1. The actual application of TLB in CPU of X86 system started from Intel 486CPU. In CPU of X86 system, there are generally four TLB groups as follows: The first group: Instruction page table cache (Instruction page table cache) of general page table (4K byte page); Group 2: Data page table cache (DATA-TLB) that caches general page tables (4K-byte pages); The third group: Instruction page table cache (instruction-TLB) for caching large size page tables (2M/4M byte pages); The fourth group: cache large size page table (2M/4M byte page) Data page table cache (DATA-TLB) details of TLB can be viewed online. This section describes how to verify TLB functions using codes.

2. Verify the existence of TLB implementation, through the gate weight to zero ring into the specified function to achieve TLB function. Here I build the call gate kd> R GDTR GDTR =80b99000 KD > DQ 80b99000 80b99000 0000000000000000 00CF9b000000FFFF 80b99010 00CF93000000FFFF 00cffb000000ffff 80b99020 00cff3000000ffff 80008b1e400020ab 80b99030 834093f6cc003748 0040f30000000fff 80b99040 0000F2000400FFFF 0040EC0000081005 // Door 80B99050 830089F6A0000068 830089F6A0680068 80B99060 0000000000000000 0000000000000000 80b99070 800092b9900003ff 0000000000000000

Then jump to the door and jump through call.Copy the code

Int main(int argc, char* argv[]) {char buf[6] = {0,0,0,0,0X48,0}; printf(“%x\n”,test); __asm{ pushad; pushfd; push fs; call fword ptr buf; pop fs; popfd; popad; } printf(“%x\n”,temp); return 0;

}

If we look at our TLB implementation function, we will first mount a physical page (0x01234867) to address 0. Just don't blue screen. Write 12345678 to address 0. Then mount a new physical page for address 0 (0x02345867) and save the read value to temp.Copy the code

void __declspec(naked) test(){

__asm{

mov dword ptr ds:[0XC0000000],0x01234867;
mov dword ptr ds:[0],0x12345678;
Copy the code

/* mov ecx,cr3; mov cr3,ecx; // refresh TLB */ mov dword PTR ds:[0XC0000000],0x02345867; mov eax,dword ptr ds:[0]; mov temp,eax; retf;

}} Normally, if you don’t know TLB, it will be 0x02345867, but when we run the program, it will be 0x01234867.

So how to refresh the TLB? In fact, the TLB will refresh when the process is switched. So refresh CR3.Copy the code

void __declspec(naked) test(){

__asm{

mov dword ptr ds:[0XC0000000],0x01234867; mov dword ptr ds:[0],0x12345678; mov ecx,cr3; mov cr3,ecx; // Refresh TLB mov DWORD PTR DS :[0XC0000000],0x02345867; mov eax,dword ptr ds:[0]; mov temp,eax; retf;Copy the code

}} In a look at the running results, found that TLB was successfully refreshed last: HOPE you can click like add attention, want to obtain network security information please add V; gogquick