Arkady
Thu Aug 19 02:27:25 CDT 2004
Correct , but mov eax, cr3 possible to use in Win9x in
user app too , look at the similar question on kernel's group
http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&c2coff=1&threadm=ndk5i0to73dlhqad8bv22uvjgm7lq2bcfm%404ax.com&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26c2coff%3D1%26group%3Dmicrosoft.public.win32.programmer.kernel
Arkady
"Stephan Wolf [MVP]" <stewo68@hotmail.com> wrote in message
news:14h4i0t9dko1et5r9hkcomrro359hohn3f@4ax.com...
> Umm, IIRC, access to CRx is restricted to privileged code, i.e. ring 0
> or kernel-mode. Also, PUSH CRx is AFAIK not allowed, try MOV EAX,CR3
> instead.
>
> Stephan
> ---
> On 17 Aug 2004 05:53:48 -0700, alphamcu@hanmail.net (AlphaMCU) wrote:
>
> >Hello all.
> >I have a question about getting cr3 value. (page directory base address)
> >
> >In softice, the 'PAGE' command shows the cr3 value exactly.
> >(on windows 2000, 0x30000. on windows xp, 0x39000)
> >But, my driver can't catch the value. (0xb9e83d8f <- like this)
> >
> >the code is this.
> >push cr3
> >pop eax
> >
> >it doesn't work.
> >I think this is because my driver is called in a user process, not in
kernel.
> >
> >so, my question is this.
> >is there any way to get the cr3 value of the kernel? (running a thread in
kernel?)
> >if no, how can i use the same method like softice's.
> >
> >thanks for reading.