墙外通道:http://fivelinesofcode.blogspot.com/2014/03/how-to-translate-virtual-to-physical.html

I currently work on a project where I need to make translations for virtual addresses of user-level application to physical addresses in Linux. I implemented my own system call to do that, but had hard times with verifying the results I'm getting.

Later I found out that in newer kernels there is a really nice virtual file in the /proc file system to get this information. I tried to cat it, doing cat /proc/self/pagemap, and got terrible binary output in my console.

So, it looks like working with this file is not such a pleasant experience. It's a binary file with all that it implies. I found couple of scripts that access this file and provide you with a nice text result, but unfortunately those were written in perl and ruby, and I needed to run it on very minimalistic embedded system. I needed something that fits into a single binary.

Long story short, I decided to bite the bullet and write a tool in C. My contribution might be helpful for someone, that's why I'm sharing this code.

#include <stdio.h>

#include <stdlib.h>

#include <unistd.h>

#include <assert.h>

#include <errno.h>

#include <stdint.h>

#define PAGEMAP_ENTRY 8

#define GET_BIT(X,Y) (X & ((uint64_t)1<<Y)) >> Y

#define GET_PFN(X) X & 0x7FFFFFFFFFFFFF

const int __endian_bit = ;

#define is_bigendian() ( (*(char*)&__endian_bit) == 0 )

int i, c, pid, status;

unsigned long virt_addr;

uint64_t read_val, file_offset;

char path_buf [0x100] = {};

FILE * f;

char *end;

int read_pagemap(char * path_buf, unsigned long virt_addr);

int main(int argc, char ** argv){

   //printf("%lu\n", GET_BIT(0xA680000000000000, 63));

   //return 0;

   if(argc!=){

      printf("Argument number is not correct!\n pagemap PID VIRTUAL_ADDRESS\n");

      return -;

   }

   if(!memcmp(argv[],"self",sizeof("self"))){

      sprintf(path_buf, "/proc/self/pagemap");

      pid = -;

   }

   else{

         pid = strtol(argv[],&end, );

         if (end == argv[] || *end != '\0' || pid<=){

            printf("PID must be a positive number or 'self'\n");

            return -;

            }

       }

   virt_addr = strtol(argv[], NULL, );

   if(pid!=-)

      sprintf(path_buf, "/proc/%u/pagemap", pid);

   read_pagemap(path_buf, virt_addr);

   return ;

}

int read_pagemap(char * path_buf, unsigned long virt_addr){

   printf("Big endian? %d\n", is_bigendian());

   f = fopen(path_buf, "rb");

   if(!f){

      printf("Error! Cannot open %s\n", path_buf);

      return -;

   }

   //Shifting by virt-addr-offset number of bytes

   //and multiplying by the size of an address (the size of an entry in pagemap file)

   file_offset = virt_addr / getpagesize() * PAGEMAP_ENTRY;

   printf("Vaddr: 0x%lx, Page_size: %d, Entry_size: %d\n", virt_addr, getpagesize(), PAGEMAP_ENTRY);

   printf("Reading %s at 0x%llx\n", path_buf, (unsigned long long) file_offset);

   status = fseek(f, file_offset, SEEK_SET);

   if(status){

      perror("Failed to do fseek!");

      return -;

   }

   errno = ;

   read_val = ;

   unsigned char c_buf[PAGEMAP_ENTRY];

   for(i=; i < PAGEMAP_ENTRY; i++){

      c = getc(f);

      if(c==EOF){

         printf("\nReached end of the file\n");

         return ;

      }

      if(is_bigendian())

           c_buf[i] = c;

      else

           c_buf[PAGEMAP_ENTRY - i - ] = c;

      printf("[%d]0x%x ", i, c);

   }

   for(i=; i < PAGEMAP_ENTRY; i++){

      //printf("%d ",c_buf[i]);

      read_val = (read_val << ) + c_buf[i];

   }

   printf("\n");

   printf("Result: 0x%llx\n", (unsigned long long) read_val);

   //if(GET_BIT(read_val, 63))

   if(GET_BIT(read_val, ))

      printf("PFN: 0x%llx\n",(unsigned long long) GET_PFN(read_val));

   else

      printf("Page not present\n");

   if(GET_BIT(read_val, ))

      printf("Page swapped\n");

   fclose(f);

   return ;

}

And now how you use it. It's very simple. Of course you need to compile it. Then you need to find out what mapping your target process does have. You can do that by reading /proc/pid/maps file. Fortunately that file is human readable.
When you know a valid virtual address, you can pass it to our tool to get actual value from pagemap, including physical frame number. Here is an example:

$ #let's find get virtual address of a page

$ cat /proc/self/maps

-0040b000 r-xp  :                             /bin/cat

0060a000-0060b000 r--p 0000a000 :                             /bin/cat

0060b000-0060c000 rw-p 0000b000 :                             /bin/cat

0223a000-0225b000 rw-p  :                                   [heap]

7fe7e15e1000-7fe7e1cc3000 r--p  :                     /usr/lib/locale/locale-archive

7fe7e1cc3000-7fe7e1e80000 r-xp  :                      /lib/x86_64-linux-gnu/libc-2.17.so

7fe7e1e80000-7fe7e2080000 ---p 001bd000 :                      /lib/x86_64-linux-gnu/libc-2.17.so

7fe7e2080000-7fe7e2084000 r--p 001bd000 :                      /lib/x86_64-linux-gnu/libc-2.17.so

7fe7e2084000-7fe7e2086000 rw-p 001c1000 :                      /lib/x86_64-linux-gnu/libc-2.17.so

7fe7e2086000-7fe7e208b000 rw-p  :

7fe7e208b000-7fe7e20ae000 r-xp  :                      /lib/x86_64-linux-gnu/ld-2.17.so

7fe7e228d000-7fe7e2290000 rw-p  :

7fe7e22ab000-7fe7e22ad000 rw-p  :

7fe7e22ad000-7fe7e22ae000 r--p  :                      /lib/x86_64-linux-gnu/ld-2.17.so

7fe7e22ae000-7fe7e22b0000 rw-p  :                      /lib/x86_64-linux-gnu/ld-2.17.so

7fffce6b6000-7fffce6d7000 rw-p  :                           [stack]

7fffce722000-7fffce724000 r-xp  :                           [vdso]

ffffffffff600000-ffffffffff601000 r-xp  :                   [vsyscall]

$ #don't forget alsr, normally only /bin/cat will remain same

$ #so let's pick 0x00400000. Now we run our program.

$ #First argument is pid, "self" is a legal option too, the second is virtual address

$ ./pagemap self 0x00400000

Reading /proc/self/pagemap at 0x2000

Result: 0a60000000008c445

We got  0x0a60000000008c445 as a result. There are some bits showing that the page is valid, along with the size of the page. You can reed more in Linux documentation: https://www.kernel.org/doc/Documentation/vm/pagemap.txt. Basically, the physical page number is 0x8c445.

Note, that in different kernel versions bits 56-60 have different meaning. In most current versions, they are forced to zero, however in kernel version 3.11.0 they represent page size.

How to translate virtual to physical addresses through /proc/pid/pagemap的更多相关文章

  1. PatentTips - Maintaining shadow page tables in a sequestered memory region

    BACKGROUND Malicious code, known as malware, which includes viruses, worms, adware, etc., may attack ...

  2. ARM linux内核启动时几个关键地址【转】

    转自:http://www.cnblogs.com/armlinux/archive/2011/11/06/2396787.html 1.       内核启动地址1.1.   名词解释ZTEXTAD ...

  3. 利用/proc/pid/pagemap将虚拟地址转换为物理地址

    内核文档: Documentation/vm/pagemap.txt pagemap is a new (as of 2.6.25) set of interfaces in the kernel t ...

  4. linux kernel内存映射实例分析

    作者:JHJ(jianghuijun211@gmail.com)日期:2012/08/24 欢迎转载,请注明出处 引子 现在android智能手机市场异常火热,硬件升级非常迅猛,arm cortex ...

  5. EGLImage与纹理

    http://blog.csdn.net/sunnytina/article/details/51895406 Android使用Direct Textures提高glReadPixels.glTex ...

  6. pagemap, from the userspace perspective

    pagemap, from the userspace perspective --------------------------------------- pagemap is a new (as ...

  7. stuff in /proc/PID/

    Table of Contents 1. /proc/PID/cwd 2. /proc/PID/clear_refs 3. /proc/PID/coredump_filter 4. /proc/PID ...

  8. Linux下如何在进程中获取虚拟地址对应的物理地址【转】

    转自:http://blog.csdn.net/kongkongkkk/article/details/74366200 如果让你编写一个程序,来获取虚拟地址对应的物理地址..你会试着操作MMU吗.. ...

  9. intel:spectre&Meltdown侧信道攻击(四)—— cache mapping

    前面简单介绍了row hammer攻击的原理和方法,为了更好理解这种底层硬件类攻击,今天介绍一下cpu的cache mapping: 众所周知,cpu从内存读数据,最开始用的是虚拟地址,需要通过分页机 ...

随机推荐

  1. 选择困难症的福音——团队Scrum冲刺阶段-Day 7

    选择困难症的福音--团队Scrum冲刺阶段-Day 7 今日进展 测试代码 将界面设计完后放app使用示意图于此 今日贡献量 严域俊 吴恒佚 曾程 刘辰 邓煜坤 3.5 3.5 3.3 3.6 3 贡 ...

  2. C++学习札记(3)

    一边听着许巍的音乐,一遍学习着C++的精髓,这感觉这酸爽,我一个人体会和知道. 许巍是两代人共同的时代标志,他的音乐作品脍炙人口,堪称经典,经久不衰:此时此刻品味,依然有丰富的各种味道和感情.可能因为 ...

  3. Django 载入静态文件地址

    1,Django框架中有专门存放静态文件的目录. 项目中的CSS.图片.js都是静态文件 配置静态文件 在settings 文件中定义静态内容 2,这些静态文件,他们统一存放在项目目录,templat ...

  4. poj3130 (半平面交

    题意:判断是否存在内核. 半平面交存板子. /* gyt Live up to every day */ #include<cstdio> #include<cmath> #i ...

  5. Postman入门使用

    Postman 是一个很强大的 API调试.Http请求的工具,方便易用,毋庸置疑. 1.Postman安装 a. 打开谷歌浏览器 b. 进入设置界面 c. 选择扩展程序 d. 选择chrome网上应 ...

  6. java crach 日志解析

    在java开发中,或许会出现如下错误,这种错误大多出现在开发中涉及本地代码的地方. ## A fatal error has been detected by the Java Runtime Env ...

  7. hadoop启动

    安装完hadoop集群之后,第一次启动之前必须初始化,之后就可以不用再初始化(注意:初始化操作只可以一次) hdfs namenode -format (hadoop namenode -format ...

  8. jxl操作excel写入数据不覆盖原有数据示例

    public void readTO() {        Workbook wb = null;        WritableWorkbook wwb = null;        try {   ...

  9. 什么是servlet?

    一.servlet是什么? 是用java编写的应用在服务端的程序,具有独立于平台和协议的特性,主要功能在于交互式地浏览和修改数据,生成动态Web内容,例如页面等等.从实现上讲,Servlet可以响应任 ...

  10. python运算符优先级

    下面这个表给出Python的运算符优先级,从最低的优先级(最松散地结合)到最高的优先级(最紧密地结合).这意味着在一个表达式中,Python会首先计算表中较下面的运算符,然后在计算列在表上部的运算符. ...