Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Languages / C

Access Physical Memory, Port and PCI Configuration Space

4.95/5 (34 votes)
13 Apr 2009CPOL4 min read 236K   6.8K  
Play with physical memory, port, PCI configuration space in user mode

Introduction

I recently developed a lot of interest in ACPI programming. By Googling, I found Intel’s ACPICA open source library. Of course, to make it work (such as read ACPI tables, evaluate ACPI methods), I must implement some functions to access physical memory, port and PCI configuration space, even install ISR.

It’s quite easy to implement these functions in kernel mode. But I don't want to put the whole ACPICA library in a “.sys” which will make it very hard to debug. Debugging is important for me because I always want to find out what really happens. So the only solution is to access these resources in user mode.

At first I used WinIO and it works. Yet after reading the source code, I found it used too many “undocumented” and “obsolete” functions. I decided to make a more elegant solution, and add the function of accessing PCI configuration space.

Background

1. The Architecture

I borrow the software architecture from WinIO: a kernel mode driver “phymem.sys” and a user mode DLL “pmdll.dll”. Applications can easily access physical memory using the functions exported by pmdll.dll, which will talk to the phymem.sys by standard “DeviceIoControl”.

To access PCI configuration space in a DDK recommended method, I wrote a PCI bus upper filter driver “PCIFlt.sys”. With this filter driver, we can find the unnamed PCI bus driver which lies under our named filter driver. Then we use “Driver Interface” to directly read and write PCI configuration space.

2. Access Physical Port

IA based PC uses separated port and memory address spaces. In kernel mode, we can read and write port with functions named like WRITE_PORT_UCHAR, READ_PORT_UCHAR.

3. Access Physical Memory

To access physical memory in user mode, we must map this memory region to the user process’ address space. One implementation is through the \Device\PhysicalMemory section object. This is first introduced in the old NT DDK samples. It uses obsolete functions which are not recommended; also the code is really hard to understand.

A better implementation can be found in MSDN. Only three steps are required:

  1. Use MmMapIoSpace to map physical address to kernel mode virtual address, driver can access this virtual address, but it’s not accessible in user mode.
  2. Use IoAllocateMdl and MmBuildMdlForNonPagedPool to build an MDL for the mapped physical address.
  3. Use MmMapLockedPages to map the physical pages described by MDL to user mode virtual address. Since our driver will always be the topmost driver, and run in the context of the current process, this user mode virtual address is valid to the caller.

4. Access PCI Configuration Space

Windows XP bus drivers must implement “Driver Interface” which can be acquired by sending it an IRP with major code IRP_MN_QUERY_INTERFACE. After acquiring “Driver Interface”, we can access the bus address space by calling the interface provided ReadConfig and WriteConfig routines.

The trouble is that the PCI bus driver has no name, that is, we can't find its device object. Without the PCI bus driver’s device object, we have no way to query its “Driver Interface”. The solution is providing a PCI bus upper filter driver, which will be layered above the actual function bus driver.

Using the Code

All source code is built under Visual C++ 6.0, XP DDK 2600, and Windows XP SP3. To build driver (.sys) in Visual C++ IDE, follow the next two steps:

  1. Set environment variable $DDKROOT to DDK installation directory, such as "D:\WINDDK\2600”.
  2. In VC++ IDE, Tools->Options->Directories->Show directories for, choose “Executable files”, add DDK bin directory and move to the first line, such as “D:\WINDDK\2600\BIN\X86”.

The driver source code uses PHDDebugPrint for debugging purposes. Reference the book “Writing Windows WDM Device Drivers” by Chris Cant.

Manual

  1. Copy pmdll.h, pmdll.lib to your source code directory, include and link with.
  2. Copy pmdll.dll, phymem.sys to your application directory to run with.
  3. Function Reference:
    C++
    BOOL LoadPhyMemDriver()

    Dynamically load phymem.sys into memory; Return TRUE if succeeded, otherwise FALSE.

    C++
    VOID UnloadPhyMemDriver()

    Unload phymem.sys from memory.

    C++
    PVOID MapPhyMem(DWORD phyAddr, DWORD memSize)

    Map physical memory to user virtual space

    • phyAddr = physical memory address
    • memSize = memory size in bytes
    C++
    VOID UnmapPhyMem(PVOID pVirAddr, DWORD memSize)

    Unmap mapped user virtual address

    • pVirAddr = mapped user virtual address (return value of MapPhyMem)
    • memSize = memory size in bytes
    C++
    BYTE ReadPortByte(WORD portAddr) 
    WORD ReadPortWord(WORD portAddr)
    DWORD ReadPortLong(WORD portAddr)

    Read one byte, two bytes and four bytes from Port address portAddr.

    C++
    VOID WritePortByte(WORD portAddr, BYTE portValue)
    VOID WritePortWord(WORD portAddr, WORD portValue)
    VOID WritePortLong(WORD portAddr, DWORD portValue) 

    Write one byte, two bytes and four bytes to Port address portAddr.

    C++
    BOOL ReadPCI(DWORD busNum, DWORD devNum, DWORD funcNum,
                                 DWORD regOff, DWORD bytes, PVOID pValue)

    Read PCI configuration space

    • busNum: Bus number (0-255)
    • devNum: Device number (0-31)
    • funcNum: Function number (0-7)
    • regOff: Register offset (0-255)
    • bytes: Bytes to read
    • pValue: Buffer to receive returned value (must be allocated by the function caller)
    C++
    BOOL WritePCI(DWORD busNum, DWORD devNum, DWORD funcNum, 
                                  DWORD regOff, DWORD bytes, PVOID pValue)

    Write PCI configuration space

    • busNum: Bus number (0-255)
    • devNum: Device number (0-31)
    • funcNum: Function number (0-7)
    • regOff: Register offset (0-255)
    • bytes: Bytes to read
    • pValue: New values to write

How to Install PCI Filter Driver

If you want to access PCI configuration space, the PCI filter driver “PCIFlt.sys” must be installed. In “Device Manager”, find “PCI Bus” and choose “Update Driver”, select the PCIFilter.inf. Don't automatically search the INF file, choose selecting driver by yourself.

The PCI filter driver may totally crash your computer, use it at your own risk.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)