kd> x nt!MmSystem*
80469b80 nt!MmSystemDriverPage = <no type information>
80469508 nt!MmSystemLockOwner = <no type information>
8047e940 nt!MmSystemPageDirectory = <no type information>
80470ad4 nt!MmSystemProcessWorkingSetMax = <no type information>
80469a2c nt!MmSystemRangeStart = <no type information>
80470aa0 nt!MmSystemCacheWorkingSetList = <no type information>
80469930 nt!MmSystemPageColor = <no type information>
8047efd8 nt!MmSystemCacheEnd = <no type information>
8047e8f8 nt!MmSystemCachePteBase = <no type information>
80470aa8 nt!MmSystemCacheWsMinimum = <no type information>
8047e800 nt!MmSystemPtesEnd = <no type information>
80470ad0 nt!MmSystemProcessWorkingSetMin = <no type information>
8047ede4 nt!MmSystemShutdown = <no type information>
80469560 nt!MmSystemCacheWs = <no type information>
80469b78 nt!MmSystemCachePage = <no type information>
8047e7f8 nt!MmSystemPtesStart = <no type information>
80469520 nt!MmSystemWsLock = <no type information>
8047ee18 nt!MmSystemPageFileLocated = <no type information>
804694e0 nt!MmSystemLoadLock = <no type information>
80470aac nt!MmSystemCacheWsMaximum = <no type information>
8046ac00 nt!MmSystemCacheStart = <no type information>
8047f0b8 nt!MmSystemCacheWsle = <no type information>
80469b7c nt!MmSystemCodePage = <no type information>
8047f630 nt!MmSystemPteBase = <no type information>
8047e9dc nt!MmSystemSize = <no type information>
804694c8 nt!MmSystemPagePtes = <no type information>
8046b064 nt!MmSystemSpaceLock = <no type information>
内核内存起始于0x80000000
kd> !pte 0x80000000
80000000 - PDE at C0300800 PTE at C0200000
contains 000001E3 contains 00000000
pfn 0 GLDA--KWV LARGE PAGE
内核变量MmSystemPteBase就是C0200000
全局变量MmKseg2Frame = 0x20000。该变量指示在从0x80000000开始的哪个地址区域直接映射到了物理内存,也就是说,此时虚拟地址0x80000000 - 0x9fffffff映射到了物理地址00000000-1f000000。
范围 c0000000 - c01ffffc 用于00000000-7fffffff的页表
范围 c0200000 - c027ffff "吃掉" 4M地址页的地址
范围 c0280000 - c02ffffc 包含用于a0000000 - bfffffff的页
范围 c0300000 - c0300ffc PD 本身 (描述范围c0000000 - c03fffff)
范围 c0301000 - c03013fc c0400000 - c04fffff HyperSpace (更准确的说, 是1/4的hyper space)
范围 c0301400 - c03fffff 包含用于c050000 - ffffffff的页