#include <ntoskrnl.h>
#include <cache/section/newmm.h>
#include <debug.h>
#include "ARM3/miarm.h"

Include dependency graph for marea.c:

Macros
#define	NDEBUG

Functions

PMEMORY_AREA NTAPI MmLocateMemoryAreaByAddress (PMMSUPPORT AddressSpace, PVOID Address)

PMEMORY_AREA NTAPI MmLocateMemoryAreaByRegion (PMMSUPPORT AddressSpace, PVOID Address_, ULONG_PTR Length)

BOOLEAN NTAPI MmIsAddressRangeFree (_In_ PMMSUPPORT AddressSpace, _In_ PVOID Address, _In_ ULONG_PTR Length)

VOID NTAPI MiInsertVad (IN PMMVAD Vad, IN PMM_AVL_TABLE VadRoot)

ULONG NTAPI MiMakeProtectionMask (IN ULONG Protect)

static VOID MmInsertMemoryArea (PMMSUPPORT AddressSpace, PMEMORY_AREA marea, ULONG Protect)

PVOID NTAPI MmFindGap (PMMSUPPORT AddressSpace, ULONG_PTR Length, ULONG_PTR Granularity, BOOLEAN TopDown)

VOID NTAPI MiRemoveNode (IN PMMADDRESS_NODE Node, IN PMM_AVL_TABLE Table)

MmFreeMemoryArea

Free an existing memory area.

Parameters

AddressSpace	Address space to free the area from.
MemoryArea	Memory area we're about to free.
FreePage	Callback function for each freed page.
FreePageContext	Context passed to the callback function.

Returns: Status

Remarks: Lock the address space before calling this function.

NTSTATUS NTAPI MmFreeMemoryArea (PMMSUPPORT AddressSpace, PMEMORY_AREA MemoryArea, PMM_FREE_PAGE_FUNC FreePage, PVOID FreePageContext)

MmCreateMemoryArea

Create a memory area.

Parameters

AddressSpace	Address space to create the area in.
Type	Type of the memory area.
BaseAddress	Base address for the memory area we're about the create. On input it contains either 0 (auto-assign address) or preferred address. On output it contains the starting address of the newly created area.
Length	Length of the area to allocate.
Attributes	Protection attributes for the memory area.
Result	Receives a pointer to the memory area on successful exit.

Returns: Status

Remarks: Lock the address space before calling this function.

NTSTATUS NTAPI MmCreateMemoryArea (PMMSUPPORT AddressSpace, ULONG Type, PVOID *BaseAddress, ULONG_PTR Length, ULONG Protect, PMEMORY_AREA *Result, ULONG AllocationFlags, ULONG Granularity)

VOID NTAPI MiRosCleanupMemoryArea (PEPROCESS Process, PMMVAD Vad)

Variables
MEMORY_AREA	MiStaticMemoryAreas [MI_STATIC_MEMORY_AREAS]

ULONG	MiStaticMemoryAreaCount

MM_AVL_TABLE	MiRosKernelVadRoot

BOOLEAN	MiRosKernelVadRootInitialized

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 45 of file marea.c.

Function Documentation

◆ MiInsertVad()

VOID NTAPI MiInsertVad	(	IN PMMVAD	Vad,
		IN PMM_AVL_TABLE	VadRoot
	)

Definition at line 222 of file vadnode.c.

{
    TABLE_SEARCH_RESULT Result;
    PMMADDRESS_NODE Parent = NULL;
 
    ASSERT_LOCKED_FOR_WRITE(VadRoot);
 
    /* Validate the VAD and set it as the current hint */
    ASSERT(Vad->EndingVpn >= Vad->StartingVpn);
    VadRoot->NodeHint = Vad;
 
    /* Find the parent VAD and where this child should be inserted */
    Result = RtlpFindAvlTableNodeOrParent(VadRoot, (PVOID)Vad->StartingVpn, &Parent);
    ASSERT(Result != TableFoundNode);
    ASSERT((Parent != NULL) || (Result == TableEmptyTree));
 
    /* Do the actual insert operation */
    MiInsertNode(VadRoot, (PVOID)Vad, Parent, Result);
}

Referenced by MmInsertMemoryArea().

◆ MiMakeProtectionMask()

ULONG NTAPI MiMakeProtectionMask ( IN ULONG Protect )

Definition at line 140 of file section.c.

{
    ULONG Mask1, Mask2, ProtectMask;
 
    /* PAGE_EXECUTE_WRITECOMBINE is theoretically the maximum */
    if (Protect >= (PAGE_WRITECOMBINE * 2)) return MM_INVALID_PROTECTION;
 
    /*
     * Windows API protection mask can be understood as two bitfields, differing
     * by whether or not execute rights are being requested
     */
    Mask1 = Protect & 0xF;
    Mask2 = (Protect >> 4) & 0xF;
 
    /* Check which field is there */
    if (!Mask1)
    {
        /* Mask2 must be there, use it to determine the PTE protection */
        if (!Mask2) return MM_INVALID_PROTECTION;
        ProtectMask = MmUserProtectionToMask2[Mask2];
    }
    else
    {
        /* Mask2 should not be there, use Mask1 to determine the PTE mask */
        if (Mask2) return MM_INVALID_PROTECTION;
        ProtectMask = MmUserProtectionToMask1[Mask1];
    }
 
    /* Make sure the final mask is a valid one */
    if (ProtectMask == MM_INVALID_PROTECTION) return MM_INVALID_PROTECTION;
 
    /* Check for PAGE_GUARD option */
    if (Protect & PAGE_GUARD)
    {
        /* It's not valid on no-access, nocache, or writecombine pages */
        if ((ProtectMask == MM_NOACCESS) ||
            (Protect & (PAGE_NOCACHE | PAGE_WRITECOMBINE)))
        {
            /* Fail such requests */
            return MM_INVALID_PROTECTION;
        }
 
        /* This actually turns on guard page in this scenario! */
        ProtectMask |= MM_GUARDPAGE;
    }
 
    /* Check for nocache option */
    if (Protect & PAGE_NOCACHE)
    {
        /* The earlier check should've eliminated this possibility */
        ASSERT((Protect & PAGE_GUARD) == 0);
 
        /* Check for no-access page or write combine page */
        if ((ProtectMask == MM_NOACCESS) || (Protect & PAGE_WRITECOMBINE))
        {
            /* Such a request is invalid */
            return MM_INVALID_PROTECTION;
        }
 
        /* Add the PTE flag */
        ProtectMask |= MM_NOCACHE;
    }
 
    /* Check for write combine option */
    if (Protect & PAGE_WRITECOMBINE)
    {
        /* The two earlier scenarios should've caught this */
        ASSERT((Protect & (PAGE_GUARD | PAGE_NOACCESS)) == 0);
 
        /* Don't allow on no-access pages */
        if (ProtectMask == MM_NOACCESS) return MM_INVALID_PROTECTION;
 
        /* This actually turns on write-combine in this scenario! */
        ProtectMask |= MM_NOACCESS;
    }
 
    /* Return the final MM PTE protection mask */
    return ProtectMask;
}

Referenced by MiIsProtectionCompatible(), MmCreateArm3Section(), MmCreateSection(), MmInsertMemoryArea(), MmMapViewOfArm3Section(), and NtMapViewOfSection().

◆ MiRemoveNode()

VOID NTAPI MiRemoveNode	(	IN PMMADDRESS_NODE	Node,
		IN PMM_AVL_TABLE	Table
	)

Definition at line 403 of file vadnode.c.

{
    ASSERT_LOCKED_FOR_WRITE(Table);
 
    /* Call the AVL code */
    RtlpDeleteAvlTreeNode(Table, Node);
 
    /* Decrease element count */
    Table->NumberGenericTableElements--;
 
    /* Check if this node was the hint */
    if (Table->NodeHint == Node)
    {
        /* Get a new hint, unless we're empty now, in which case nothing */
        if (!Table->NumberGenericTableElements) Table->NodeHint = NULL;
        else Table->NodeHint = Table->BalancedRoot.RightChild;
    }
}

Referenced by MmFreeMemoryArea().

◆ MiRosCleanupMemoryArea()

VOID NTAPI MiRosCleanupMemoryArea	(	PEPROCESS	Process,
		PMMVAD	Vad
	)

Definition at line 493 of file marea.c.

{
    PMEMORY_AREA MemoryArea;
    PVOID BaseAddress;
    NTSTATUS Status;
 
    /* We must be called from MmCleanupAddressSpace and nowhere else!
       Make sure things are as expected... */
    ASSERT(Process == PsGetCurrentProcess());
    ASSERT(Process->VmDeleted == TRUE);
    ASSERT(((PsGetCurrentThread()->ThreadsProcess == Process) &&
            (Process->ActiveThreads == 1)) ||
           (Process->ActiveThreads == 0));
 
    MemoryArea = (PMEMORY_AREA)Vad;
    BaseAddress = (PVOID)MA_GetStartingAddress(MemoryArea);
 
    if (MemoryArea->Type == MEMORY_AREA_SECTION_VIEW)
    {
        Status = MiRosUnmapViewOfSection(Process, MemoryArea, BaseAddress, Process->ProcessExiting);
    }
#ifdef NEWCC
    else if (MemoryArea->Type == MEMORY_AREA_CACHE)
    {
        Status = MmUnmapViewOfCacheSegment(&Process->Vm, BaseAddress);
    }
#endif
    else
    {
        /* There shouldn't be anything else! */
        ASSERT(FALSE);
    }
 
    /* Make sure this worked! */
    ASSERT(NT_SUCCESS(Status));
}

Referenced by MmCleanProcessAddressSpace().

◆ MmCreateMemoryArea()

NTSTATUS NTAPI MmCreateMemoryArea	(	PMMSUPPORT	AddressSpace,
		ULONG	Type,
		PVOID *	BaseAddress,
		ULONG_PTR	Length,
		ULONG	Protect,
		PMEMORY_AREA *	Result,
		ULONG	AllocationFlags,
		ULONG	Granularity
	)

Definition at line 379 of file marea.c.

{
    ULONG_PTR tmpLength;
    PMEMORY_AREA MemoryArea;
    ULONG_PTR EndingAddress;
 
    DPRINT("MmCreateMemoryArea(Type 0x%lx, BaseAddress %p, "
           "*BaseAddress %p, Length %p, AllocationFlags %x, "
           "Result %p)\n",
           Type, BaseAddress, *BaseAddress, Length, AllocationFlags,
           Result);
 
    /* Is this a static memory area? */
    if (Type & MEMORY_AREA_STATIC)
    {
        /* Use the static array instead of the pool */
        ASSERT(MiStaticMemoryAreaCount < MI_STATIC_MEMORY_AREAS);
        MemoryArea = &MiStaticMemoryAreas[MiStaticMemoryAreaCount++];
    }
    else
    {
        /* Allocate the memory area from nonpaged pool */
        MemoryArea = ExAllocatePoolWithTag(NonPagedPool,
                                           sizeof(MEMORY_AREA),
                                           TAG_MAREA);
    }
 
    if (!MemoryArea)
    {
        DPRINT1("Not enough memory.\n");
        return STATUS_NO_MEMORY;
    }
 
    RtlZeroMemory(MemoryArea, sizeof(MEMORY_AREA));
    MemoryArea->Type = Type & ~MEMORY_AREA_STATIC;
    MemoryArea->Flags = AllocationFlags;
    MemoryArea->Magic = 'erAM';
    MemoryArea->DeleteInProgress = FALSE;
    MI_SET_MEMORY_AREA_VAD(&MemoryArea->VadNode);
    if (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3)
    {
        MI_SET_ROSMM_VAD(&MemoryArea->VadNode);
    }
 
    if (*BaseAddress == 0)
    {
        tmpLength = (ULONG_PTR)MM_ROUND_UP(Length, PAGE_SIZE);
        *BaseAddress = MmFindGap(AddressSpace,
                                 tmpLength,
                                 Granularity,
                                 (AllocationFlags & MEM_TOP_DOWN) == MEM_TOP_DOWN);
        if ((*BaseAddress) == 0)
        {
            DPRINT("No suitable gap\n");
            if (!(Type & MEMORY_AREA_STATIC)) ExFreePoolWithTag(MemoryArea, TAG_MAREA);
            return STATUS_NO_MEMORY;
        }
 
        MemoryArea->VadNode.StartingVpn = (ULONG_PTR)*BaseAddress >> PAGE_SHIFT;
        MemoryArea->VadNode.EndingVpn = ((ULONG_PTR)*BaseAddress + tmpLength - 1) >> PAGE_SHIFT;
        MmInsertMemoryArea(AddressSpace, MemoryArea, Protect);
    }
    else
    {
        EndingAddress = ((ULONG_PTR)*BaseAddress + Length - 1) | (PAGE_SIZE - 1);
        *BaseAddress = ALIGN_DOWN_POINTER_BY(*BaseAddress, Granularity);
        tmpLength = EndingAddress + 1 - (ULONG_PTR)*BaseAddress;
 
        if (!MmGetAddressSpaceOwner(AddressSpace) && *BaseAddress < MmSystemRangeStart)
        {
            ASSERT(FALSE);
            if (!(Type & MEMORY_AREA_STATIC)) ExFreePoolWithTag(MemoryArea, TAG_MAREA);
            return STATUS_ACCESS_VIOLATION;
        }
 
        if (MmGetAddressSpaceOwner(AddressSpace) &&
                (ULONG_PTR)(*BaseAddress) + tmpLength > (ULONG_PTR)MmSystemRangeStart)
        {
            DPRINT("Memory area for user mode address space exceeds MmSystemRangeStart\n");
            if (!(Type & MEMORY_AREA_STATIC)) ExFreePoolWithTag(MemoryArea, TAG_MAREA);
            return STATUS_ACCESS_VIOLATION;
        }
 
        /* No need to check ARM3 owned memory areas, the range MUST be free */
        if (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3)
        {
            if (!MmIsAddressRangeFree(AddressSpace, *BaseAddress, tmpLength))
            {
                DPRINT("Memory area already occupied\n");
                if (!(Type & MEMORY_AREA_STATIC)) ExFreePoolWithTag(MemoryArea, TAG_MAREA);
                return STATUS_CONFLICTING_ADDRESSES;
            }
        }
 
        MemoryArea->VadNode.StartingVpn = (ULONG_PTR)*BaseAddress >> PAGE_SHIFT;
        MemoryArea->VadNode.EndingVpn = ((ULONG_PTR)*BaseAddress + tmpLength - 1) >> PAGE_SHIFT;
        MmInsertMemoryArea(AddressSpace, MemoryArea, Protect);
    }
 
    *Result = MemoryArea;
 
    DPRINT("MmCreateMemoryArea() succeeded (%p)\n", *BaseAddress);
    return STATUS_SUCCESS;
}

Referenced by MiCreateArm3StaticMemoryArea(), and MmMapViewOfSegment().

◆ MmFindGap()

PVOID NTAPI MmFindGap	(	PMMSUPPORT	AddressSpace,
		ULONG_PTR	Length,
		ULONG_PTR	Granularity,
		BOOLEAN	TopDown
	)

Definition at line 190 of file marea.c.

{
    PEPROCESS Process;
    PMM_AVL_TABLE VadRoot;
    TABLE_SEARCH_RESULT Result;
    PMMADDRESS_NODE Parent;
    ULONG_PTR StartingAddress, HighestAddress;
 
    Process = MmGetAddressSpaceOwner(AddressSpace);
    VadRoot = Process ? &Process->VadRoot : &MiRosKernelVadRoot;
    if (TopDown)
    {
        /* Find an address top-down */
        HighestAddress = Process ? (ULONG_PTR)MM_HIGHEST_VAD_ADDRESS : (LONG_PTR)-1;
        Result = MiFindEmptyAddressRangeDownTree(Length,
                                                 HighestAddress,
                                                 Granularity,
                                                 VadRoot,
                                                 &StartingAddress,
                                                 &Parent);
    }
    else
    {
        Result = MiFindEmptyAddressRangeInTree(Length,
                                               Granularity,
                                               VadRoot,
                                               &Parent,
                                               &StartingAddress);
    }
 
    if (Result == TableFoundNode)
    {
        return NULL;
    }
 
    return (PVOID)StartingAddress;
}

Referenced by MmCreateMemoryArea(), and MmMapViewOfSection().

◆ MmFreeMemoryArea()

NTSTATUS NTAPI MmFreeMemoryArea	(	PMMSUPPORT	AddressSpace,
		PMEMORY_AREA	MemoryArea,
		PMM_FREE_PAGE_FUNC	FreePage,
		PVOID	FreePageContext
	)

Definition at line 258 of file marea.c.

{
    ULONG_PTR Address;
    PVOID EndAddress;
 
    /* Make sure we own the address space lock! */
    ASSERT(CONTAINING_RECORD(AddressSpace, EPROCESS, Vm)->AddressCreationLock.Owner == KeGetCurrentThread());
 
    /* Check magic */
    ASSERT(MemoryArea->Magic == 'erAM');
 
    if (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3)
    {
        PEPROCESS CurrentProcess = PsGetCurrentProcess();
        PEPROCESS Process = MmGetAddressSpaceOwner(AddressSpace);
 
        if ((Process != NULL) && (Process != CurrentProcess))
        {
            KeAttachProcess(&Process->Pcb);
        }
 
        EndAddress = MM_ROUND_UP(MA_GetEndingAddress(MemoryArea), PAGE_SIZE);
        for (Address = MA_GetStartingAddress(MemoryArea);
                Address < (ULONG_PTR)EndAddress;
                Address += PAGE_SIZE)
        {
            BOOLEAN Dirty = FALSE;
            SWAPENTRY SwapEntry = 0;
            PFN_NUMBER Page = 0;
            BOOLEAN DoFree;
 
            if (MmIsPageSwapEntry(Process, (PVOID)Address))
            {
                MmDeletePageFileMapping(Process, (PVOID)Address, &SwapEntry);
                /* We'll have to do some cleanup when we're on the page file */
                DoFree = TRUE;
            }
            else if (FreePage == NULL)
            {
                DoFree = MmDeletePhysicalMapping(Process, (PVOID)Address, &Dirty, &Page);
            }
            else
            {
                DoFree = MmDeleteVirtualMapping(Process, (PVOID)Address, &Dirty, &Page);
            }
            if (DoFree && (FreePage != NULL))
            {
                FreePage(FreePageContext, MemoryArea, (PVOID)Address,
                         Page, SwapEntry, (BOOLEAN)Dirty);
            }
        }
 
        if (MemoryArea->VadNode.StartingVpn < (ULONG_PTR)MmSystemRangeStart >> PAGE_SHIFT)
        {
            ASSERT(MemoryArea->VadNode.EndingVpn + 1 < (ULONG_PTR)MmSystemRangeStart >> PAGE_SHIFT);
#ifdef NEWCC
            ASSERT(MemoryArea->Type == MEMORY_AREA_SECTION_VIEW || MemoryArea->Type == MEMORY_AREA_CACHE);
#else
            ASSERT(MemoryArea->Type == MEMORY_AREA_SECTION_VIEW);
#endif
 
            /* We do not have fake ARM3 memory areas anymore. */
            ASSERT(MI_IS_MEMORY_AREA_VAD(&MemoryArea->VadNode));
            MiLockProcessWorkingSet(PsGetCurrentProcess(), PsGetCurrentThread());
            MiRemoveNode((PMMADDRESS_NODE)&MemoryArea->VadNode, &Process->VadRoot);
            MiUnlockProcessWorkingSet(PsGetCurrentProcess(), PsGetCurrentThread());
        }
        else
        {
            MiLockWorkingSet(PsGetCurrentThread(), &MmSystemCacheWs);
            MiRemoveNode((PMMADDRESS_NODE)&MemoryArea->VadNode, &MiRosKernelVadRoot);
            MiUnlockWorkingSet(PsGetCurrentThread(), &MmSystemCacheWs);
        }
 
        if ((Process != NULL) && (Process != CurrentProcess))
        {
            KeDetachProcess();
        }
    }
 
#if DBG
    MemoryArea->Magic = 'daeD';
#endif
    ExFreePoolWithTag(MemoryArea, TAG_MAREA);
 
    DPRINT("MmFreeMemoryArea() succeeded\n");
 
    return STATUS_SUCCESS;
}

Referenced by MmUnmapViewOfSegment().

◆ MmInsertMemoryArea()

static VOID MmInsertMemoryArea	(	PMMSUPPORT	AddressSpace,
		PMEMORY_AREA	marea,
		ULONG	Protect
	)

static

Definition at line 144 of file marea.c.

{
    PEPROCESS Process = MmGetAddressSpaceOwner(AddressSpace);
 
    marea->VadNode.u.VadFlags.Protection = MiMakeProtectionMask(Protect);
 
    /* Build a lame VAD if this is a user-space allocation */
    if (marea->VadNode.EndingVpn + 1 < (ULONG_PTR)MmSystemRangeStart >> PAGE_SHIFT)
    {
        ASSERT(Process != NULL);
        if (marea->Type != MEMORY_AREA_OWNED_BY_ARM3)
        {
#ifdef NEWCC
            ASSERT(marea->Type == MEMORY_AREA_SECTION_VIEW || marea->Type == MEMORY_AREA_CACHE);
#else
            ASSERT(marea->Type == MEMORY_AREA_SECTION_VIEW);
#endif
 
            /* Insert the VAD */
            MiLockProcessWorkingSetUnsafe(PsGetCurrentProcess(), PsGetCurrentThread());
            MiInsertVad(&marea->VadNode, &Process->VadRoot);
            MiUnlockProcessWorkingSetUnsafe(PsGetCurrentProcess(), PsGetCurrentThread());
        }
    }
    else
    {
        ASSERT(Process == NULL);
 
        if (!MiRosKernelVadRootInitialized)
        {
            MiRosKernelVadRoot.BalancedRoot.u1.Parent = &MiRosKernelVadRoot.BalancedRoot;
            MiRosKernelVadRoot.Unused = 1;
            MiRosKernelVadRootInitialized = TRUE;
        }
 
        /* Insert the VAD */
        MiLockWorkingSet(PsGetCurrentThread(), &MmSystemCacheWs);
        MiInsertVad(&marea->VadNode, &MiRosKernelVadRoot);
        MiUnlockWorkingSet(PsGetCurrentThread(), &MmSystemCacheWs);
    }
}

Referenced by MmCreateMemoryArea().

◆ MmIsAddressRangeFree()

BOOLEAN NTAPI MmIsAddressRangeFree	(	_In_ PMMSUPPORT	AddressSpace,
		_In_ PVOID	Address,
		_In_ ULONG_PTR	Length
	)

Definition at line 111 of file marea.c.

{
    ULONG_PTR StartVpn = (ULONG_PTR)Address / PAGE_SIZE;
    ULONG_PTR EndVpn = ((ULONG_PTR)Address + Length - 1) / PAGE_SIZE;
    PEPROCESS Process;
    PMM_AVL_TABLE Table;
    PMMADDRESS_NODE Node;
    TABLE_SEARCH_RESULT Result;
 
    Process = MmGetAddressSpaceOwner(AddressSpace);
    Table = (Process != NULL) ? &Process->VadRoot : &MiRosKernelVadRoot;
 
    Result = MiCheckForConflictingNode(StartVpn, EndVpn, Table, &Node);
 
    return (Result != TableFoundNode);
}

Referenced by MmCreateMemoryArea(), and MmMapViewOfSection().

◆ MmLocateMemoryAreaByAddress()

PMEMORY_AREA NTAPI MmLocateMemoryAreaByAddress	(	PMMSUPPORT	AddressSpace,
		PVOID	Address
	)

Definition at line 61 of file marea.c.

{
    /* Do it the simple way */
    return MmLocateMemoryAreaByRegion(AddressSpace, Address, 1);
}

Referenced by MmAlterViewAttributes(), MmNotPresentFault(), MmpAccessFault(), MmPageOutPhysicalAddress(), MmpPageOutPhysicalAddress(), MmUnmapViewInSystemSpace(), and MmUnmapViewOfSegment().

◆ MmLocateMemoryAreaByRegion()

PMEMORY_AREA NTAPI MmLocateMemoryAreaByRegion	(	PMMSUPPORT	AddressSpace,
		PVOID	Address_,
		ULONG_PTR	Length
	)

Definition at line 71 of file marea.c.

{
    ULONG_PTR StartVpn = (ULONG_PTR)Address_ / PAGE_SIZE;
    ULONG_PTR EndVpn = ((ULONG_PTR)Address_ + Length - 1) / PAGE_SIZE;
    PEPROCESS Process;
    PMM_AVL_TABLE Table;
    PMMADDRESS_NODE Node;
    PMEMORY_AREA MemoryArea;
    TABLE_SEARCH_RESULT Result;
    PMMVAD_LONG Vad;
 
    Process = MmGetAddressSpaceOwner(AddressSpace);
    Table = (Process != NULL) ? &Process->VadRoot : &MiRosKernelVadRoot;
 
    Result = MiCheckForConflictingNode(StartVpn, EndVpn, Table, &Node);
    if (Result != TableFoundNode)
    {
        return NULL;
    }
 
    Vad = (PMMVAD_LONG)Node;
    if (!MI_IS_MEMORY_AREA_VAD(Vad))
    {
        /* This is an ARM3 VAD, we don't return it. */
        return NULL;
    }
    else
    {
        MemoryArea = (PMEMORY_AREA)Node;
    }
 
    ASSERT(MemoryArea != NULL);
    return MemoryArea;
}