Windows内核模式驱动程序如何访问分页内存? [英] How does a Windows Kernel mode Driver, access paged memory?
问题描述
1)用户模式进程具有其自己的地址上下文",该地址上下文将用户模式虚拟地址映射到物理页面框架的唯一集合. 也就是说,当Windows XP调度程序切换线程时,任何特定虚拟地址的含义都会从一瞬间改变到另一瞬间.
1) A usermode process has its own "address context", which maps the user-mode virtual addresses to a unique collection of physical page frames. That is, the meaning of any particular virtual address changes from one moment to the next as the Windows XP scheduler switches threads.
切换线程"的一部分工作是更改页表,以便它们引用传入线程的进程上下文.
Part of work of "switching threads" is to change the page tables so that they refer to the incoming thread’s process context.
_
2)Windows内核模式驱动程序在任意线程上下文"中执行.
2) A Windows Kernel-mode Driver executes in "arbitrary thread context".
驱动程序可以创建一个系统线程并在其上下文中工作...但是我说的是一个不创建系统线程的情况.
A driver may create a system thread and work in its context...but I am talking about the situation when one doesn't creates a system thread.
驱动程序可以使用"ExAllocatePoolWithTag"来分配页面调度(易失性存储中的内存).
Driver can use "ExAllocatePoolWithTag" to allocate paged(memory in volatile storage).
_
3)那么驱动程序如何在没有任何上下文的情况下访问分页内存?
3)So how does the driver access the paged memory without any context?
从第1点可以看出,通过上下文特定"的页表访问分页的内存.
As seen in point 1, paged mem is accessed through page tables which are "Context specific".
当驱动程序在其他线程上下文中运行时...页表条目指向与线程相关的phy.内存,驱动程序如何才能访问其分页内存?
when driver runs in some other threads context...i.e. page table entries points to the threads relevant phy. mem, how then can the driver get access to his paged memory?
PS:我对内核编程不感兴趣.别生气.
PS: me noob at kernel programming. Don't get mad.
推荐答案
使用的概念是用户/内核地址空间分割".每个进程地址空间都分为一个下部(通常为2 GB),该下部在用户模式下可访问,并且每个进程都不相同;一个上部(剩余的地址空间)仅在内核模式下可访问,并且每个过程都相同.
The concept used is the "user/kernel address space split". Each process address space is split into a lower portion (typically 2 GB) that is accessible to the process in user mode and differs for each process, and an upper portion (the remaining address space) that is only accessible in kernel mode, and is the same for every process.
当驱动程序分配页面内存时,它分配在地址空间拆分的内核侧,因此,无论当时加载了哪些进程页表,内核代码都将对其可见(因为这部分地址空间)对于每个过程都以相同的方式映射).
When the driver allocates paged memory, it is allocated on the kernel side of the address space split, so it will be visible to kernel code no matter which processes page tables are loaded at the time (since this part of the address space is mapped in the same way for every process).
这篇关于Windows内核模式驱动程序如何访问分页内存?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
