Hi,

I was recently looking at the windows kernel address space layout and noticed that physical address 0xf0000 (bios page) is mapped several hundred times (roughly .7Mb) in windows kernel address space (pte type - syspte). I wasn't able to justify the need for such a large mapping to the same physical page and was wondering if there is an obvious reason to that which I am missing? Thought I would check before I start tracing the kernel allocation code to dig deeper. Please let me know if you have any thoughts on this. Thanks.

Kamala

How did you determine that you had several hundred bios mappings? If I use the Softice PHYS command in XP to translate the physical address 0xf0000 to virtual, I get exactly 2 shadow mappings. Both show a recognizable SMBIOS Entry Point Table structure and distinctive vendor string.

Approaching it from a different angle, if I search all memory above 0x80000000 for the SMBIOS header string '_SM_', I get exactly 3 hits, though one now may be a Softice mapping.

Are you certain that your mappings are actually BIOS code?

I used WinDgb. A bit more on that (could possibly help others as well) - I used cmkd debugger extension (http://www.codemachine.com/tool_cmkd.html) to get the kernel virtual address space layout and used !pte windbg extension command in a script to conditionally check for physical address of certain range. I am surprised SoftICE listed only 2 mappings. What version of Windows and SoftICE are you using?

Also, doing a search starting at the same address above and for the whole kernel address range under windbg does list all instances of '_SM_' and there are way more than 3.

Unless there is a flaw in the approach I have mentioned here, I believe they must be BIOS physical address mapping.