Click here to Skip to main content
15,996,462 members
Articles / Programming Languages / C

Access Physical Memory, Port and PCI Configuration Space

Rate me:
Please Sign up or sign in to vote.
4.95/5 (34 votes)
13 Apr 2009CPOL4 min read 234.4K   6.8K   98   51
Play with physical memory, port, PCI configuration space in user mode

Introduction

I recently developed a lot of interest in ACPI programming. By Googling, I found Intel’s ACPICA open source library. Of course, to make it work (such as read ACPI tables, evaluate ACPI methods), I must implement some functions to access physical memory, port and PCI configuration space, even install ISR.

It’s quite easy to implement these functions in kernel mode. But I don't want to put the whole ACPICA library in a “.sys” which will make it very hard to debug. Debugging is important for me because I always want to find out what really happens. So the only solution is to access these resources in user mode.

At first I used WinIO and it works. Yet after reading the source code, I found it used too many “undocumented” and “obsolete” functions. I decided to make a more elegant solution, and add the function of accessing PCI configuration space.

Background

1. The Architecture

I borrow the software architecture from WinIO: a kernel mode driver “phymem.sys” and a user mode DLL “pmdll.dll”. Applications can easily access physical memory using the functions exported by pmdll.dll, which will talk to the phymem.sys by standard “DeviceIoControl”.

To access PCI configuration space in a DDK recommended method, I wrote a PCI bus upper filter driver “PCIFlt.sys”. With this filter driver, we can find the unnamed PCI bus driver which lies under our named filter driver. Then we use “Driver Interface” to directly read and write PCI configuration space.

2. Access Physical Port

IA based PC uses separated port and memory address spaces. In kernel mode, we can read and write port with functions named like WRITE_PORT_UCHAR, READ_PORT_UCHAR.

3. Access Physical Memory

To access physical memory in user mode, we must map this memory region to the user process’ address space. One implementation is through the \Device\PhysicalMemory section object. This is first introduced in the old NT DDK samples. It uses obsolete functions which are not recommended; also the code is really hard to understand.

A better implementation can be found in MSDN. Only three steps are required:

  1. Use MmMapIoSpace to map physical address to kernel mode virtual address, driver can access this virtual address, but it’s not accessible in user mode.
  2. Use IoAllocateMdl and MmBuildMdlForNonPagedPool to build an MDL for the mapped physical address.
  3. Use MmMapLockedPages to map the physical pages described by MDL to user mode virtual address. Since our driver will always be the topmost driver, and run in the context of the current process, this user mode virtual address is valid to the caller.

4. Access PCI Configuration Space

Windows XP bus drivers must implement “Driver Interface” which can be acquired by sending it an IRP with major code IRP_MN_QUERY_INTERFACE. After acquiring “Driver Interface”, we can access the bus address space by calling the interface provided ReadConfig and WriteConfig routines.

The trouble is that the PCI bus driver has no name, that is, we can't find its device object. Without the PCI bus driver’s device object, we have no way to query its “Driver Interface”. The solution is providing a PCI bus upper filter driver, which will be layered above the actual function bus driver.

Using the Code

All source code is built under Visual C++ 6.0, XP DDK 2600, and Windows XP SP3. To build driver (.sys) in Visual C++ IDE, follow the next two steps:

  1. Set environment variable $DDKROOT to DDK installation directory, such as "D:\WINDDK\2600”.
  2. In VC++ IDE, Tools->Options->Directories->Show directories for, choose “Executable files”, add DDK bin directory and move to the first line, such as “D:\WINDDK\2600\BIN\X86”.

The driver source code uses PHDDebugPrint for debugging purposes. Reference the book “Writing Windows WDM Device Drivers” by Chris Cant.

Manual

  1. Copy pmdll.h, pmdll.lib to your source code directory, include and link with.
  2. Copy pmdll.dll, phymem.sys to your application directory to run with.
  3. Function Reference:
    C++
    BOOL LoadPhyMemDriver()

    Dynamically load phymem.sys into memory; Return TRUE if succeeded, otherwise FALSE.

    C++
    VOID UnloadPhyMemDriver()

    Unload phymem.sys from memory.

    C++
    PVOID MapPhyMem(DWORD phyAddr, DWORD memSize)

    Map physical memory to user virtual space

    • phyAddr = physical memory address
    • memSize = memory size in bytes
    C++
    VOID UnmapPhyMem(PVOID pVirAddr, DWORD memSize)

    Unmap mapped user virtual address

    • pVirAddr = mapped user virtual address (return value of MapPhyMem)
    • memSize = memory size in bytes
    C++
    BYTE ReadPortByte(WORD portAddr) 
    WORD ReadPortWord(WORD portAddr)
    DWORD ReadPortLong(WORD portAddr)

    Read one byte, two bytes and four bytes from Port address portAddr.

    C++
    VOID WritePortByte(WORD portAddr, BYTE portValue)
    VOID WritePortWord(WORD portAddr, WORD portValue)
    VOID WritePortLong(WORD portAddr, DWORD portValue) 

    Write one byte, two bytes and four bytes to Port address portAddr.

    C++
    BOOL ReadPCI(DWORD busNum, DWORD devNum, DWORD funcNum,
                                 DWORD regOff, DWORD bytes, PVOID pValue)

    Read PCI configuration space

    • busNum: Bus number (0-255)
    • devNum: Device number (0-31)
    • funcNum: Function number (0-7)
    • regOff: Register offset (0-255)
    • bytes: Bytes to read
    • pValue: Buffer to receive returned value (must be allocated by the function caller)
    C++
    BOOL WritePCI(DWORD busNum, DWORD devNum, DWORD funcNum, 
                                  DWORD regOff, DWORD bytes, PVOID pValue)

    Write PCI configuration space

    • busNum: Bus number (0-255)
    • devNum: Device number (0-31)
    • funcNum: Function number (0-7)
    • regOff: Register offset (0-255)
    • bytes: Bytes to read
    • pValue: New values to write

How to Install PCI Filter Driver

If you want to access PCI configuration space, the PCI filter driver “PCIFlt.sys” must be installed. In “Device Manager”, find “PCI Bus” and choose “Update Driver”, select the PCIFilter.inf. Don't automatically search the INF file, choose selecting driver by yourself.

The PCI filter driver may totally crash your computer, use it at your own risk.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
China China
From Shanghai, China

Comments and Discussions

 
QuestionAccess an unaligned PCIE address to inject an error on Windows Pin
Lili36015-Apr-15 22:07
Lili36015-Apr-15 22:07 
Questionvery nice Pin
dawin52026-Feb-15 21:08
dawin52026-Feb-15 21:08 
QuestionThis Code not working in window 7 64-bit. Pin
nareshlove12-Jul-14 1:48
nareshlove12-Jul-14 1:48 
QuestionNeed assistance with Phymem.sys - cannot make work Pin
Member 39067183-Nov-13 3:36
Member 39067183-Nov-13 3:36 
Questionhow to capture the output log? Pin
iteso17-Oct-13 22:56
professionaliteso17-Oct-13 22:56 
QuestionHow to use with multiple processes? Pin
tseries80019-Feb-13 7:31
tseries80019-Feb-13 7:31 
AnswerRe: How to use with multiple processes? Pin
cyb7028919-Feb-13 14:06
cyb7028919-Feb-13 14:06 
GeneralRe: How to use with multiple processes? Pin
tseries80020-Feb-13 6:33
tseries80020-Feb-13 6:33 
GeneralRe: How to use with multiple processes? Pin
tseries80020-Feb-13 9:21
tseries80020-Feb-13 9:21 
QuestionWhat should I do with upgraded OS Window8 for memory access through PCI? It used to work on WindowXP Pin
Member 98081123-Feb-13 13:47
Member 98081123-Feb-13 13:47 
Questioni am not able to use this code any one can help me Pin
vikaspot16-Jan-13 18:38
vikaspot16-Jan-13 18:38 
QuestionInstallation fails on Windows XP Pin
RedScreen12-Aug-11 4:49
RedScreen12-Aug-11 4:49 
Questionscanning from the application fails on win 7 x64 Pin
Member 766391824-Feb-11 19:36
Member 766391824-Feb-11 19:36 
QuestionHow to make PhyMem work for XP PAE Pin
Keunlee9920-Dec-10 11:04
Keunlee9920-Dec-10 11:04 
GeneralIt works for win 7 x64 Pin
kaoea7-Nov-10 16:17
kaoea7-Nov-10 16:17 
GeneralLoadPhyMemDriver() returns failed Pin
Leonid.ravich31-Oct-10 5:22
Leonid.ravich31-Oct-10 5:22 
GeneralRe: LoadPhyMemDriver() returns failed Pin
vaggosbboy@gmail.com10-Dec-12 9:05
vaggosbboy@gmail.com10-Dec-12 9:05 
GeneralIs not working on Windows 7 64bits (need driver compatible) Pin
kornx225-Oct-10 21:40
kornx225-Oct-10 21:40 
GeneralMy vote of 5 Pin
BoatBum2-Aug-10 4:35
BoatBum2-Aug-10 4:35 
GeneralCannot apply in Win7 Pin
Pdaus21-Apr-10 16:28
Pdaus21-Apr-10 16:28 
GeneralRe: Cannot apply in Win7 Pin
bharatkv27-Apr-10 20:30
bharatkv27-Apr-10 20:30 
GeneralRe: Cannot apply in Win7 Pin
Pdaus27-Apr-10 21:51
Pdaus27-Apr-10 21:51 
GeneralIntercept I/O Port and re-route data to Bit-Bang driver Pin
Gobsek20-Apr-10 12:07
Gobsek20-Apr-10 12:07 
QuestionHint for accessing IO port to change SATA transfer mode? Pin
Configer27-Mar-10 10:06
Configer27-Mar-10 10:06 
QuestionHow to install the filter driver? Pin
hustsolo4-Mar-10 16:10
hustsolo4-Mar-10 16:10 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.