0

I was doing Windows system programming and wondered if I can access a process' page table on source code level.

Here is what I know about page table related to virtual memory.

Let's suppose an user just runs a process called 'A' process on Windows OS(32bit).

First of all, the OS creates and maintains 4GB virtual address space for A process.

(2GB of it is Kernel address space and the other 2GB is User address space.

Any codes in User address space cannot directly access Kernel address space.)

Then, the OS creates and maintains a page table for A process in physical memory to map virtual memory address to physical memory address.

Here is my question.

After OS creates a page table for A process, is this page table mapped to A's Kernel address space so user can indirectly access the page table from source code?

Or the page table is not mapped to any of A's virtual address spaces but just resides only in physical memory so user cannot access the page table?

Joon
  • 53
  • 1
  • 9
  • 1
    I'm voting to close this question as off-topic because it is asking for memory implementation question concerning Windows and not directly programming related. – Daniel A. White Jan 04 '17 at 01:41
  • @DanielA.White Sorry, I was trying to find way to access page table while programming. I just edited the post and added the stuff. – Joon Jan 04 '17 at 02:10
  • The phrase "source code level" doesn't make sense in this context. I'm not sure what you're asking. – Harry Johnston Jan 04 '17 at 03:01
  • See [Accessing User-Space Memory](https://msdn.microsoft.com/en-us/library/windows/hardware/ff540463(v=vs.85).aspx) on MSDN. – Harry Johnston Jan 04 '17 at 03:05
  • @HarryJohnston Sorry for confusion. I meant the possibility of reading page table using Windows API functions or any other ways in source code(ex. C, C++). – Joon Jan 04 '17 at 03:54
  • 1
    Applications cannot access kernel address space,so even if it were mapped into kernel space, applications couldn't access it. – Raymond Chen Jan 04 '17 at 04:29
  • @RaymondChen Thanks for replying. Do you mean you are not sure whether the page table is mapped into a process' kernel space, but it is clear that applications cannot access the page table no matter whether it is mapped or not? – Joon Jan 04 '17 at 04:53
  • To speed up manipulation of page tables, the kernel normally makes one entry in the page directory point to the page directory. This makes all page tables mapped and accessible in the address space. However, as Raymond Chen has indicated, these are not accessible from user mode. There's no good reason to allow applications to mess with page tables. There are APIs to allocate (and map) regions of address space and those should be used instead. – Alexey Frunze Jan 04 '17 at 05:25
  • @AlexeyFrunze Thanks for the detail. You mean there are page table entries in the kernel address space of 'A' process' virtual memory, and those entries are mapped to the real page table residing in physical memory. So, the process can access these page table entries only if it has kernel mode, but the process does not have it. Therefore, the process cannot access its page table after all. Is it right? – Joon Jan 04 '17 at 07:05
  • @Joon Right. Accessibility of pages is governed by the current privilege level (user vs kernel), segment access rights and page access rights. The particular combination of these employed in the system does not let code running in user mode access kernel data, including the page directory and page tables. – Alexey Frunze Jan 04 '17 at 08:10
  • @AlexeyFrunze Thank you for the clear answer based on extensive knowledge. It was really helpful :) – Joon Jan 04 '17 at 09:31
  • @Joon In that case please accept the answer compiled from your and my comments. – Alexey Frunze Jan 04 '17 at 11:12

1 Answers1

2

To speed up manipulation of page tables, the kernel normally makes one entry in the page directory point to the page directory. This makes all page tables mapped and accessible in the address space. However, as Raymond Chen has indicated, these are not accessible from user mode. There's no good reason to allow applications to mess with page tables. There are APIs to allocate (and map) regions of address space and those should be used instead.

You mean there are page table entries in the kernel address space of 'A' process' virtual memory, and those entries are mapped to the real page table residing in physical memory. So, the process can access these page table entries only if it has kernel mode, but the process does not have it. Therefore, the process cannot access its page table after all. Is it right?

Right. Accessibility of pages is governed by the current privilege level (user vs kernel), segment access rights and page access rights. The particular combination of these employed in the system does not let code running in user mode access kernel data, including the page directory and page tables.

Alexey Frunze
  • 61,140
  • 12
  • 83
  • 180