Hello,
I am learning to use Intel Virtualization Extensions VMX and EPT.
I have allocated Paging - Tables & Directory for one vmcs in memory, and loaded toy os in it. Next I have created another vmcs, and paging using ept. I want to share toy os paging with newly allocated paging tables & directories as “copy-on-write”.
I was searching for VirtualProtect(Ex) equivalent in kernel. Unable to find it.
So my question is:
How can I change memory protection value of page from kernel driver? The memory is kernel memory: NonPaged
I am doing it on windows.
You can’t mark most of the system(kernel) space as COW.
The idea of COW is that a page is considered as writable but has write access disabled in PTE with CopyOnWrite flag being set in PTE ( as a software reserved bit ). When this COW page is being written the page fault handler allocates a private page for a particular virtual address and allows write access in PTE.
The page fault handler doesn’t invoke copy-on-write processing ( MiCopyOnWrite or MiCopyOnWriteEx ) for virtual address ranges accessible for mapping from a driver with standard API like MmMapLockedPagesSpecifyCache instead the system will bugcheck on write to read-only virtual address range even if you somehow set CopyOnWrite flag for a PTE.
The page fault handler performs copy-on-write for special ranges like the session space but in that case a private page mapping made by COW is valid only in the context of a particular process/session and as far as I know the session space range is not accessible for mapping from third party drivers.