# credit * buck - inspiration for most of this. * Ch40zz - helping me connect the dots. # nasa-tables paging table manipulation from user-mode. operations such as getting and setting all paging table entries and values are offered. the code is aware of large pages and allows the programmer to allocate 2mb pages if needed (without going through all of the shenanigans of breaking a 2mb page down over a new PT handled by the user). Please disable spectra/meltdown since this patch creates two sets of PML4's per process (which i dont support). Link to write up can be found [here](https://back.engineering/post/virtual-memory/). # example ```cpp // only time driver needs to be loaded is to init physmeme/kernel_ctx... nasa::load_drv(); nasa::kernel_ctx kernel; if (kernel.clear_piddb_cache(nasa::drv_key, util::get_file_header((void*)raw_driver)->TimeDateStamp)) std::cout << "[+] flushed PIDDB Cache for physmeme driver..." << std::endl; nasa::unload_drv(); const std::pair my_proc_data = { GetCurrentProcessId(), virt_addr_t{ GetModuleHandle(NULL) } }; std::cout << "[+] my pid: " << std::hex << my_proc_data.first << std::endl; std::cout << "[+] my base: " << std::showbase << std::hex << my_proc_data.second.value << std::endl; nasa::mem_ctx my_proc(kernel, my_proc_data.first); const auto module_base = my_proc_data.second; std::cout << "[+] base address pml4e: " << std::hex << my_proc[module_base.pml4_index].value << std::endl; std::cout << "[+] base address pdpte: " << std::hex << my_proc[{module_base.pml4_index, module_base.pdpt_index}].value << std::endl; std::cout << "[+] base address pde: " << std::hex << my_proc[{module_base.pml4_index, module_base.pdpt_index, module_base.pd_index}].value << std::endl; std::cout << "[+] base address pte: " << std::hex << my_proc[{module_base.pml4_index, module_base.pdpt_index, module_base.pd_index, module_base.pt_index}].value << std::endl; ``` result: ``` [+] flushed PIDDB Cache for physmeme driver... [+] my pid: 2634 [+] my base: 00007FF64BBB0000 [+] base address pml4e: 0xa000000d82b3867 [+] base address pdpte: 0xa000002df3b4867 [+] base address pde: 0xa0000016fcb5867 [+] base address pte: 0x80000001b1185025 ``` # table entry manipulation - get/set pml4e's - get/set pdpte's - get/set pde's - get/set pte's # table manipulation - copy table - make self referencing table. # virtual memory - convert virtual addresses to physical addresses - get table entries for a given address - change table entries for a given address # limitations - please disable spectre/meltdown! - please uninstall avast! (they destory physmeme!) - this code may not work for AMD!