Skip to content

paging ¤

Classes:

Functions:

Attributes:

INVALID_ADDR module-attribute ¤

INVALID_ADDR = 1 << 64

PageTableLevel dataclass ¤

PageTableLevel(name: str, entry: int, virt: int, idx: int)

Attributes:

name instance-attribute ¤

name: str

entry instance-attribute ¤

entry: int

virt instance-attribute ¤

virt: int

idx instance-attribute ¤

idx: int

PageTableScan ¤

PageTableScan(pi: ArchPagingInfo)

Methods:

  • scan

    this needs to be EXTREMELY optimized as it is used to display context

  • walk

Attributes:

paging_level instance-attribute ¤

paging_level = paging_level

PAGE_ENTRY_MASK instance-attribute ¤

PAGE_ENTRY_MASK = PAGE_ENTRY_MASK

PAGE_INDEX_LEN instance-attribute ¤

PAGE_INDEX_LEN = PAGE_INDEX_LEN

PAGE_INDEX_MASK instance-attribute ¤

PAGE_INDEX_MASK = PAGE_INDEX_MASK

page_shift instance-attribute ¤

page_shift = page_shift

should_stop_pagewalk instance-attribute ¤

should_stop_pagewalk = should_stop_pagewalk

pagesz instance-attribute ¤

pagesz = 1 << page_shift

ptrsize instance-attribute ¤

ptrsize = ptrsize

inf instance-attribute ¤

inf = selected_inferior()

fmt instance-attribute ¤

fmt = '<' + ('Q' if ptrsize == 8 else 'I') * (pagesz // ptrsize)

cache instance-attribute ¤

cache: dict[tuple[int, int], list[tuple[int, int, int]]] = {}

entry_cache instance-attribute ¤

entry_cache: dict[int, list[int]] = {}

arch instance-attribute ¤

arch = name

scan ¤

scan(entry: int, is_kernel: bool = False) -> list[Page]

this needs to be EXTREMELY optimized as it is used to display context making as few functions calls or memory reads as possible avoid unnecessary python pointer deferences or repetative computations whenever possible when benchmarked on the same linux kernels, on average: - gdb-pt-dump takes ~0.153 for x64 and 5.572 seconds for aarch64 - this implementation takes less than 0.065 seconds to complete for x64 and 0.491 seconds for aarch64 → around 45-65% of the time is used to read qemu system memory depending on arch and kernel (the theoratical limit would be that all time consumed is used for reading memory) → 2.35x speed up for x64 and more than 10x speed up for aarch64 one caveat is that it occasionally show unmapped (checked with pagewalk) vmalloc regions but that happens for gdb-pt-dump as well

walk ¤

walk(target: int, entry: int) -> list[PageTableLevel]

ArchPagingInfo ¤

Methods:

Attributes:

USERLAND class-attribute instance-attribute ¤

USERLAND = 'userland'

KERNELLAND class-attribute instance-attribute ¤

KERNELLAND = 'kernel [.text]'

KERNELRO class-attribute instance-attribute ¤

KERNELRO = 'kernel [.rodata]'

KERNELBSS class-attribute instance-attribute ¤

KERNELBSS = 'kernel [.bss]'

KERNELDRIVER class-attribute instance-attribute ¤

KERNELDRIVER = 'kernel [.driver .bpf]'

ESPSTACK class-attribute instance-attribute ¤

ESPSTACK = 'espfix'

PHYSMAP class-attribute instance-attribute ¤

PHYSMAP = 'physmap'

VMALLOC class-attribute instance-attribute ¤

VMALLOC = 'vmalloc'

VMEMMAP class-attribute instance-attribute ¤

VMEMMAP = 'vmemmap'

STRUCT_PAGE_SIZE property ¤

STRUCT_PAGE_SIZE: int

STRUCT_PAGE_SHIFT property ¤

STRUCT_PAGE_SHIFT: int

physmap property ¤

physmap: int

vmalloc property ¤

vmalloc: int

vmemmap property ¤

vmemmap: int

kbase property ¤

kbase: int | None

page_shift property ¤

page_shift: int

paging_level property ¤

paging_level: int

PAGE_ENTRY_MASK property ¤

PAGE_ENTRY_MASK: int

PAGE_INDEX_LEN property ¤

PAGE_INDEX_LEN: int

PAGE_INDEX_MASK property ¤

PAGE_INDEX_MASK: int

phys_offset property ¤

phys_offset: int

va_bits property ¤

va_bits: int

pagetable_level_names property ¤

pagetable_level_names: tuple[str, ...]

adjust ¤

adjust(name: str) -> str

markers ¤

markers() -> tuple[tuple[str, int], ...]

handle_kernel_pages ¤

handle_kernel_pages(pages: tuple[Page, ...]) -> None

kbase_helper ¤

kbase_helper(address: int) -> int | None

pagewalk ¤

pagewalk(target: int, entry: int | None) -> tuple[PageTableLevel, ...]

pagetable_scan ¤

pagetable_scan(entry: int | None = None) -> list[Page]

pagetablescan ¤

pagetablescan(entry: int) -> PageTableScan | None

switch_to_phymem_mode ¤

switch_to_phymem_mode() -> tuple[str, bool]

pagewalk_helper ¤

pagewalk_helper(target: int, entry: int) -> tuple[PageTableLevel, ...]

pagetable_scan_helper ¤

pagetable_scan_helper(entry: int, is_kernel: bool = False) -> list[Page]

pageentry_bitflags ¤

pageentry_bitflags(level: int) -> BitFlags

should_stop_pagewalk ¤

should_stop_pagewalk(level: int) -> bool

x86_64PagingInfo ¤

Bases: ArchPagingInfo

Methods:

Attributes:

pagetable_level_names property ¤

pagetable_level_names: tuple[str, ...]

va_bits property ¤

va_bits: int

physmap property ¤

physmap: int

kbase property ¤

kbase: int | None

page_shift property ¤

page_shift: int

vmalloc property ¤

vmalloc: int

vmemmap property ¤

vmemmap: int

paging_level property ¤

paging_level: int

USERLAND class-attribute instance-attribute ¤

USERLAND = 'userland'

KERNELLAND class-attribute instance-attribute ¤

KERNELLAND = 'kernel [.text]'

KERNELRO class-attribute instance-attribute ¤

KERNELRO = 'kernel [.rodata]'

KERNELBSS class-attribute instance-attribute ¤

KERNELBSS = 'kernel [.bss]'

KERNELDRIVER class-attribute instance-attribute ¤

KERNELDRIVER = 'kernel [.driver .bpf]'

ESPSTACK class-attribute instance-attribute ¤

ESPSTACK = 'espfix'

PHYSMAP class-attribute instance-attribute ¤

PHYSMAP = 'physmap'

VMALLOC class-attribute instance-attribute ¤

VMALLOC = 'vmalloc'

VMEMMAP class-attribute instance-attribute ¤

VMEMMAP = 'vmemmap'

STRUCT_PAGE_SIZE property ¤

STRUCT_PAGE_SIZE: int

STRUCT_PAGE_SHIFT property ¤

STRUCT_PAGE_SHIFT: int

PAGE_ENTRY_MASK property ¤

PAGE_ENTRY_MASK: int

PAGE_INDEX_LEN property ¤

PAGE_INDEX_LEN: int

PAGE_INDEX_MASK property ¤

PAGE_INDEX_MASK: int

phys_offset property ¤

phys_offset: int

get_vmalloc_vmemmap_bases ¤

get_vmalloc_vmemmap_bases() -> tuple[int, int]

markers ¤

markers() -> tuple[tuple[str, int], ...]

adjust ¤

adjust(name: str) -> str

handle_kernel_pages ¤

handle_kernel_pages(pages: tuple[Page, ...]) -> None

pagewalk ¤

pagewalk(target: int, entry: int | None) -> tuple[PageTableLevel, ...]

pagetable_scan ¤

pagetable_scan(entry: int | None = None) -> list[Page]

pageentry_bitflags ¤

pageentry_bitflags(_: int) -> BitFlags

should_stop_pagewalk ¤

should_stop_pagewalk(entry: int) -> bool

kbase_helper ¤

kbase_helper(address: int) -> int | None

pagetablescan ¤

pagetablescan(entry: int) -> PageTableScan | None

switch_to_phymem_mode ¤

switch_to_phymem_mode() -> tuple[str, bool]

pagewalk_helper ¤

pagewalk_helper(target: int, entry: int) -> tuple[PageTableLevel, ...]

pagetable_scan_helper ¤

pagetable_scan_helper(entry: int, is_kernel: bool = False) -> list[Page]

Aarch64PagingInfo ¤

Aarch64PagingInfo()

Bases: ArchPagingInfo

Methods:

Attributes:

VMEMMAP_START instance-attribute ¤

VMEMMAP_START = None

VMEMMAP_SIZE instance-attribute ¤

VMEMMAP_SIZE = None

PAGE_OFFSET instance-attribute ¤

PAGE_OFFSET = None

pagetable_level_names property ¤

pagetable_level_names: tuple[str, ...]

tcr_el1 property ¤

tcr_el1: BitFlags

va_bits property ¤

va_bits: int

va_bits_min property ¤

va_bits_min: int

vmalloc property ¤

vmalloc: int

physmap property ¤

physmap: int

kbase property ¤

kbase: int | None

kversion property ¤

kversion: tuple[int, ...] | None

module_start property ¤

module_start: int | None

vmemmap property ¤

vmemmap: int

pci property ¤

pci: int

fixmap property ¤

fixmap: int

ksize property ¤

ksize: int

page_shift_heuristic property ¤

page_shift_heuristic: int

page_shift property ¤

page_shift: int

page_shift_user property ¤

page_shift_user: int

paging_level property ¤

paging_level: int

phys_offset property ¤

phys_offset: int

USERLAND class-attribute instance-attribute ¤

USERLAND = 'userland'

KERNELLAND class-attribute instance-attribute ¤

KERNELLAND = 'kernel [.text]'

KERNELRO class-attribute instance-attribute ¤

KERNELRO = 'kernel [.rodata]'

KERNELBSS class-attribute instance-attribute ¤

KERNELBSS = 'kernel [.bss]'

KERNELDRIVER class-attribute instance-attribute ¤

KERNELDRIVER = 'kernel [.driver .bpf]'

ESPSTACK class-attribute instance-attribute ¤

ESPSTACK = 'espfix'

PHYSMAP class-attribute instance-attribute ¤

PHYSMAP = 'physmap'

VMALLOC class-attribute instance-attribute ¤

VMALLOC = 'vmalloc'

VMEMMAP class-attribute instance-attribute ¤

VMEMMAP = 'vmemmap'

STRUCT_PAGE_SIZE property ¤

STRUCT_PAGE_SIZE: int

STRUCT_PAGE_SHIFT property ¤

STRUCT_PAGE_SHIFT: int

PAGE_ENTRY_MASK property ¤

PAGE_ENTRY_MASK: int

PAGE_INDEX_LEN property ¤

PAGE_INDEX_LEN: int

PAGE_INDEX_MASK property ¤

PAGE_INDEX_MASK: int

markers ¤

markers() -> tuple[tuple[str, int], ...]

adjust ¤

adjust(name: str) -> str

handle_kernel_pages ¤

handle_kernel_pages(pages: tuple[Page, ...]) -> None

pagewalk ¤

pagewalk(target: int, entry: int | None) -> tuple[PageTableLevel, ...]

pagetable_scan ¤

pagetable_scan(entry: int | None = None) -> list[Page]

pageentry_bitflags ¤

pageentry_bitflags(level: int) -> BitFlags

should_stop_pagewalk ¤

should_stop_pagewalk(entry: int) -> bool

kbase_helper ¤

kbase_helper(address: int) -> int | None

pagetablescan ¤

pagetablescan(entry: int) -> PageTableScan | None

switch_to_phymem_mode ¤

switch_to_phymem_mode() -> tuple[str, bool]

pagewalk_helper ¤

pagewalk_helper(target: int, entry: int) -> tuple[PageTableLevel, ...]

pagetable_scan_helper ¤

pagetable_scan_helper(entry: int, is_kernel: bool = False) -> list[Page]

first_kernel_page_start ¤

first_kernel_page_start() -> int