Skip to main content

VirtualAddressSpace

memf_core::vas

Struct VirtualAddressSpace 

Source 
pub struct VirtualAddressSpace<P: PhysicalMemoryProvider> { /* private fields */ }
Expand description

A virtual address space backed by physical memory and page tables.

Implementations§

Source§

impl<P: PhysicalMemoryProvider> VirtualAddressSpace<P>

Source

pub fn new(physical: P, page_table_root: u64, mode: TranslationMode) -> Self

Create a new virtual address space.

Source

pub fn with_pagefile(self, source: Box<dyn PagefileSource>) -> Self

Attach a pagefile source for resolving paged-out memory.

Source

pub fn with_prototype_source(self, source: Box<dyn PrototypePteSource>) -> Self

Attach a prototype PTE source for resolving shared section pages.

Source

pub fn virt_to_phys(&self, vaddr: u64) -> Result<u64>

Translate a virtual address to a physical address.

Source

pub fn read_virt(&self, vaddr: u64, buf: &mut [u8]) -> Result<()>

Read buf.len() bytes from virtual address vaddr, handling page boundary crossings.

Uses walk_x86_64_4level_internal() to resolve each 4K chunk, transparently handling physical, transition, demand-zero, and pagefile pages.

Source

pub fn physical(&self) -> &P

Return a reference to the underlying physical memory provider.

Source

pub fn mode(&self) -> TranslationMode

Return the translation mode.

Source

pub fn find_kernel_va_for_phys( &self, target_phys: u64, max_leaves: usize, ) -> Option<u64>

Reverse-map: return a kernel-half virtual address that resolves to the page at target_phys (page granularity), or None.

Enumerates the x86-64 four-level page tables under the current root over the kernel half (PML4 indices 256..512), checking 2 MiB / 4 KiB leaves and transition PTEs — a resident page whose PTE is not marked valid, which is exactly the state of a live-acquired kernel image whose header reads as not-present through a stale/guessed VA. This is how the kernel image base is recovered when the low-stub hint is wrong: physically locate ntoskrnl, then ask which kernel VA maps to it. max_leaves bounds the work so a crafted page-table tree cannot turn this into a denial of service.

Only meaningful for TranslationMode::X86_64FourLevel; returns None for other modes. 1 GiB pages are skipped (the kernel image is mapped with 2 MiB / 4 KiB pages, never inside a 1 GiB page).

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.