4 GB discussion

[user57]

the EIP is for instructions (instrution pointer) (and useally is connected to a segment called the CS segment (or Code Segment)
but a executable is not only made of instructions
(buffers for example or just "data", some can see this with a PE editor the .text section is for code)

using just 2 segments would already double the amount of memory (the segments in 32 bit proctected mode are 16 bit of in hex FFFF)
the other segment is called the DS (or Data Segment) 

16 bit means 65536 possible segments (this time including segment 0 or the 0)

CS segment + eip = 16 bit * 32 bit = 65536 GB of ram (4 GB * 65536)  (4 gb = 4´294´967´295) (4 gb * 65536 = 262144)
DS segment + eip = 16 bit * 32 bit = 65536 GB of ram (4 GB * 65536)
ES, GS could also be of interests 
FS is used by MS (but only 2 numbers/vars)

(different approach : 4294967296 (32 bit size limit) * 65536 / 8 / 1024 (kb) / 1024 (mb) / 1024 (gb) = gb)
4294967296 * 65536 = 281470681743360 (again thats 1 segment only)

281470681743360 / 8 (byte) / 1024 (kb) / 1024 (mb) / 1024 (gb) = 32767 gb (this one is precise, not skipping
some parts of the calculation or bits nor the 0)

depending on how we calculate we either can use the / 8 for byte or / 1024 ( next kbit skip) or even the the classical / 1000 steps

------------------------------------------------------------------
an example for 16 bit (segments)

that was a common trick in 16 bit 
16 bits are FFFF and FFFF is 65535 (without the 0, aka you have to +1 that for the 0)
what people might have heared 16 bit can use 1 megabyte of ram instead of 64k/65k ram (speacing k not kbit)

thats because in 16 bit segments are used
16 bit have a segment register of 4 bits 
that makes 20 bit

and 20 bit are ? we know 1048575 aka 1 MB  (if we include the 0 then +1 = 1048576)

thats also why they say "k not kbit"

1 M would be the right term (or it would be / 8 (byte) / 1024 (kb) / 1024 (mb))
https://en.wikipedia.org/wiki/Megabyte
--------------------------------------------
here comes the trick point now
we have PDE´s and PTE´s

to simplify i will discuss that a bit easier

the PTE is a relation to the direct physical memory 
as you guys might know we have severial executables (or processes running) in windows / in an operating system
those used to start at 00400000 (for all processes) 
but how can it be that the same EIP for every process is 00400000 

would that not just execute always the same programm or all at once ?
right that dont make sence (if you said has a own address space yes but how can it lead to same memory address?)

the reason is the PTE, that PTE holds the relation to a physical page 

thats why on every process change (the PDBR page directory base register)
that PTE´s can address/point to a different memory (also the ones above 4 gb)
and haveing all the time the same EIP at 00400000 /start of program 

https://en.wikipedia.org/wiki/Page_table

the combination of 2 times 10 bits make only 20 bit (PDE and PTE)
however here pages are the size of 4096 bit / 1 page (you are right this is 4 GB again (20 bits * 4096 
= FFFFF(1048576) * 4096 = 4 GB) 

but here is the tricky part now

the /PSE makes this 4 k (4096 bit) page to a 4 MB page (2 MB for /PAE)     t    g    m   k    b
taking that route for 2 mb (2097150) * FFFFF (20 bit possibilies (1048576) ) = 2´199´019´061´250

and that can be done just by turning the PSE flag on (and therefore point to higher memory then 4 gb)
therefore XP / 32 bit can address with simple calculation / 1000 (kb) / 1000 (mb) / 1000 (gb) (often done with harddrives)
= 2199 GB 

the real one however is / 8 / 1024 / 1024 / 1024 = 255 GByte (the non bit calculation or however i should call that)

and that´s only per 1 process/executable, and even only 1 segment ! - because again the PDBR can be changed by process/executable

using 1 segment already gives 65536 times that 2199 / 255 GB

and each process can be addressed with different PTE´s (also the physical pages above 4 gb)

 

thats a win win situation

------------------------------
Chappells reasoning is good
 
in sence of that license detection, we cant see what windows really do here ...
he later then explains that the license sets the PAE flag (but here i saw that with that 2 times 9 bit limit on the os wikipedia website)

in sence of "hdd" (today ssd)) as ram im chappels meaning , you actually can use a SSD or HDD
as memory and thats nothing new even (if memory is not needed unchange that (for example a level of a game))

and just use that ram again .... or store it in the harddrive - also possible

in sence of DMA i dont know what chappels know here i cant talk about that i just dont know

in sence of MMPFN i also dont know about this, it sounds interesting what chappell write here but
maybe that MMPFN (from microsoft) always had the possibility - or maybe just it dont - i really cant tell

one more word about /PAE the wiki page says for PAE its 2 times 9 bits that makes 18 bits
and having only 2 mb page (that results in less ram what is possible with the normal paging, but more then 4gb still (around 137 gb thats near to chappels 128 gb)
/PAE was rather of the NX flag nature (what is a data protection mechanism)

if im wrong im happly being corrected

https://msfn.org/board/topic/130001-32bit-windows-not-usingseeing-all-4gb-ram/

Edited October 31, 2023 by user57