protected void ProcessSoftwareEntry(SoftwarePageTableEntry spte, ulong virtualAddress)
{
if (spte.Entry == 0)
{
return;
}
if (spte.IsTransition && !spte.IsPrototype)
{
AddressRecord ar = new AddressRecord();
ar.VirtualAddress = virtualAddress;
ar.PhysicalAddress = spte.RealEntry;
ar.Size = 0x1000;
ar.Flags = spte.Flags;
_translationLookasideBuffer.Add(ar);
}
else
{
AddressRecord ar = new AddressRecord();
ar.VirtualAddress = virtualAddress;
ar.PhysicalAddress = spte.Entry; // full original entry
ar.Size = 0x1000;
ar.Flags = spte.Flags;
ar.IsSoftware = true;
_translationLookasideBuffer.Add(ar);
}
}
string ProcessSoftwarePte(SoftwarePageTableEntry entry)
{
string result = "";
result += "Software Page Table Entry\n";
if (entry.IsTransition && !entry.IsPrototype)
{
result += "[TRANSITION]";
}
else if (entry.IsPrototype)
{
result += "[PROTO]\n";
ulong protoAddress = entry.ProtoAddress;
result += "Proto Address: " + protoAddress.ToString("x08");
if (protoAddress == 0xFFFFFFFF0000)
{
result += "[VAD]";
}
}
else if (!entry.IsTransition && !entry.IsPrototype)
{
result += "[SOFTWARE]\n";
ulong pfh = entry.PageFileOffset;
ulong pfl = entry.PageFileNumber;
ulong ue = entry.UsedPageTableEntries;
ulong pt = entry.Protection;
result += "Page File High: " + pfh.ToString("x08");
result += "\nPage File Low: " + pfl.ToString("x08");
result += "\nProtection: " + pt.ToString("x08");
result += "\nUsed Entries: " + ue.ToString("x08");
}
if (result != "")
{
result += "\n";
}
return(result);
}
public override string TraceAddress(ulong virtualAddress)
{
string output = "";
output += "Tracing Virtual Address: 0x" + virtualAddress.ToString("x16") + "\n\n";
output += "Directory Table Base: " + _dtb.ToString("x08") + "\n";
ulong pml4eAddress = ((UInt64)_dtb & 0x0000fffffffff000);
byte[] buffer = ReadData(pml4eAddress, 4096);
ulong pml4eIndex = (virtualAddress & 0xff8000000000) >> 39;
ulong pdpteIndex = (virtualAddress & 0x7fc0000000) >> 30;
ulong pdeIndex = (virtualAddress & 0x3fe00000) >> 21;
ulong pteIndex = (virtualAddress & 0x1ff000) >> 12;
output += "P4[" + pml4eIndex + "] ";
output += "PDPTE[" + pdpteIndex + "] ";
output += "PDE[" + pdeIndex + "] ";
output += "PTE[" + pteIndex + "] ";
output += "Offset[" + (virtualAddress & 0xfff) + "]\n\n";
// L4
ulong pml4eEntry = BitConverter.ToUInt64(buffer, (int)(pml4eIndex * 8));
L4PageDirectoryEntry l4de = new L4PageDirectoryEntry(pml4eEntry);
output += "pml4e value @ " + (pml4eAddress + pml4eIndex * 8).ToString("x08") + " is " + pml4eEntry.ToString("x08").PadRight(20) + "Flags: " + GetFlagString(l4de);
if (!l4de.InUse)
{
output += "Entry Not In Use\n\n";
return(output);
}
//PDPTE
buffer = ReadData(l4de.RealEntry, 4096);
ulong pdpteEntry = BitConverter.ToUInt64(buffer, (int)(pdpteIndex * 8));
PageDirectoryPointerTableEntry pdpte = new PageDirectoryPointerTableEntry(pdpteEntry);
output += "pdpte value @ " + (l4de.RealEntry + pdpteIndex * 8).ToString("x08") + " is " + pdpteEntry.ToString("x08").PadRight(20) + "Flags: " + GetFlagString(pdpte);
if (!pdpte.InUse)
{
output += "Entry Not In Use\n\n";
return(output);
}
if (pdpte.IsLarge)
{
output += "Entry is LARGE\n\n";
return(output);
}
// PDE
buffer = ReadData(pdpte.RealEntry, 4096);
ulong pdeEntry = BitConverter.ToUInt64(buffer, (int)(pdeIndex * 8));
PageDirectoryEntry pde = new PageDirectoryEntry(pdeEntry);
output += "pde value @ " + (pdpte.RealEntry + pdeIndex * 8).ToString("x08") + " is " + pdeEntry.ToString("x08").PadRight(20);
if (!pde.InUse)
{
output += "Entry Not In Use\n\n";
return(output);
}
if (pde.IsLarge)
{
LargePageDirectoryEntry lpde = new LargePageDirectoryEntry(pdeEntry);
output += "Flags: " + GetFlagString(lpde);
ulong physicalAddressL = (pdeEntry & 0xffffffe00000) + (virtualAddress & 0x1fffff);
output += "\nPhysical Address is in a LARGE 2M page @ 0x" + physicalAddressL.ToString("x08") + "\n\n";
return(output);
}
output += "Flags: " + GetFlagString(pde);
// PTE
buffer = ReadData(pde.RealEntry, 4096);
ulong pteEntry = BitConverter.ToUInt64(buffer, (int)(pteIndex * 8));
PageTableEntry pte = new PageTableEntry(pteEntry);
output += "pte value @ " + (pde.RealEntry + pteIndex * 8).ToString("x08") + " is " + pteEntry.ToString("x08").PadRight(20) + "Flags: " + GetFlagString(pte);
if (!pte.InUse)
{
SoftwarePageTableEntry spte = new SoftwarePageTableEntry(pteEntry);
output += ProcessSoftwarePte(spte);
output += "Entry Not In Use\n\n";
return(output);
}
ulong physicalAddress = (pteEntry & 0xfffffffff000) + (virtualAddress & 0xfff);
output += "\nPhysical Address is 0x" + physicalAddress.ToString("x08") + "\n\n";
return(output);
}
