MemoryMapper.h File Reference

Go to the source code of this file.

Classes
struct	_PAGE_ENTRY
	Page Entries. More...
struct	_MEMORY_MAPPER_ADDRESSES
	Memory mapper PTE and reserved virtual address. More...

Macros
#define	PAGE_4KB_OFFSET   ((UINT64)(1 << 12) - 1)
#define	PAGE_2MB_OFFSET   ((UINT64)(1 << 21) - 1)
#define	PAGE_4MB_OFFSET   ((UINT64)(1 << 22) - 1)
#define	PAGE_1GB_OFFSET   ((UINT64)(1 << 30) - 1)

Typedefs
typedef enum _MEMORY_MAPPER_WRAPPER_FOR_MEMORY_READ	MEMORY_MAPPER_WRAPPER_FOR_MEMORY_READ
	Memory wrapper for reading safe from the memory.
typedef enum _MEMORY_MAPPER_WRAPPER_FOR_MEMORY_WRITE	MEMORY_MAPPER_WRAPPER_FOR_MEMORY_WRITE
	Memory wrapper for writing safe into the memory.
typedef struct _PAGE_ENTRY	PAGE_ENTRY
	Page Entries.
typedef struct _PAGE_ENTRY *	PPAGE_ENTRY
typedef struct _MEMORY_MAPPER_ADDRESSES	MEMORY_MAPPER_ADDRESSES
	Memory mapper PTE and reserved virtual address.
typedef struct _MEMORY_MAPPER_ADDRESSES *	PMEMORY_MAPPER_ADDRESSES

Enumerations
enum	_MEMORY_MAPPER_WRAPPER_FOR_MEMORY_READ { MEMORY_MAPPER_WRAPPER_READ_PHYSICAL_MEMORY , MEMORY_MAPPER_WRAPPER_READ_VIRTUAL_MEMORY }
	Memory wrapper for reading safe from the memory. More...
enum	_MEMORY_MAPPER_WRAPPER_FOR_MEMORY_WRITE { MEMORY_MAPPER_WRAPPER_WRITE_PHYSICAL_MEMORY , MEMORY_MAPPER_WRAPPER_WRITE_VIRTUAL_MEMORY_SAFE , MEMORY_MAPPER_WRAPPER_WRITE_VIRTUAL_MEMORY_UNSAFE }
	Memory wrapper for writing safe into the memory. More...

Functions
VOID	MemoryMapperInitialize ()
	Initialize the Memory Mapper.
VOID	MemoryMapperUninitialize ()
	uninitialize the Memory Mapper
BOOLEAN	MemoryMapperCheckIfPageIsPresentByCr3 (_In_ PVOID Va, _In_ CR3_TYPE TargetCr3)
VOID	MemoryMapperMapPhysicalAddressToPte (_In_ PHYSICAL_ADDRESS PhysicalAddress, _In_ PVOID TargetProcessVirtualAddress, _In_ CR3_TYPE TargetProcessKernelCr3)

Macro Definition Documentation

PAGE_1GB_OFFSET

#define PAGE_1GB_OFFSET   ((UINT64)(1 << 30) - 1)

PAGE_2MB_OFFSET

#define PAGE_2MB_OFFSET   ((UINT64)(1 << 21) - 1)

PAGE_4KB_OFFSET

#define PAGE_4KB_OFFSET   ((UINT64)(1 << 12) - 1)

PAGE_4MB_OFFSET

#define PAGE_4MB_OFFSET   ((UINT64)(1 << 22) - 1)

Typedef Documentation

MEMORY_MAPPER_ADDRESSES

typedef struct _MEMORY_MAPPER_ADDRESSES MEMORY_MAPPER_ADDRESSES

Memory mapper PTE and reserved virtual address.

Memory mapper details for each core, contains PTE Virtual Address, Actual Kernel Virtual Address

MEMORY_MAPPER_WRAPPER_FOR_MEMORY_READ

typedef enum _MEMORY_MAPPER_WRAPPER_FOR_MEMORY_READ MEMORY_MAPPER_WRAPPER_FOR_MEMORY_READ

Memory wrapper for reading safe from the memory.

MEMORY_MAPPER_WRAPPER_FOR_MEMORY_WRITE

typedef enum _MEMORY_MAPPER_WRAPPER_FOR_MEMORY_WRITE MEMORY_MAPPER_WRAPPER_FOR_MEMORY_WRITE

Memory wrapper for writing safe into the memory.

PAGE_ENTRY

typedef struct _PAGE_ENTRY PAGE_ENTRY

Page Entries.

PMEMORY_MAPPER_ADDRESSES

typedef struct _MEMORY_MAPPER_ADDRESSES * PMEMORY_MAPPER_ADDRESSES

PPAGE_ENTRY

typedef struct _PAGE_ENTRY * PPAGE_ENTRY

Enumeration Type Documentation

_MEMORY_MAPPER_WRAPPER_FOR_MEMORY_READ

enum _MEMORY_MAPPER_WRAPPER_FOR_MEMORY_READ

Memory wrapper for reading safe from the memory.

Enumerator
MEMORY_MAPPER_WRAPPER_READ_PHYSICAL_MEMORY
MEMORY_MAPPER_WRAPPER_READ_VIRTUAL_MEMORY

{
    MEMORY_MAPPER_WRAPPER_READ_PHYSICAL_MEMORY,
    MEMORY_MAPPER_WRAPPER_READ_VIRTUAL_MEMORY,
} MEMORY_MAPPER_WRAPPER_FOR_MEMORY_READ;

_MEMORY_MAPPER_WRAPPER_FOR_MEMORY_WRITE

enum _MEMORY_MAPPER_WRAPPER_FOR_MEMORY_WRITE

Memory wrapper for writing safe into the memory.

Enumerator
MEMORY_MAPPER_WRAPPER_WRITE_PHYSICAL_MEMORY
MEMORY_MAPPER_WRAPPER_WRITE_VIRTUAL_MEMORY_SAFE
MEMORY_MAPPER_WRAPPER_WRITE_VIRTUAL_MEMORY_UNSAFE

{
    MEMORY_MAPPER_WRAPPER_WRITE_PHYSICAL_MEMORY,
    MEMORY_MAPPER_WRAPPER_WRITE_VIRTUAL_MEMORY_SAFE,
    MEMORY_MAPPER_WRAPPER_WRITE_VIRTUAL_MEMORY_UNSAFE,
 
} MEMORY_MAPPER_WRAPPER_FOR_MEMORY_WRITE;

Function Documentation

MemoryMapperCheckIfPageIsPresentByCr3()

BOOLEAN MemoryMapperCheckIfPageIsPresentByCr3	(	_In_ PVOID	Va,
		_In_ CR3_TYPE	TargetCr3 )

MemoryMapperInitialize()

VOID MemoryMapperInitialize

(

)

Initialize the Memory Mapper.

This function should be called in vmx non-root in a IRQL <= APC_LEVEL

Returns

VOID

{
    UINT64 TempPte;
    ULONG  ProcessorsCount;
 
    ProcessorsCount = KeQueryActiveProcessorCount(0);
 
    //
    // *** Reserve the address for all cores (read pte and va) ***
    //
 
    if (g_MemoryMapper != NULL)
    {
        //
        // It's already initialized
        //
        return;
    }
 
    //
    // Allocate the memory buffer structure
    //
    g_MemoryMapper = PlatformMemAllocateZeroedNonPagedPool(sizeof(MEMORY_MAPPER_ADDRESSES) * ProcessorsCount);
 
    //
    // Set the core's id and initialize memory mapper
    //
    for (size_t i = 0; i < ProcessorsCount; i++)
    {
        //
        // *** Initialize memory mapper for each core ***
        //
 
        //
        // Initial and reserve for read operations
        //
        g_MemoryMapper[i].VirualAddressForRead     = (UINT64)MemoryMapperMapPageAndGetPte(&TempPte);
        g_MemoryMapper[i].PteVirtualAddressForRead = TempPte;
 
        //
        // Initial and reserve for write operations
        //
        g_MemoryMapper[i].VirualAddressForWrite     = (UINT64)MemoryMapperMapPageAndGetPte(&TempPte);
        g_MemoryMapper[i].PteVirtualAddressForWrite = TempPte;
    }
}

MemoryMapperMapPhysicalAddressToPte()

VOID MemoryMapperMapPhysicalAddressToPte	(	_In_ PHYSICAL_ADDRESS	PhysicalAddress,
		_In_ PVOID	TargetProcessVirtualAddress,
		_In_ CR3_TYPE	TargetProcessKernelCr3 )

MemoryMapperUninitialize()

VOID MemoryMapperUninitialize

(

)

uninitialize the Memory Mapper

This function should be called in vmx non-root in a IRQL <= APC_LEVEL

Returns

VOID

{
    ULONG ProcessorsCount = KeQueryActiveProcessorCount(0);
 
    for (size_t i = 0; i < ProcessorsCount; i++)
    {
        //
        // Unmap and free the reserved buffer
        //
        if (g_MemoryMapper[i].VirualAddressForRead != NULL64_ZERO)
        {
            MemoryMapperUnmapReservedPageRange((PVOID)g_MemoryMapper[i].VirualAddressForRead);
        }
 
        if (g_MemoryMapper[i].VirualAddressForWrite != NULL64_ZERO)
        {
            MemoryMapperUnmapReservedPageRange((PVOID)g_MemoryMapper[i].VirualAddressForWrite);
        }
 
        g_MemoryMapper[i].VirualAddressForRead     = NULL64_ZERO;
        g_MemoryMapper[i].PteVirtualAddressForRead = NULL64_ZERO;
 
        g_MemoryMapper[i].VirualAddressForWrite     = NULL64_ZERO;
        g_MemoryMapper[i].PteVirtualAddressForWrite = NULL64_ZERO;
    }
 
    //
    // Set the g_MemoryMapper to null
    //
    g_MemoryMapper = NULL;
}