missing header file base/ntos/mm/i386/mipae.h
-
Thursday, January 08, 2009 2:25 AM
I wanted to enable the PAE mode so that I could work with the Hardware DEP features of wrkx86.exe (NX/XD bits).
To enable it, I would have to define the _X86PAE_ macro.
Unfortunately, defining it causes the #else part of base/ntos/mm/i386/mi386.h to be activated which contains
#include i386/mipae.h
without this file, the code wont compile. As a result, the windows 2003 sp1 Os says that there is no Hardware DEP
(in the System Dialog box) and only software DEP is enabled (not of much use in my research ).As you may know, without the PAE, Hardware DEP cannot be enforced
.Does anyone have older versions of the wrk ? like version 1.1 or older, that may contain this file ?
An odd thing:
When I boot my wrkx86.exe in virtual PC, the System Panel says only Software DEP is available - as it emulates Pentium II or so (which doesnt have the NX functionality).
But when I boot the kernel in vmware workstation 6.5 which has a more recent processor (with XD/NX), the
wmic OS DataExecutionPrevention_Available , etc checks (as detailed in the DEP documentation in KB) says Hardware DEP is enabled.
What I cant understand is, if _X86PAE_ is not defined anywhere in the codebase and the windbg shows only non PAE pte structures, how can the system report that hardware DEP is enabled ?
Am confused.
Add to that, for this DEP to be present, PAE must be available. But if PAE were to be available, then the system panel should have reported it. But it hasnt!
thanks
shriram
All Replies
-
Thursday, February 05, 2009 9:20 PM
Hi Shriram,
although I never tried playing around with PAE and the NX/XD on x86 architectures, I am not quite sure whether the missing header file would solve the problem you described. Please have a look at the following struct definition for a hardware page table entry (PTE):1 typedef struct _HARDWARE_PTE_X86PAE { 2 union { 3 struct { 4 ULONGLONG Valid : 1; 5 ULONGLONG Write : 1; 6 ULONGLONG Owner : 1; 7 ULONGLONG WriteThrough : 1; 8 ULONGLONG CacheDisable : 1; 9 ULONGLONG Accessed : 1; 10 ULONGLONG Dirty : 1; 11 ULONGLONG LargePage : 1; 12 ULONGLONG Global : 1; 13 ULONGLONG CopyOnWrite : 1; // software field 14 ULONGLONG Prototype : 1; // software field 15 ULONGLONG reserved0 : 1; // software field 16 ULONGLONG PageFrameNumber : 26; 17 ULONGLONG reserved1 : 26; // software field 18 }; 19 struct { 20 ULONG LowPart; 21 ULONG HighPart; 22 }; 23 }; 24 } HARDWARE_PTE_X86PAE, *PHARDWARE_PTE_X86PAE;
This structure defines the layout for a PTE, if PAE is enabled. The important point, however, is on line 17! The Intel reference manual states that the XD bit for a PTE is the most significant bit, i.e. bit 63. In the present version of the source code, the most significant bit is however part of the bitfield reserved1.
To me, it seems that the present x86 WRK code base does not support the hardware DEP feature, even with PAE enabled.
Is there a particular reason why you don't take the amd64 version of the kernel? The hardware PTE structure for the amd64 code base explicitly shows a NoExecute bit (see line 17):1 typedef struct _HARDWARE_PTE { 2 ULONG64 Valid : 1; 3 ULONG64 Write : 1; // UP version 4 ULONG64 Owner : 1; 5 ULONG64 WriteThrough : 1; 6 ULONG64 CacheDisable : 1; 7 ULONG64 Accessed : 1; 8 ULONG64 Dirty : 1; 9 ULONG64 LargePage : 1; 10 ULONG64 Global : 1; 11 ULONG64 CopyOnWrite : 1; // software field 12 ULONG64 Prototype : 1; // software field 13 ULONG64 reserved0 : 1; // software field 14 ULONG64 PageFrameNumber : 28; 15 ULONG64 reserved1 : 24 - (_HARDWARE_PTE_WORKING_SET_BITS+1); 16 ULONG64 SoftwareWsIndex : _HARDWARE_PTE_WORKING_SET_BITS; 17 ULONG64 NoExecute : 1; 18 } HARDWARE_PTE, *PHARDWARE_PTE;
Regards,
Alex
Hasso Plattner Institute, Potsdam, Germany- Proposed As Answer by A. Schmidt Monday, February 16, 2009 10:16 AM
