Thursday, October 9, 2014

Windows 7 Memory Management I

+ Memory Manager Tasks
    - Translating/Mapping a process' virtual address space into physical memory. The subset of a process's virtual address space that is physically resident is called the working set.
    - Paging some of the memory to disk when it becomes over-committed. Bringing them back when needed.
    - memory mapped files (section objects), copy-on-write memory, support for applications using large, sparse address spaces

 + Memory Manager Components
    - exists in Ntoskrnl.exe, no parts in HAL.
    - allocating, de-allocating, and managing virtual memory, through Windows API or kernel-mode device driver interfaces
    - translation-not-vaild and access fault trap handler
    - 6 key top-level routines, each running in one of 6 different kernel-mode threads
        * balance set manager (priority 16) calls inner routine working set manager once per second
        * process/stack swapper (priority 23) performs both process and kernel thread stack in-swapping and out-swapping
        * modified page writer (priority 17) writes dirty pages on the modified list back to the appropriate paging files
        * mapped page writer (priority 17) writes dirty pages in mapped files to disk. This second writer thread is necessary because it can generate page faults that result in requests for free pages. If there were no free pages and there was only one modified page writer thread, the system could deadlock waiting for free pages.
        * segment dereference thread (priority 18) is responsible for cache reduction, page file growth and shrinkage.
        * zero page thread zeroes (base priority 23) out pages on the free list so that a cache of zero pages is available to satisfy future demand-zero page faults.


+ Internal Synchronization
    - to guarantee that memory manager is fully re-entrant.
    - system-wide resources that need to synchronize access:
        * dynamically allocated portions of the system virtual address space
        * system working sets
        * kernel memory pools
        * the list of loaded drivers
        * the list of paging files
        * physical memory lists
        * image base randomization (ASLR) structures
        * each individual entry in the page frame number (PFN) database
    - per-process memory manager data structures that require synchronization:
        * working set lock (held when changes are being made to the working set list)
        * address space lock (held when the address space is being changed)
        * both are implemented using pushlocks

+ Tools
    - Task manager
    - Process Explorer tool (http://www.microsoft.com/technet/sysinternals)
    - VMMap
    - RAMMap
    - kd> !vm

Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)