Page 32 - DCAP408_WEB_PROGRAMMING
P. 32
Windows Programming
Notes So a user mode application can not directly access or alter the page tables. Certainly if a kernel
mode driver wants to do that, it can do it since once you are in kernel mode, you almost own the
whole system. To recognize this in more details, study the next section on Windows Logical
memory layout.
Self Assessment
Fill in the blanks:
12. Windows give memory ........................ to all the processes in order that one process can’t
utilize other process’s memory.
13. ........................ application can not directly access or alter the page tables.
2.4 Windows Logical Memory Layout
Windows provides lower 2GB (or 3GB relying upon boot.ini switch) logical address space of a
process to user mode and upper 2GB (or 1GB relying upon boot.ini switch) to Windows kernel.
Out of the total kernel address space, it reserves addresses from 0xC0000000 to 0xC03FFFFF for
Page Tables and Page Directory. Each process has its Page Tables positioned at the logical
address 0xC0000000 and page directory situated at logical address 0xC0300000. This logical
memory arrangement is displayed below:
You can utilize Windows kernel debugger kd or windbg to verify this (point to !pte and !vtop
debugger extensions). The physical address to this page directory is amassed in CR3. The 1024
addresses beginning from 0xC0300000 displays Page Directory Entry (PDE). Each PDE includes
a 4 byte physical address which refers to a Page Table. Each Page Table has 1024 entries which
either includes a physical address referring to a physical page of 4KB or includes an invalid
entry. This was also discussed above in the processor’s paging and Windows page table
management section but repeated here for clearness sake. So why does Windows utilize logical
address 0xC000000000 to amass the Page Tables and address 0xC0300000 to amass page directory?
The prerequisite for storing the page tables in memory is that a rouge consumer mode application
26 LOVELY PROFESSIONAL UNIVERSITY
