摘要:
http://blogs.msdn.com/b/ntdebugging/archive/2010/06/22/part-3-understanding-pte-non-pae-and-x64.aspxHello, Ryan Mangipano (ryanman) again with part three of my series on understanding the output of th... 阅读全文
摘要:
http://blogs.msdn.com/b/ntdebugging/archive/2010/04/14/understanding-pte-part2-flags-and-large-pages.aspx Hello, it's Ryan Mangipano with part two of my PTE series. Today I'll discuss PDE/PTE flags, t... 阅读全文
摘要:
http://blogs.msdn.com/b/ntdebugging/archive/2010/02/05/understanding-pte-part-1-let-s-get-physical.aspx Hello. It’s Ryan Mangipano again (Ryanman). To 阅读全文
摘要:
之前想手动查找线性地址对应的物理地址,以更好的理解操作系统的分页机制,cr3的值和指定进程的EPROCESS的值总是对不上。 具体参考笔记[原]线性地址到物理地址转换 今天突然灵光一闪,想起来张老师说过的关于CR3的相关知识,CR3是操作系统在切换进程的时候才会更新的,我们用.process /p 阅读全文
摘要:
参考 [转]Part1: Understanding !PTE , Part 1: Let’s get physical [转]Part2: Understanding !PTE, Part2: Flags and Large Pages [转]Part 3: Understanding !PTE 阅读全文