page-150

Chapter 4/ System Briefing

The catch is that this only indicates if your system can support PAE, it

doesn't tell you if PAE support has been enabled. One way to determine if

PAE has been enabled is to peek in the registry and hunt for the following

key:

HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management

Under this key, there will be a REG_DWORD value named Physical AddressExten-

sion. If PAE has been enabled, this value will be set to 1.

Pages, Page Frames, and Page Frame Numbers

This point is important enough that I think it warrants repeating. The terms

page, page frame, and page frame number arc easy to get confuscd. A page

is a contiguous region in a linear address space. In the context of the IA-32

processor, a page can be 4 KB, 2 MB, or 4 MB in size (although it's almost

always 4 KB). There is no physical location associated with a page. A page

can reside in memory or on disk.

A page frame is a specific location in physical memory where a page is stored

when it resides in RAM. The physical address of this location can be rep¬

resented by a page frame number (PFN). This begs the question: "What's a

PEN?"

In the case where pages are 4 KB is size and PAE is not enabled, the PFN is

a 20-bit value (i.e., 0x12345), This 20-bit unsigned integer value represents a

32-bit physical address by assuming that the 12 least significant bits are zero

(i.e., 0x12345 is treated like 0x12345000). In other words, pages are aligned

on 4-KB boundaries, such that the address identified by a PFN is always a

multiple of 4,096.

Segmentation and Paging under Windows

The boundary between the operating system and user applications in Win¬

dows relies heavily on hardware-based mechanisms. The IA-32 processor

implements memory protecdon through both segmentation and paging. As

we'll see, Windows tends to rely more on paging than it does segmentation.

The elaborate four-ring model realized through segment privilege parameters

(i.e., our old friends CPL, RPL, and DPL) is eschewed in favor of a simpler

two-ring model where executable code in Windows is either running at the

supervisor level (i.e., in kernel mode) or at the user level (i.e., in user mode).