Difference between revisions of "Techwiki:Memory Layout"
ThePhysicist (talk | contribs) (→x86 (non-PAE)) |
Learn more (talk | contribs) m |
||
(6 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
+ | ⇐[[Techwiki:Main]] | ||
== x86 (non-PAE) == | == x86 (non-PAE) == | ||
Line 14: | Line 15: | ||
| 8??????? || PFN database | | 8??????? || PFN database | ||
|- | |- | ||
− | | BD000000 || MmSessionBase | + | | BD000000 || MiSessionPoolStart = MmSessionBase |
|- | |- | ||
| BE000000 || MiSessionViewStart | | BE000000 || MiSessionViewStart | ||
Line 20: | Line 21: | ||
| BF800000 || MiSessionImageStart (default) | | BF800000 || MiSessionImageStart (default) | ||
|- | |- | ||
− | | C0000000 || Page Table pages - | + | | C0000000 || Page Table pages - 4Mb |
|- | |- | ||
| C0400000 || HyperSpace | | C0400000 || HyperSpace | ||
Line 37: | Line 38: | ||
|- | |- | ||
| FFC00000 || Reserved for HAL (4mb) | | FFC00000 || Reserved for HAL (4mb) | ||
+ | |- | ||
+ | | FFDFF000 || Boot PCR (KIP0PCRADDRESS) | ||
|} | |} | ||
Line 251: | Line 254: | ||
− | Windows Vista+ (based on http://www.codemachine.com/tool_cmkd.html#kvas): | + | Windows Vista+ (based on http://www.codemachine.com/tool_cmkd.html#kvas / http://www.codemachine.com/article_x64kvas.html): |
{| class="wikitable" | {| class="wikitable" | ||
! Address | ! Address | ||
Line 269: | Line 272: | ||
| FFFFF70000000000 - FFFFF77FFFFFFFFF || 512 GB || HyperSpace | | FFFFF70000000000 - FFFFF77FFFFFFFFF || 512 GB || HyperSpace | ||
|- | |- | ||
− | | FFFFF78000000000 - | + | | FFFFF78000000000 - FFFFF78000000FFF || 4 KB || Shared system page |
|- | |- | ||
| FFFFF78000001000 - FFFFF7FFFFFFFFFF || 511 GB || Cache working set | | FFFFF78000001000 - FFFFF7FFFFFFFFFF || 511 GB || Cache working set | ||
Line 285: | Line 288: | ||
| FFFFF98000000000 - FFFFFA7FFFFFFFFF || 1 TB || Dynamic kernel VA | | FFFFF98000000000 - FFFFFA7FFFFFFFFF || 1 TB || Dynamic kernel VA | ||
|- | |- | ||
− | | FFFFFA8000000000 - | + | | FFFFFA8000000000 - FFFFF??????????? || up to 8 TB || Pfn database |
|- | |- | ||
− | | | + | | FFFFF??????????? - FFFFFFFFFFBFFFFF || up to 128 GB || Non paged pool |
|- | |- | ||
| FFFFFFFFFFC00000 - FFFFFFFFFFFFFFFF || 4 MB || Hal reserved | | FFFFFFFFFFC00000 - FFFFFFFFFFFFFFFF || 4 MB || Hal reserved | ||
Line 320: | Line 323: | ||
| FFFFF900C0000000 - FFFFF97FFFFFFFFF || 509 GB || MiSessionDynamicVaStart | | FFFFF900C0000000 - FFFFF97FFFFFFFFF || 509 GB || MiSessionDynamicVaStart | ||
|} | |} | ||
+ | |||
+ | |||
+ | ⇐[[Techwiki:Main]] |
Latest revision as of 21:08, 29 January 2023
Contents
x86 (non-PAE)
Address | Description |
---|---|
00000000 | UserMode Addresses |
7FFFF000 | No Access Area (64kB) |
80000000 | HAL/NTOSKRNL/Boot Drivers |
8??????? | PFN database |
BD000000 | MiSessionPoolStart = MmSessionBase |
BE000000 | MiSessionViewStart |
BF800000 | MiSessionImageStart (default) |
C0000000 | Page Table pages - 4Mb |
C0400000 | HyperSpace |
C0C00000 | System Cache structures |
C1000000 | System Cache |
E1000000 | Paged System area |
???????? | System PTE area |
???????? | Nonpaged System area |
FFBE0000 | Crash dump driver area |
FFC00000 | Reserved for HAL (4mb) |
FFDFF000 | Boot PCR (KIP0PCRADDRESS) |
IBM PowerPC
Address | Description |
---|---|
00000000 | UserMode Addresses |
7FFFF000 | No Access Area (64kB) |
80000000 | HAL/NTOSKRNL/Boot Drivers |
90000000 | System Cache working set |
90400000 | System Cache |
A0000000 | Kernel segment |
C0000000 | Page Table pages - 4Mb - Kernel Only |
C0400000 | HyperSpace |
D0000000 | System Mapped Views |
D3000000 | Paged System area |
EFBFFFFF | Nonpaged System area |
FFFFD000 | PCR Structure, per processor |
FFFFF000 | Debugger Page |
MIPS R-Series
Address | Description |
---|---|
00000000 | UserMode Addresses |
7FFFF000 | No Access Area (64kB) |
80000000 | HAL/NTOSKRNL/Boot Drivers |
A0000000 | Kernel segment |
C0000000 | Page Table pages - 4Mb - Kernel Only |
C2400000 | HyperSpace |
C2800000 | System Cache structures |
C2C00000 | System Cache |
DE000000 | System Mapped Views |
FFBFFFFF | Nonpaged System area |
FFC00000 | Reserved for HAL (4mb) |
DEC Alpha (32bit)
Address | Description |
---|---|
00000000 | UserMode Addresses |
7FFFF000 | No Access Area (64kB) |
80000000 | HAL/NTOSKRNL/Boot Drivers |
C0000000 | Page Table pages - 2Mb - Kernel Only |
C1000000 | HyperSpace |
C2000000 | PTEs |
C3000000 | System Cache structures |
C4000000 | System Cache |
DE000000 | System Mapped Views |
E1000000 | Paged System area |
F0000000 | Nonpaged System area |
FE000000 | Reserved for HAL (4mb) |
DEC Alpha (64bit) AXP64
Address | Description |
---|---|
0000000000000000 | UserMode Addresses (4TB) |
000003FFFFFF0000 | No Access Area (64kB) |
FFFFFC0000000000 | Start of System area, 2TB accessable |
FFFFFE0000000000 | 8GB three-level Page Table map |
FFFFFE0400000000 | Reserved for Win32k.sys |
FFFFFE0600000000 | System Cache working set |
FFFFFE0800000000 | System Cache (1TB) |
FFFFFF0800000000 | Start of Paged System Area. (128GB) |
FFFFFF2800000000 | System PTE Pool (128GB) |
FFFFFF67FFFFFFFF | Nonpaged System area (128GB) |
FFFFFFFF80000000 | HAL/NTOSKRNL/Boot Drivers |
FFFFFFFFFF000000 | Shared System Page |
FFFFFFFFFF002000 | Reserved for HAL |
Intel Itanium ia64
Address | Description |
---|---|
0000000000000000 | UserMode Addresses (8084GB) |
000003FFFFFF0000 | No Access Area (64kB) |
0000040000000000 | HyperSpace |
1FFFFF0000000000 | 8gb Leaf level Page Table map |
2000000000000000 | win32k.sys reserved (8gb) |
3FFFFF0000000000 | 8gb Leaf level Page Table map |
8000000000000000 | Addressable Physical Memory |
E000000080000000 | HAL/NTOSKRNL/Boot Drivers |
E0000000A0000000 | Reserved for Win32k.sys |
E0000000FF002000 | Reserved for HAL |
E000000400000000 | System Cache working set |
E000000600000000 | System Cache (1TB) |
E000010600000000 | Start of Paged System Area. (128GB) |
E000014600000000 | System PTE Pool (128GB) |
E00001465FFFFFFF | Nonpaged System area (128GB) |
E000040000000000 | PFN Database (2TB) |
FFFFFF0000000000 | 8gb Leaf level Page Table map |
AMD64
Windows 2003 (based on Windows internals 4):
Address | Size | Description |
---|---|---|
0000000000000000 - 000007FFFFFEFFFF | 8TB-64k | UserMode Addresses |
000007FFFFFF0000 - 000007FFFFFFFFFF | 64k | No Access Area |
0000080000000000 - FFFF7FFFFFFFFFFF | - | |
FFFF800000000000 - FFFFF67FFFFFFFFF | Start of system space | |
FFFFF68000000000 - FFFFF6FFFFFFFFFF | 512 GB | 4 lvl page table map |
FFFFF70000000000 - FFFFF77FFFFFFFFF | 512 GB | HyperSpace |
FFFFF78000000000 - FFFFF77000000FFF | 4 KB | Shared system page |
FFFFF78000001000 - FFFFF7FFFFFFFFFF | 512 GB | system working set |
FFFFF80000000000 - FFFFF8FFFFFFFFFF | 1 TB | Mappings initialized by the loader |
FFFFF90000000000 - FFFFF97FFFFFFFFF | 512 GB | Session space |
FFFFF98000000000 - FFFFFA7FFFFFFFFF | 1 TB | System cache |
FFFFFA8000000000 - FFFFFA9FFFFFFFFF | 128 GB | Start of Paged System Area. |
FFFFFAA000000000 - FFFFFABFFFFFFFFF | 128 GB | System PTE pool (MmNonPagedSystemStart) |
FFFFFAC000000000 - FFFFFADFFFFFFFFF | 128 GB | Non paged pool |
FFFFFAE000000000 - FFFFFFFFFFFFFFFF | 2 GB | Reserved for HAL |
FFFFFFFFFFFFFFFF | End of VA space |
Windows Vista+ (based on http://www.codemachine.com/tool_cmkd.html#kvas / http://www.codemachine.com/article_x64kvas.html):
Address | Size | Description |
---|---|---|
0000000000000000 - 000007FFFFFEFFFF | 8TB-64k | UserMode Addresses |
000007FFFFFF0000 - 000007FFFFFFFFFF | 64k | No Access Area |
0000080000000000 - FFFF7FFFFFFFFFFF | - | |
FFFF800000000000 - FFFFF67FFFFFFFFF | 238 TB | System space |
FFFFF68000000000 - FFFFF6FFFFFFFFFF | 512 GB | Page tables |
FFFFF70000000000 - FFFFF77FFFFFFFFF | 512 GB | HyperSpace |
FFFFF78000000000 - FFFFF78000000FFF | 4 KB | Shared system page |
FFFFF78000001000 - FFFFF7FFFFFFFFFF | 511 GB | Cache working set |
FFFFF80000000000 - FFFFF87FFFFFFFFF | 512 GB | Loader mappings |
FFFFF88000000000 - FFFFF89FFFFFFFFF | 128 GB | System PTEs |
FFFFF8A000000000 - FFFFF8BFFFFFFFFF | 128 GB | Paged pool |
FFFFF8C000000000 - FFFFF8FFFFFFFFFF | ||
FFFFF90000000000 - FFFFF97FFFFFFFFF | 512 GB | Session space |
FFFFF98000000000 - FFFFFA7FFFFFFFFF | 1 TB | Dynamic kernel VA |
FFFFFA8000000000 - FFFFF??????????? | up to 8 TB | Pfn database |
FFFFF??????????? - FFFFFFFFFFBFFFFF | up to 128 GB | Non paged pool |
FFFFFFFFFFC00000 - FFFFFFFFFFFFFFFF | 4 MB | Hal reserved |
FFFFFFFFFFFFFFFF | End of VA space |
Note: On Windows MmSystemRangeStart contains the value 0xFFFF080000000000, this is probably a typo. The real system range start is 0xFFFF800000000000
Session space layout:
Address | Size | Description |
---|---|---|
FFFFF90000000000 - FFFFF90000001E57 | 8 KB | ??? |
FFFFF90000001E58 - FFFFF90000010000 | 56 KB | MiSessionSpecialPool |
FFFFF90000010000 - FFFFF90000011FFF | 8 KB | MiSessionDynamicVaBitBuffer |
FFFFF90000012000 - FFFFF90000411FFF | 4 MB | MiSessionDynamicPoolBitBuffer |
FFFFF90000412000 - FFFFF90000811FFF | 4 MB | MiSessionDynamicPtesBitBuffer |
FFFFF90000812000 - FFFFF90080000FFF | 2039 MB | MiSessionSpaceWs |
FFFFF90080001000 - FFFFF900A0101007 | 513 MB | MiSessionWsHashStart .. MiSessionWsHashEnd-1 |
FFFFF900C0000000 - FFFFF97FFFFFFFFF | 509 GB | MiSessionDynamicVaStart |