CODEWITHSUNDEEP
memorymemory-managementoperating-systemvirtual-machineqemu
Nitesh Joshi
Nitesh Joshi

Reputation: 113

Translation of virtual address to physical address

I have a question of how can we translate the virtual address and get a mapping of that address to the physical memory location.

I have a Windows VM running on Qemu which is hosted on my Ubuntu Linux system. I want to know how can we map programs running on Windows VM to a physical memory location on the host/Linux machine.

How can we do this virtual to physical mapping?

Thanks and advance.

Upvotes: 0

Views: 2419

Answers (1)

osgx
osgx

Reputation: 94175

how can we translate the virtual address and get a mapping of that address to the physical memory location.

In windows you can find physical address from virtual using kernel debugger "KD" (part of Windows SDK: https://msdn.microsoft.com/en-us/library/windows/hardware/ff539310(v=vs.85).aspx "Converting Virtual Addresses to Physical Addresses" or http://resources.infosecinstitute.com/translating-virtual-to-physical-address-on-windows-physical-addresses/:

Address Conversion Using !vtop. Suppose you are debugging a target computer on which the MyApp.exe process is running and you want to investigate the virtual address 0x0012F980. Here is the procedure you would use with the !vtop extension to determine the corresponding physical address.

In linux there is /proc/pid/pagemap file (where pid is process ip of target process - you should know that every process has own virtual-to-physical mapping), and there is post about pagemap parsing: http://fivelinesofcode.blogspot.ru/2014/03/how-to-translate-virtual-to-physical.html

I have a Windows VM running on Qemu which is hosted on my Ubuntu Linux system.

In your case there are two nested OS. There is some windows application in Windows OS. Windows OS thinks that it has some physical memory; but in fact it is emulation of physical memory by Qemu emulator.

Qemu is (in simplest non-accelerated case) just one of user application in linux; it has only virtual memory from Linux. So, memory which is emulated for Windows as physical (guest-physical) is actually host-virtual (but it is not 1-to-1 mapping, there is also qemu translation with some "memory-backend", which probably maps huge regions of guest-physical to host-virtual -http://blog.vmsplice.net/2016/01/qemu-internals-how-guest-physical-ram.html; check also Print range of memory addresses in qemu).

I want to know how can we map programs running on Windows VM to a physical memory location on the host/Linux machine.

Use Windows KD debugger to convert guest-virtual address from inner program to guest-physical address. Then use qemu command line to find, how qemu mapped guest-physical to virtual memory of qemu process (to host-virtual), get host-virtual address and convert it to host-physical with pagemap special file from 

/proc/`pidof qemu-system-x86_64`/pagemap

Upvotes: 1

Related Questions