How is virtual system space protected against access?

On Microsoft Docs I read:

In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.

Since I have 64 bit pointers, I could possibly construct a pointer that points to some 0xFFFFxxxxxxxxxxxx address.

The site continues:

Code running in user mode has access to user space but does not have access to system space.

If I wereable to guess a valid address in system virtual address space, what mechanism prevents me from writing there?

I know about memory protection but that doesn't seem to offer something that distinguishes between user memory and system memory.

edited Nov 15 '18 at 15:27

asked Nov 15 '18 at 15:21

Thomas Weller

29.1k1068138

2

you need read about Paging (x86/x64) and PTE format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.

– RbMm
Nov 15 '18 at 15:31

@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer

– Thomas Weller
Nov 15 '18 at 15:32

2

look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf

– RbMm
Nov 15 '18 at 15:35

2

HARDWARE_PTE - if Owner == 1 user mode (privilege level 3 by cpu view) can access page (of couse Valid must be set). otherwise cpu generate exception

– RbMm
Nov 15 '18 at 15:43

add a comment |

On Microsoft Docs I read:

In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.

Since I have 64 bit pointers, I could possibly construct a pointer that points to some 0xFFFFxxxxxxxxxxxx address.

The site continues:

Code running in user mode has access to user space but does not have access to system space.

If I wereable to guess a valid address in system virtual address space, what mechanism prevents me from writing there?

I know about memory protection but that doesn't seem to offer something that distinguishes between user memory and system memory.

edited Nov 15 '18 at 15:27

asked Nov 15 '18 at 15:21

Thomas Weller

29.1k1068138

2

you need read about Paging (x86/x64) and PTE format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.

– RbMm
Nov 15 '18 at 15:31

@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer

– Thomas Weller
Nov 15 '18 at 15:32

2

look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf

– RbMm
Nov 15 '18 at 15:35

2

HARDWARE_PTE - if Owner == 1 user mode (privilege level 3 by cpu view) can access page (of couse Valid must be set). otherwise cpu generate exception

– RbMm
Nov 15 '18 at 15:43

add a comment |

On Microsoft Docs I read:

In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.

Since I have 64 bit pointers, I could possibly construct a pointer that points to some 0xFFFFxxxxxxxxxxxx address.

The site continues:

Code running in user mode has access to user space but does not have access to system space.

If I wereable to guess a valid address in system virtual address space, what mechanism prevents me from writing there?

I know about memory protection but that doesn't seem to offer something that distinguishes between user memory and system memory.

edited Nov 15 '18 at 15:27

asked Nov 15 '18 at 15:21

Thomas Weller

29.1k1068138

On Microsoft Docs I read:

In 64-bit Windows, the theoretical amount of virtual address space is 2^64 bytes (16 exabytes), but only a small portion of the 16-exabyte range is actually used. The 8-terabyte range from 0x000'00000000 through 0x7FF'FFFFFFFF is used for user space, and portions of the 248-terabyte range from 0xFFFF0800'00000000 through 0xFFFFFFFF'FFFFFFFF are used for system space.

Since I have 64 bit pointers, I could possibly construct a pointer that points to some 0xFFFFxxxxxxxxxxxx address.

The site continues:

Code running in user mode has access to user space but does not have access to system space.

If I wereable to guess a valid address in system virtual address space, what mechanism prevents me from writing there?

I know about memory protection but that doesn't seem to offer something that distinguishes between user memory and system memory.

windows security kernel

edited Nov 15 '18 at 15:27

asked Nov 15 '18 at 15:21

Thomas Weller

29.1k1068138

edited Nov 15 '18 at 15:27

asked Nov 15 '18 at 15:21

Thomas Weller

29.1k1068138

edited Nov 15 '18 at 15:27

asked Nov 15 '18 at 15:21

Thomas Weller

29.1k1068138

asked Nov 15 '18 at 15:21

Thomas Weller

29.1k1068138

asked Nov 15 '18 at 15:21

Thomas Weller

29.1k1068138

2

you need read about Paging (x86/x64) and PTE format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.

– RbMm
Nov 15 '18 at 15:31

@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer

– Thomas Weller
Nov 15 '18 at 15:32

2

look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf

– RbMm
Nov 15 '18 at 15:35

2

HARDWARE_PTE - if Owner == 1 user mode (privilege level 3 by cpu view) can access page (of couse Valid must be set). otherwise cpu generate exception

– RbMm
Nov 15 '18 at 15:43

add a comment |

2

you need read about Paging (x86/x64) and PTE format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.

– RbMm
Nov 15 '18 at 15:31

@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer

– Thomas Weller
Nov 15 '18 at 15:32

2

look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf

– RbMm
Nov 15 '18 at 15:35

2

HARDWARE_PTE - if Owner == 1 user mode (privilege level 3 by cpu view) can access page (of couse Valid must be set). otherwise cpu generate exception

– RbMm
Nov 15 '18 at 15:43

you need read about Paging (x86/x64) and PTE format. the Bit 2 (U/S) is the User/Supervisor flag - controls access to the page based on privilege level. If the bit is set, then the page may be accessed by all; if the bit is not set, however, only the kernel mode (0) can access it.

– RbMm
Nov 15 '18 at 15:31

@RbMm: great. If you cite a bit from some resource, that's enough for me to accept the answer

– Thomas Weller
Nov 15 '18 at 15:32

look for intel or amd manuals - paging. or in brief - Paging or cs.hadassah.ac.il/staff/martin/Micro_Modern/slide03.pdf

– RbMm
Nov 15 '18 at 15:35

HARDWARE_PTE - if Owner == 1 user mode (privilege level 3 by cpu view) can access page (of couse Valid must be set). otherwise cpu generate exception

– RbMm
Nov 15 '18 at 15:43

add a comment |

0

active

oldest

votes

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53322606%2fhow-is-virtual-system-space-protected-against-access%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

0

active

oldest

votes

0

active

oldest

votes

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Odtnhj