MMPFN Union 4

The MMPFN (Memory Manager Page Frame Number) structure is the key to pretty much everything that the Memory Manager knows about a page of physical memory that is in general use. Since an array of these structures for all physical memory needs to be kept in physical memory, the MMPFN is its own substantial overhead. Presumably to keep this down, ever more gets packed in to the MMPFN ever more intricately.

Windows XP squeezed ULONG bit fields into what had been the PteFrame at the end of the MMPFN, relabelling the whole as EntireFrame. Versions 6.0 and 6.1 have just the structure of bit fields before version 6.2 restores access to the whole as an integral type but now with the name EntireField.

Offset (x86) Offset (PAE) Offset (x64) Definition Versions
0x14 0x18 0x28
ULONG_PTR EntireFrame;
5.1 to 5.2
0x14 0x18 0x28
struct {
    /*  changing bit fields, see below  */
};
5.1 and higher
0x14 0x18 0x28
ULONG_PTR EntireField;
6.2 and higher

While 32-bit and 64-bit Windows need deal only with 36-bit and 48-bit physical addresses, pages of physical memory do not need the whole ULONG or ULONGLONG that Microsoft defines for the PFN_NUMBER. Wherever a physical page number is kept in anything that’s similar to a Page Table Entry (PTE), there are always the low 12 bits for flags. In 64-bit Windows, and in 32-bit Windows with PAE, each PTE is eight bytes and high bits are available too. Finding these bits for use as flags is the reason that the u4 exists. The original name, PteFrame, survives just as the first of these bit fields. Its width took some time to settle:

Version PFN Bit Width
x86 x64
5.1 to early 5.2 26  
late 5.2 25 57
6.0 to 6.1 25 52
6.2 25 36
6.3 and higher 24 36

See that the reduction in what to allow has been more about the need for creating space somewhere in the MMPFN (both here and in u1 and especially in u2) than about codifying the width that’s implied by 36-bit and 48-bit physical address spaces. Whatever its value for the version, the width of a PFN is represented below as PFN_BITS.

Mask (x86) Mask (x64) Definition Versions
0x03FFFFFF (5.1 to early 5.2);
0x01FFFFFF (late 5.2 to 6.2);
0x00FFFFFF
0x01FFFFFF`FFFFFFFF (late 5.2);
0x000FFFFF`FFFFFFFF (6.0 to 6.1);
0x0000000F`FFFFFFFF
ULONG_PTR PteFrame : PFN_BITS;
5.1 and higher
  0x00000030`00000000
ULONG_PTR Channel : 2;
6.2 and higher
  0x00000040`00000000
ULONG_PTR Unused1 : 1;
6.3 and higher
  0x00000080`00000000
ULONG_PTR Unused2 : 1;
6.3 and higher
  0x0003FF00`00000000
ULONG_PTR Partition : 10;
10.0 and higher
  0x00700000`00000000 (6.0 to 6.1);
0x003FFFC0`00000000 (6.2);
0x001FFF00`00000000 (6.3);
0x000C0000`00000000
ULONG_PTR Unused : 3;
6.0 to 6.1
ULONG_PTR Unused : 16;
6.2 only
ULONG_PTR Unused3 : 13;
6.3 only
ULONG_PTR Spare : 2;
10.0 and higher
  0x00100000`00000000
ULONG_PTR FileOnly : 1;
10.0 and higher
  0x00400000`00000000 (6.2);
0x00200000`00000000
ULONG_PTR PfnExists : 1;
6.2 and higher
0x02000000 (6.0 to 6.1) 0x00800000`00000000 (6.0 to 6.1)
ULONG_PTR PfnImageVerified : 1;
6.0 to 6.1
0x06000000 (6.2);
0x07000000
0x01800000`00000000 (6.2);
0x01C00000`00000000
ULONG_PTR PageIdentity : 2;
6.2 only
ULONG_PTR PageIdentity : 3;
6.3 and higher
0x04000000 (5.1 to early 5.2);
0x02000000 (late 5.2)
0x02000000`00000000 (late 5.2)
ULONG_PTR InPageError : 1;
5.1 to 5.2
0x08000000 (5.1 to early 5.2);
0x04000000 (late 5.2)
0x04000000`00000000 (late 5.2)
ULONG_PTR VerifierAllocation : 1;
5.1 to 5.2
0x10000000 (late 5.1 to early 5.2);
0x08000000 (late 5.2);
0x04000000
0x08000000`00000000 (late 5.2);
0x01000000`00000000
ULONG_PTR AweAllocation : 1;
late 5.1 and higher
0x08000000 0x02000000`00000000
ULONG_PTR PrototypePte : 1;
6.0 and higher
0x20000000 (late 5.1 to early 5.2)  
ULONG LockCharged : 1;
late 5.1 to early 5.2
0x40000000 (late 5.1 to early 5.2)  
ULONG KernelStack : 1;
late 5.1 to early 5.2
0x70000000 (late 5.2) 0x70000000`00000000 (late 5.2)
ULONG_PTR Priority : 3;
late 5.2 only
0x80000000 (5.2) 0x80000000`00000000 (late 5.2)
ULONG_PTR MustBeCached : 1;
5.2 only
0xF0000000 0xFC000000`00000000
ULONG_PTR PageColor : 4;
6.0 and higher (x86)
ULONG_PTR PageColor : 6;
6.0 and higher (x64)
0xF0000000 (early 5.1);
0x80000000 (late 5.1)
 
ULONG Reserved : 4;
early 5.1 only
ULONG Reserved : 1;
late 5.1 only

Several of the bit fields move between this union and the MMPFNENTRY structure: