at the 4th line of the picture's text, the entry point value is 0xFFFFFF0000006820, which is a 64bit virtual address sign extended from a 48bit virtual address i think.
i do remember that i tested this long time ago (longtimeago means that i'm not gonna do it once more), which conclude in that AMD64 won't work if the virtual address is larger than 0x7FFFFFFFFFFF, the largest value of a 47bit (NOT 48) value, and was proved by AMD64 Architecture Programmer’s Manual Volume 2:System Programming.
i checked this document again once after i found this problem. and i get this:
i think this means that the virtual address available is 47 bits only, and those larger than 0x7FFFFFFFFFFF should be sign extended to 64 bit in a "Canonical Address Form". and with Canonical Address Form we CANNOT access any address larger that 47bit(128TB), because the last 128TB of a 64bit space is mapped to the first 128T, and those between them cannot be referred to for the sake of sign extension defined in a Canonical address Form. and the address form used in Farok's sample have no benefit because it doesn't actually separate the system space to a higher part of a 64bit space. Am i right?5.1 Page Translation Overview
The AMD64 architecture enhances this support to allow translation of 64-bit virtual addresses into 52-bit physical addresses, although processor implementations can support smaller virtual-address and physical-address spaces.
The AMD64 architecture enhances the legacy translation support by allowing virtual addresses of up to 64 bits long to be translated into physical addresses of up to 52 bits long.
Currently, the AMD64 architecture defines a mechanism for translating 48-bit virtual addresses to 52-bit physical addresses. The mechanism used to translate a full 64-bit virtual address is reserved and will be described in a future AMD64 architectural specification.
i still have no idea of how to access anywhere beyond 128T, i didn't write msr to enable the NX bit.
thank you!