How to map an address on specified 4GB space?

#30842 by fsdhook
Wed Sep 13, 2017 3:07 am

Hi, everyone.
I want to map an address on specified 4GB space. Example:
Base of NTOSKRNL.EXE is 0xFFFFF800AABBCCDD, I want to allocate memory on virtual address 0xFFFFF800********, how to realize that?

Username

fsdhook

Posts

45

Joined

Wed May 14, 2014 8:27 am

Re: How to map an address on specified 4GB space?

#30848 by tangptr
Tue Sep 19, 2017 4:45 am

That example is inappropriate. According to the Windows AMD64 Memory Management, virtual addresses from fffff800`00000000 to fffff8ff`ffffffff are the mappings initialized by os loader.
Virtual addresses from fffffa80`00000000 to fffffaa0`00000000 are paged pool memory range, where ntoskrnl is located there.
Concordantly, ExAllocatePool with parameter 1 specified as PagedPool would return a virtual address within that range.
It is a 128GB range. Therefore, it is impossible to map an address on specified 4GB space with documented system functions.

At long last, the jumping hands of time will be halted by a weakling cast in eternal solitude.

Username

tangptr

Posts

31

Joined

Mon Nov 14, 2016 11:14 am

Location

People Republic of China

Contact

Re: How to map an address on specified 4GB space?

#30858 by fsdhook
Sun Sep 24, 2017 4:11 pm

tangptr wrote:That example is inappropriate. According to the Windows AMD64 Memory Management, virtual addresses from fffff800`00000000 to fffff8ff`ffffffff are the mappings initialized by os loader.
Virtual addresses from fffffa80`00000000 to fffffaa0`00000000 are paged pool memory range, where ntoskrnl is located there.
Concordantly, ExAllocatePool with parameter 1 specified as PagedPool would return a virtual address within that range.
It is a 128GB range. Therefore, it is impossible to map an address on specified 4GB space with documented system functions.

What a pity!

Username

fsdhook

Posts

45

Joined

Wed May 14, 2014 8:27 am