1 / 7

Address Spaces

Address Spaces. 00000000. Unique per process, accessible in user or kernel mode. .EXE code Globals Per-thread user mode stacks Process heaps .DLL code. 2 GB per-process Address space of one process is not directly reachable from other processes 2 GB systemwide

carlton
Download Presentation

Address Spaces

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Address Spaces 00000000 Unique per process, accessible in user or kernel mode .EXE code Globals Per-thread user mode stacks Process heaps .DLL code • 2 GB per-process • Address space of one process is not directly reachable from other processes • 2 GB systemwide • The operating system is loaded here, and appears in every process’s address space • There is no process for “the operating system” (though there are processes that do things for the OS, more or less in “background”) 7FFFFFFF 80000000 Exec, Kernel, HAL, drivers, per-thread kernel mode stacks, Win32K.Sys File system cache Paged pool Non-paged pool Per process, accessible only in kernel mode C0000000 System wide, accessible only in kernel mode Process page tables, … FFFFFFFF

  2. Paged and Nonpaged Memory • Kernel mode address space: paged – nonpaged Why? • Rule: Code executing above IRQL DISPATCH_LEVEL cannot cause page faults • PAGED_CODE() preprocessor macro -> discover rule violations

  3. Memory Management InformationTask manager performance tab Screen snapshot from: Task Manager | Performance tab

  4. Compile-Time Control • Win32 executables: sections • Sectionnames beginning with “page” or “.eda” into paged pool • #pragma alloc_text(PAGE, f) -> function f in section PAGE • #pragma data_seg(“PAGE”) -> static variables into paged pool #pragma data_seg() • #pragma code_seg(“PAGE”) -> functions into paged pool #pragma data_seg()

  5. Run-Time Control • #pragma alloc_text(PAGExyz, f) #pragma alloc_text(PAGExyz, g) h = MmLockPagableCodeSection((PVOID)f); … MmUnLockPagableImageSection(h); • #pragma data_seg(“PAGE”) ULONG ulDaten; #pragma data_seg() h = MmLockPagableDataSection ((PVOID)ulDaten)

  6. Heap Allocator • PVOID p = ExAllocatePool(type, nbytes); type is NonPagedPool, PagedPool, … • ExFreePool((PVOID)p);

  7. Linked Lists • Doubly-linked and singly linked lists • Service functions and macros

More Related