PUCHAR translate_Linear_address(ULONGLONG Linearaddress, ULONG Length){ //Linearaddress=虚拟地址,Length=长度
PUCHAR pOutAddress = Linearaddress;
DbgPrint("ProcessCr3: %u", ProcessCr3);
if (ProcessCr3 == 0)
{
DbgPrint("OpenProcessFail\n");
return 0;
}
VIRTUAL_ADDRESS virtualAddress = { 0 };
virtualAddress.ulVirtualAddress = &pOutAddress;
// 得到页目录指针物理地址
// 映射为虚拟地址以便取值
PHYSICAL_ADDRESS phyAddress = { 0 };
phyAddress.QuadPart = ProcessCr3;
PULONG2 pPdbr = (PULONG2)MmMapIoSpace(phyAddress, sizeof(PHYSICAL_ADDRESS), MmWriteCombined);
for (ULONG i = 0; i < 8; i++){
DbgPrint("%X ", pPdbr[i]);
}
LONGLONG LevelAddress = pPdbr[0]; //virtualAddress.stVirtualAddress.Level
LevelAddress &= 0x000000FFFFFFF000;
DbgPrint("Level = %X, 映射后的地址 %X\n", phyAddress, LevelAddress);
// Pointer
phyAddress.QuadPart = LevelAddress;
PULONG2 pPagePointer = (PULONG2)MmMapIoSpace(phyAddress, sizeof(PHYSICAL_ADDRESS), MmWriteCombined);
for (ULONG i = 0; i < 8; i++){
DbgPrint("%X ", pPagePointer[i]);
}
LONGLONG ulPagePointer = pPagePointer[0];
ulPagePointer &= 0x000000FFFFFFF000;
DbgPrint("Pointer = %X, 映射后的地址 %X\n", phyAddress, ulPagePointer);
// Selector
phyAddress.QuadPart = ulPagePointer;
PULONG2 pPageSelector = (PULONG2)MmMapIoSpace(phyAddress, sizeof(PHYSICAL_ADDRESS), MmWriteCombined);
for (ULONG i = 0; i < 8; i++){
DbgPrint("%X ", pPageSelector[i]);
}
LONGLONG ulPageSelector = pPageSelector[2]; //4
ulPageSelector &= 0x000000FFFFFFF000;
DbgPrint("Selector = %X, 映射后的地址 %X\n", phyAddress, ulPageSelector);
// Entry
phyAddress.QuadPart = ulPageSelector;
PULONG2 pPageEntry = (PULONG2)MmMapIoSpace(phyAddress, sizeof(PHYSICAL_ADDRESS), MmWriteCombined);
for (ULONG i = 0; i < 8; i++){
DbgPrint("%X ", pPageEntry[i]);
}
LONGLONG ulPageEntry = pPageEntry[0];
ulPageEntry &= 0x000000FFFFFFF000;
DbgPrint("Entry = %X, 映射后的地址 %X\n", phyAddress, ulPageEntry);
// 得到物理地址
LONGLONG ulPhyAddress = ulPageEntry + virtualAddress.stVirtualAddress.offset;
// 映射为虚拟地址,获取其值进行验证
phyAddress.QuadPart = ulPhyAddress;
PUCHAR pPhyAddress = (PUCHAR)MmMapIoSpace(phyAddress, sizeof(PHYSICAL_ADDRESS), MmWriteCombined);
DbgPrint("虚拟地址:%X, 对应物理地址:%X, Value:%S\n", pOutAddress, ulPhyAddress, pPhyAddress);
// 传出对应物理地址
//*pOutAddress = ulPhyAddress;
return pPhyAddress;
}