Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


IsAddressSafe

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source
View previous topic :: View next topic  
Author Message
tombana
Master Cheater
Reputation: 2

Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
PostPosted: Wed Apr 16, 2008 8:50 am    Post subject: IsAddressSafe Reply with quote
Hi, I have a question about the IsAddressSafe function in memscan.c.

Code:

PTE=(UINT_PTR)StartAddress;
PTE=PTE/0x1000*PTESize+0xc0000000;
//now check if the address in PTE is valid by checking the page table directory at 0xc0300000 (same location as CR3 btw)
PDE=PTE/0x1000*PTESize+0xc0000000; //same formula


I didn't understand that part, so I looked up everthing I could find about Page Directory's and Page Table Entry's, and what I found was:
The highest 10 bits of a virtual address are an index and offset (if multiplied by 4) into the Page Directory. (CR3 register contains the base of the Page Directory) In this entry of the Page Directory, the first 20 bits are the base of the Page Table.
The next 10 bits of the (original) virtual address are the index (and if multiplied by 4 an offset) into this Page Table. Then in this entry, the first 20 bits are the base of the real physical page. (Assuming the address did exist in physical memory.)

Now I don't understand: How should PTE=StartAddress/0x1000*PTESize+0xc0000000; get you the address of the Page Table Entry, and how should PDE=PTE/0x1000*PTESize+0xc0000000; get you the address of the Page Directory Entry.

I hope someone can make this clear for me.

Thanks in Advance.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 458

Joined: 09 May 2003
Posts: 25281
Location: The netherlands
PostPosted: Wed Apr 16, 2008 11:25 am    Post subject: Reply with quote
that's the way windows has setup the pagetable and pagedirs
They could have put the pagedir's in front of the pagetable's but they didn't, making this calculation easier (If they wanted they could have kept the pagedir even outside of virtual memory and completly randomized)

anyhow, with the current setup:
0xc0000000 = base of PTE
0xc0300000 (0xc0600000 in PAE mode) = base of PDE

you can check that by giving a address of 0

When you divide the address by 0x1000 you are left with only the first 20 bits of the address
PTESize is 4 in a non-PAE system and 8 in a PAE system
This gets us a index into the PTE list

Getting the entry that describes the PTE will be a PDE
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
tombana
Master Cheater
Reputation: 2

Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
PostPosted: Thu Apr 17, 2008 10:12 am    Post subject: Thanks Reply with quote
Thanks for the reply.
I didn't realize that dividing by 0x1000 would get you the first 20 bits, I thought you had to do something like (Address << 20) or w/e.

So because the pagetables are in front of the pagedirs, and all the page tables are right after each other without spaces in between, that means: instead of first taking 10 bits to find the pde, and then the next 10 bits to find the pte, you can use those 20 bits together to find the pte right away.
Then you can get the address of the pde by taking the first 20 bits of the address of the pte. This means there are (0x300000/4=0xc0000) page table's possible.

Thank's for clearing this out for me. Very Happy

By the way, Dark Byte, how did you figure these things out when making cheat engine? Did you make this calculation yourself or did you get it from a site?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 458

Joined: 09 May 2003
Posts: 25281
Location: The netherlands
PostPosted: Thu Apr 17, 2008 12:40 pm    Post subject: Reply with quote
yes, there are 0xc0000 page tables possible, and each pagetable describe 4KB so a max of 0xC0000000 (3GB) can be addressed.

Of course, because windows uses several 4MB page dir entries (e.g for the kernel) more memory can be allocated, and the unused spaces that could be used for pagetables will used for app-data


I did find from a few sites that the pagetable started at 0xc0000000 but I did find out myself that the pagetable is directly followed by the pagedir (and optional pagedirptr table) by inspecting the CR3 register and querying the physical address using MmGetPhysicalAddress()
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
tombana
Master Cheater
Reputation: 2

Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
PostPosted: Fri Apr 18, 2008 10:32 am    Post subject: Reply with quote
Nice work on finding that out Very Happy (And everything else in cheatengine offcourse)
But what about a virtual address like 0xDEADBEAf (above 0xc0000000). Then if you divide that by 0x1000 and do it times 4, and add it to 0xc0000000, you'll get some address even above the page dir, right? How does that work?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites