How is virtual system space protected against access?
On Microsoft Docs I read:
In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.
Since I have 64 bit pointers, I could possibly construct a pointer that points to some 0xFFFFxxxxxxxxxxxx address.
The site continues:
Code running in user mode has access to user space but does not have access to system space.
If I wereable to guess a valid address in system virtual address space, what mechanism prevents me from writing there?
I know about memory protection but that doesn't seem to offer something that distinguishes between user memory and system memory.
windows security kernel
add a comment |
On Microsoft Docs I read:
In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.
Since I have 64 bit pointers, I could possibly construct a pointer that points to some 0xFFFFxxxxxxxxxxxx address.
The site continues:
Code running in user mode has access to user space but does not have access to system space.
If I wereable to guess a valid address in system virtual address space, what mechanism prevents me from writing there?
I know about memory protection but that doesn't seem to offer something that distinguishes between user memory and system memory.
windows security kernel
2
you need read about Paging (x86/x64) andPTE
format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.
– RbMm
Nov 15 '18 at 15:31
@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer
– Thomas Weller
Nov 15 '18 at 15:32
2
look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf
– RbMm
Nov 15 '18 at 15:35
2
HARDWARE_PTE
- ifOwner == 1
user mode (privilege level 3 by cpu view) can access page (of couseValid
must be set). otherwise cpu generate exception
– RbMm
Nov 15 '18 at 15:43
add a comment |
On Microsoft Docs I read:
In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.
Since I have 64 bit pointers, I could possibly construct a pointer that points to some 0xFFFFxxxxxxxxxxxx address.
The site continues:
Code running in user mode has access to user space but does not have access to system space.
If I wereable to guess a valid address in system virtual address space, what mechanism prevents me from writing there?
I know about memory protection but that doesn't seem to offer something that distinguishes between user memory and system memory.
windows security kernel
On Microsoft Docs I read:
In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.
Since I have 64 bit pointers, I could possibly construct a pointer that points to some 0xFFFFxxxxxxxxxxxx address.
The site continues:
Code running in user mode has access to user space but does not have access to system space.
If I wereable to guess a valid address in system virtual address space, what mechanism prevents me from writing there?
I know about memory protection but that doesn't seem to offer something that distinguishes between user memory and system memory.
windows security kernel
windows security kernel
edited Nov 15 '18 at 15:27
Thomas Weller
asked Nov 15 '18 at 15:21
Thomas WellerThomas Weller
29.1k1068138
29.1k1068138
2
you need read about Paging (x86/x64) andPTE
format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.
– RbMm
Nov 15 '18 at 15:31
@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer
– Thomas Weller
Nov 15 '18 at 15:32
2
look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf
– RbMm
Nov 15 '18 at 15:35
2
HARDWARE_PTE
- ifOwner == 1
user mode (privilege level 3 by cpu view) can access page (of couseValid
must be set). otherwise cpu generate exception
– RbMm
Nov 15 '18 at 15:43
add a comment |
2
you need read about Paging (x86/x64) andPTE
format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.
– RbMm
Nov 15 '18 at 15:31
@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer
– Thomas Weller
Nov 15 '18 at 15:32
2
look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf
– RbMm
Nov 15 '18 at 15:35
2
HARDWARE_PTE
- ifOwner == 1
user mode (privilege level 3 by cpu view) can access page (of couseValid
must be set). otherwise cpu generate exception
– RbMm
Nov 15 '18 at 15:43
2
2
you need read about Paging (x86/x64) and
PTE
format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.– RbMm
Nov 15 '18 at 15:31
you need read about Paging (x86/x64) and
PTE
format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.– RbMm
Nov 15 '18 at 15:31
@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer
– Thomas Weller
Nov 15 '18 at 15:32
@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer
– Thomas Weller
Nov 15 '18 at 15:32
2
2
look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf
– RbMm
Nov 15 '18 at 15:35
look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf
– RbMm
Nov 15 '18 at 15:35
2
2
HARDWARE_PTE
- if Owner == 1
user mode (privilege level 3 by cpu view) can access page (of couse Valid
must be set). otherwise cpu generate exception– RbMm
Nov 15 '18 at 15:43
HARDWARE_PTE
- if Owner == 1
user mode (privilege level 3 by cpu view) can access page (of couse Valid
must be set). otherwise cpu generate exception– RbMm
Nov 15 '18 at 15:43
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53322606%2fhow-is-virtual-system-space-protected-against-access%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53322606%2fhow-is-virtual-system-space-protected-against-access%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
you need read about Paging (x86/x64) and
PTE
format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.– RbMm
Nov 15 '18 at 15:31
@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer
– Thomas Weller
Nov 15 '18 at 15:32
2
look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf
– RbMm
Nov 15 '18 at 15:35
2
HARDWARE_PTE
- ifOwner == 1
user mode (privilege level 3 by cpu view) can access page (of couseValid
must be set). otherwise cpu generate exception– RbMm
Nov 15 '18 at 15:43