2:08 a.m.
Thanks to all of you for your help.
I managed to get this going by simply adding a 512 MB 'hole' between
3.5 GB and 4 GB (per suggestion from the QEMU developers), i.e.,
moving all pages above 3.5 GB up by 512 MB. It's hard-coded and might
break in the future when KVM and/or its BIOS change but its good
enough for the moment.
...Juerg
On Wed, Aug 7, 2013 at 11:38 PM, George M. Garner Jr.
<ggarner_online(a)gmgsystemsinc.com> wrote:
Sébastien,
Here is the physical memory block for an x64 Windows 7 SP1 Hyper-V VM that
is equipped with 4 GiB of memory:
1: kd> dq nt!MmPhysicalMemoryBlock L1
fffff800`0290d038 fffffa83`007bbfc0
1: kd> dq /c1 fffffa83`007bbfc0
fffffa83`007bbfc0 00000000`00000003 NumberOfRanges
fffffa83`007bbfc8 00000000`000fff8e NumberOfPages
fffffa83`007bbfd0 00000000`00000001 StartingPFN
fffffa83`007bbfd8 00000000`0000009e NumberOfPFNs
fffffa83`007bbfe0 00000000`00000100 StartingPFN
fffffa83`007bbfe8 00000000`000f7ef0 NumberOfPFNs
fffffa83`007bbff0 00000000`00100000 StartingPFN
fffffa83`007bbff8 00000000`00008000 NumberOfPFNs
As you can see, the reserved areas are as follows:
0x00000000 - 0x00001000
0x0009f000 - 0x00100000
0xf7ff0000 - 0x100000000
Further detail may be obtained using the !arbiter command the results of
which are displayed at the end of this mail. As you can see, only a small
area is reserved for the virtual PCI bus. There is nothing that
specifically requires that any space be reserved below 4 GiB. That has been
the convention, but PC makers and VM vendors are free to make their own
design decisions. And in some cases they do so, as can be seen. Obviously,
the only sound way to reconstruct a systems physical memory space is if the
metadata describing the space is stored along with the data bits. If you
are working with a specific VM or PC you can make intelligent guesses, as
you did with VMWare. However, generalizing those assumptions to other VMs
and PCs is probably not going to work.
Regards,
George.
1: kd> !arbiter 2
DEVNODE fffffa83028a5b80 (HTREE\ROOT\0)
Memory Arbiter "RootMemory" at fffff800028d89c0
Allocated ranges:
0000000000000000 - 000000000009ffff
0000000000000000 - 0000000000000fff C 00000000 <Not on bus>
0000000000000000 - 000000000009ffff CB fffffa83028d6bb0
00000000000a0000 - 00000000000bffff S fffffa8302962600 (pci)
00000000000c0000 - 00000000000dffff B fffffa83028d6bb0
00000000000e0000 - 00000000000fffff B fffffa83028d6bb0
0000000000100000 - 00000000f7ffffff B fffffa83028d6bb0
00000000f8000000 - 00000000fffbffff S fffffa8302962600 (pci)
00000000fffc0000 - 00000000ffffffff B fffffa83028d6bb0
0000000fe0000000 - 0000000fffefffff S fffffa8302962600 (pci)
0001000000000000 - ffffffffffffffff 00000000 <Not on bus>
Possible allocation:
< none >
DEVNODE fffffa83028db710 (ACPI\PNP0A03\0)
Memory Arbiter "PCI Memory (b=0)" at fffffa83028e0960
Allocated ranges:
0000000000000000 - 000000000009ffff 00000000 <Not on bus>
00000000000a0000 - 00000000000bffff S fffffa8303dc0480
00000000000c0000 - 00000000f7ffffff 00000000 <Not on bus>
00000000f8000000 - 00000000fbffffff fffffa83028e6a10
(s3cap)
00000000fec00000 - 00000000fec00fff
00000000fec00000 - 00000000fec003ff CB fffffa8302874e30
00000000fec00000 - 00000000fec00fff CBA fffffa83028ea060
00000000fee00000 - 00000000fee00fff
00000000fee00000 - 00000000fee003ff CB fffffa8302874e30
00000000fee00000 - 00000000fee00fff CBA fffffa83028ea060
00000000fffc0000 - 0000000fdfffffff 00000000 <Not on bus>
0000000fff700000 - 0000000fffefffff fffffa830293c6c0
(SynthVid)
0000000ffff00000 - ffffffffffffffff
0000000ffff00000 - ffffffffffffffff C 00000000 <Not on
bus>
0001000000000000 - ffffffffffffffff C 00000000 <Not on
bus>
Possible allocation:
< none >
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users