虚拟系统 space 如何防止访问?
How is virtual system space protected against access?
在 Microsoft Docs 我读到:
In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.
因为我有 64 位指针,所以我可以构造一个指向某个 0xFFFFxxxxxxxxxxxx 地址的指针。
站点继续:
Code running in user mode has access to user space but does not have access to system space.
如果我能够在系统虚拟地址 space 中猜出一个有效地址,是什么机制阻止我在那里写入?
我知道 memory protection 但它似乎没有提供区分用户内存和系统内存的东西。
根据 @RbMm 的评论,此信息存储在 PTE 中(第 table 页条目)。似乎有一点定义是否从用户模式授予访问权限。
an article on OSR online 证实了这一点,
Bit Name: User access
结构本身似乎不是 Microsoft 符号的一部分
0:000> dt ntdll!_page*
ntdll!_PAGED_LOOKASIDE_LIST
ntdll!_PAGEFAULT_HISTORY
0:000> dt ntdll!page*
0:000> dt ntdll!*pte*
00007fff324fe910 ntdll!RtlpTestHookInitialize
PTE 得到 CPU(特别是 MMU,内存管理单元)的密切支持。这就是我们找到其他信息 at OSDev 的原因,其中说
U, the 'User/Supervisor' bit, controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the supervisor can access it.
在某些leaked SDK files中,位似乎是
unsigned __int64 Owner : 1;
既然CPU支持PTE,我们应该在Linux中找到类似的东西。瞧,我看到 this SO answer 也有位:
#define _PAGE_USER 0x004
与OSDev的信息完全吻合
在 Microsoft Docs 我读到:
In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.
因为我有 64 位指针,所以我可以构造一个指向某个 0xFFFFxxxxxxxxxxxx 地址的指针。
站点继续:
Code running in user mode has access to user space but does not have access to system space.
如果我能够在系统虚拟地址 space 中猜出一个有效地址,是什么机制阻止我在那里写入?
我知道 memory protection 但它似乎没有提供区分用户内存和系统内存的东西。
根据 @RbMm 的评论,此信息存储在 PTE 中(第 table 页条目)。似乎有一点定义是否从用户模式授予访问权限。
an article on OSR online 证实了这一点,
Bit Name: User access
结构本身似乎不是 Microsoft 符号的一部分
0:000> dt ntdll!_page*
ntdll!_PAGED_LOOKASIDE_LIST
ntdll!_PAGEFAULT_HISTORY
0:000> dt ntdll!page*
0:000> dt ntdll!*pte*
00007fff324fe910 ntdll!RtlpTestHookInitialize
PTE 得到 CPU(特别是 MMU,内存管理单元)的密切支持。这就是我们找到其他信息 at OSDev 的原因,其中说
U, the 'User/Supervisor' bit, controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the supervisor can access it.
在某些leaked SDK files中,位似乎是
unsigned __int64 Owner : 1;
既然CPU支持PTE,我们应该在Linux中找到类似的东西。瞧,我看到 this SO answer 也有位:
#define _PAGE_USER 0x004
与OSDev的信息完全吻合