll be walked through the process of installing and configuring Android on your BeagleBone Black, as well as preparing your PC development environment to create Android applications that directly interface with hardware devices. Several example projects within this book introduce you to using the GPIO, SPI, and I2C hardware interfaces of the BeagleBone Black. You'll create Android apps that communicate directly with actual hardware components such as sensors, memory chips, switches, and LEDs. Step-by-step guidance through both the software and hardware portions of these projects is provided. Combining all of the previous projects into a single project that uses GPIO, SPI, and I2C together, you will explore the details of creating an advanced hardware interfacing app. Finally, you'll be provided with information on transitioning prototype code into code suitable for deployment on an Android-based device. With a variety of example apps that demonstrate key hardware communication concepts, this book will help you become an Android hardware interfacing pro in no time. Table of Contents Chapter 1. Introduction to Android and the BeagleBone Black Chapter 2. Interfacing with Android Chapter 3. Handling Inputs and Outputs with GPIOs Chapter 4. Storing and Retrieving Data with I2C Chapter 5. Interfacing with High-speed Sensors Using SPI Chapter 6. Creating a Complete Interfacing Solution Chapter 7. Where to Go from Here
An RM-NN algorithm for retrieving land surface temperature
01-03
An RM-NN algorithm for retrieving land surface temperature and emissivity from EOS/MODIS data
A General Paradigm for Retrieving Soil Moisture and ...
01-03
The proposed paradigm not only has physical meaning, but also makes deep learning physically interpretable,which is a milestone in the retrieval of geophysical remote sensing parameters based on artificial intelligence technology
HW4.rar_Image captioning_The Common_machine vision
07-15
An image retrieval system is a computer system for browsing, searching and retrieving images from a large database of digital images. Most traditional and common methods of image retrieval utilize some method of adding metadata such as captioning, keywords, or descriptions to the images so that retrieval can be performed over the annotation words.
rs.rar_The Need
09-24
retrieving data from mssql database you need a data source, in this case cpdwps to connect to the database and access its resources
《Windows NT File System Internals》学习笔记之物理内存管理简介
不论你在什么时候开始,重要的是开始之后就不要停止。
11-01 1976
页帧和页帧数据库NT VMM必须管理系统内可用的物理内存。VMM使用的方法和现代商用操作系统中使用的方法类似。 NT VMM将可用的RAM划分为固定尺寸的页帧。页帧的大小可以从4K~64K。在Intel X86结构上,页尺寸为4K。每一个页桢都在页帧数据库(PFN Database)中有相应的入口项。页帧数据库在非分页内存池中,它是一个页帧入口数组。PFN数据库为每一个页帧维护以下信息
A Crash Course on the Depths of Win32™ Structured Exception Handling
GODCUPID的专栏
04-08 848
At its heart, Win32 structured exception handling is an operating system-provided service. All the docs you're likely to find about SEH describe one particular com-piler's runtime library wrapping aro
smb.conf.5.html
MM22GG的专栏
09-22 3847
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html     Name smb.conf — The configuration file for the Samba suite SYNOPSIS The smb.conf file is a configuration file for the Sam
内存管理(1)概述&系统空间初始化
Returns' Station
05-12 1848
大概看了些内存管理的东西,整理一下笔记,陆续贴上来。 参考《Windows Internals》、《Windows内核原理与实现》、WRK。调试环境WRK x86,非PAE。 开始时比较乱,因为还没想好要如何排版,不过反正开头都是些基础东西,匆匆带过好了 一、概述,内存管理一些基础 主要要实现的功能: 1.    进程间内存实现隔离 2.内存的申请和释放 3.  主存
从Blue Pill、硬件虚拟化谈安全防护完备性上的一个小原则
XboxMicro
02-28 1489
原文地址http://blogs.360.cn/360safe/2013/09/30/from-bluepill-vmx-to-a-simple-defence-principle/ 多年没写博客了,就先捡点剩菜剩饭炒炒,没啥营养,同学们可以随便看看。另外就是文笔真心烂,阅读的同学们需要点耐心。 这篇博客说说一个安全防护系统完备性上所需的一个小原则:防护系统与被防护对象所用资源的完全隔
获取操作系统的内核基地址
weixin_33724046的博客
11-05 433
操作系统的内核模块根据处理器的个数和是否支持PAE(Physical Address Extension物理地址扩展)分为以下四种 ntoskrnl.exe ---Uniprocessor单处理器,不支持PAE ntkrnlpa.exe ---Uniprocessor单处理器,支持PAE ntkrnlmp.exe ---Multiprocess...
linux mm系列:memblock分配器
qq_33854057的博客
03-26 174
memblock是物理分配器还是虚拟分配器?答:memblock管理的核心逻辑是基于物理内存的,从这个角度来看是物理分配器。但是分配的返回地址可以是物理地址也可以是虚拟地址。虚拟地址是通过phys_to_virt函数完成的映射。因此可以看出memblock的工作在直接映射区上,即通过__va()宏得到虚拟地址。memblock的生命周期是怎样的?答:memblock存在于Linux启动初期,这个阶段buddy还未工作。
tensorflow-2.9.2-cp39-cp39-win-amd64.whl
最新发布
06-01
python爬虫案例
2023年下半年计算机等级考试-公共基础-WPS-PS.zip
06-01
2023年下半年计算机等级一级考试Photoshop考点梳理 2023年下半年计算机等级一级考试WPS office考点汇总 2023年下半年计算机二级考试公共基础知识科目考点汇总 根据实际考试情况进行的总结。
Introduction to Data Science Data With R 英文
06-01
Introduction to Data Science Data Analysis and Prediction Algorithms with R 英文原版,完整带目录,非常好的数据分析资料,有基于R的完整数据分析过程
数电实验三:74LS151逻辑功能测试、74LS153逻辑功能测试、74LS153全加器、三输入多数表决电路
06-01
数电实验三:74LS151逻辑功能测试、74LS153逻辑功能测试、74LS153全加器、三输入多数表决电路
农业机械维修记录(表式).doc
06-01
农业机械维修记录(表式).doc
Preparing transaction: done Verifying transaction: done Executing transaction: done Retrieving notices: ...working... done
06-10
在这个过程中,它会验证所有要安装的软件包(Verifying transaction),并将需要的软件包从远程服务器上检索到本地计算机(Retrieving notices)。最后,如果有任何提示或警告,它们将被显示出来(done Retrieving ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值