locked
missing header file base/ntos/mm/i386/mipae.h RRS feed

  • Question

  • I wanted to enable the PAE mode so that I could work with the Hardware DEP features of wrkx86.exe (NX/XD bits).

    To enable it, I would have to define the _X86PAE_ macro.

    Unfortunately, defining it causes the #else part of base/ntos/mm/i386/mi386.h to be activated which contains

    #include i386/mipae.h

    without this file, the code wont compile. As a result, the windows 2003 sp1 Os says that there is no Hardware DEP
    (in the System Dialog box) and only software DEP is enabled (not of much use in my research ).

    As you may know, without the PAE, Hardware DEP cannot be enforced Sad.

    Does anyone have older versions of the wrk ? like version 1.1 or older, that may contain this file ?

     

     

    An odd thing:

    When I boot my wrkx86.exe in virtual PC, the System Panel says only Software DEP is available - as it emulates Pentium II or so (which doesnt have the NX functionality).

     

    But when I boot the kernel in vmware workstation 6.5 which has a more recent processor (with XD/NX), the

    wmic OS DataExecutionPrevention_Available , etc checks (as detailed in the DEP documentation in KB) says Hardware DEP is enabled.

     

    What I cant understand is, if _X86PAE_ is not defined anywhere in the codebase and the windbg shows only non PAE pte structures, how can the system report that hardware DEP is enabled ?

    Am confused.

     

    Add to that, for this DEP to be present, PAE must be available. But if PAE were to be available, then the system panel should have reported it. But it hasnt! Sad

     

    thanks
    shriram

     

    Thursday, January 8, 2009 2:25 AM

All replies

  • Hi Shriram,

    although I never tried playing around with PAE and the NX/XD on x86 architectures, I am not quite sure whether the missing header file would solve the problem you described. Please have a look at the following struct definition for a hardware page table entry (PTE):

    1typedef struct _HARDWARE_PTE_X86PAE { 
    2    union { 
    3        struct { 
    4            ULONGLONG Valid : 1; 
    5            ULONGLONG Write : 1; 
    6            ULONGLONG Owner : 1; 
    7            ULONGLONG WriteThrough : 1; 
    8            ULONGLONG CacheDisable : 1; 
    9            ULONGLONG Accessed : 1; 
    10            ULONGLONG Dirty : 1; 
    11            ULONGLONG LargePage : 1; 
    12            ULONGLONG Global : 1; 
    13            ULONGLONG CopyOnWrite : 1; // software field 
    14            ULONGLONG Prototype : 1;   // software field 
    15            ULONGLONG reserved0 : 1;  // software field 
    16            ULONGLONG PageFrameNumber : 26; 
    17            ULONGLONG reserved1 : 26;  // software field 
    18        }; 
    19        struct { 
    20            ULONG LowPart; 
    21            ULONG HighPart; 
    22        }; 
    23    }; 
    24} HARDWARE_PTE_X86PAE, *PHARDWARE_PTE_X86PAE; 

    This structure defines the layout for a PTE, if PAE is enabled. The important point, however, is on line 17! The Intel reference manual states that the XD bit for a PTE is the most significant bit, i.e. bit 63. In the present version of the source code, the most significant bit is however part of the bitfield reserved1.

    To me, it seems that the present x86 WRK code base does not support the hardware DEP feature, even with PAE enabled.

    Is there a particular reason why you don't take the amd64 version of the kernel? The hardware PTE structure for the amd64 code base explicitly shows a NoExecute bit (see line 17):

    1typedef struct _HARDWARE_PTE { 
    2    ULONG64 Valid : 1; 
    3    ULONG64 Write : 1;                // UP version 
    4    ULONG64 Owner : 1; 
    5    ULONG64 WriteThrough : 1; 
    6    ULONG64 CacheDisable : 1; 
    7    ULONG64 Accessed : 1; 
    8    ULONG64 Dirty : 1; 
    9    ULONG64 LargePage : 1; 
    10    ULONG64 Global : 1; 
    11    ULONG64 CopyOnWrite : 1;          // software field 
    12    ULONG64 Prototype : 1;            // software field 
    13    ULONG64 reserved0 : 1;            // software field 
    14    ULONG64 PageFrameNumber : 28; 
    15    ULONG64 reserved1 : 24 - (_HARDWARE_PTE_WORKING_SET_BITS+1); 
    16    ULONG64 SoftwareWsIndex : _HARDWARE_PTE_WORKING_SET_BITS; 
    17    ULONG64 NoExecute : 1; 
    18} HARDWARE_PTE, *PHARDWARE_PTE; 
      

    Regards,
    Alex





    Hasso Plattner Institute, Potsdam, Germany
    • Proposed as answer by A. Schmidt Monday, February 16, 2009 10:16 AM
    Thursday, February 5, 2009 9:20 PM