!pa2va (convert physical address to virtual address)
Description of '!pa2va' command in HyperDbg.
Command
!pa2va
Syntax
!pa2va [PhysicalAddress (hex)] [pid ProcessId (hex)]
Description
Converts the PHYSICAL address to the VIRTUAL address.
Parameters
[PhysicalAddress (hex)]
The target physical address.
[pid ProcessId (hex)] (optional)
The Process Id of where you want to convert the address based on it.
If you don't specify the pid, then the default pid is the current process (HyperDbg) process layout of memory.
In the Debugger Mode, the pid (parameter) is ignored. If you want to view another process memory, use the '.process' command to switch to another process memory layout.
Examples
The following command shows the physical address of 21c9370.
The following command shows the physical address of the result of evaluating @rax+@rbx+5.
The following command shows the physical address of 21c9370in the process layout of process id (0x4).
IOCTL
This function works by calling DeviceIoControl with IOCTL = IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, you have to send it in the following structure.
You should only fill the VirtualAddress of the above structure when you want a physical address and fill the above PhysicalAddress when you want a virtual address. Also, set IsVirtual2Physical to true in the case of virtual-to-physical and set it to false in the case of physical-to-virtual.
If you want to convert based on another process memory layout, then put its process ID. Otherwise, put the current process id on it. ProcessId is ignored in debugger mode.
Remarks
If the physical address or process id does not exist, then it shows 0.
This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.
Requirements
None
Related
Last updated