Title: Inside Microsoft Windows 2000 7. Memory Management
1Inside Microsoft Windows 20007. Memory Management
- System Memory Pools
- Apr. 18, 2001
- DB Lab ???
2System memory pools(cont.)
- 2 types
- Non-paged poolRanges of system virtual address
that are guaranteed to reside in physical memory
at all times - Paged poolRegion of virtual memory in system
space that can be paged in and out of the system
3System memory pools
- 2 types of non-paged pools
- General use
- Emergency use
- Single-processor system
- 3 paged pools
- Multi-processor
- 5 paged pools
4Look-aside Lists (cont.)
- Basic difference between memory pools and
look-aside pools - Memory pool
- Variable sized blocks
- Flexible
- Look aside pool
- Fixed sized blocks
- Faster
5Look-aside Lists (cont.)
- Executive components and device driver can make
look-aside lists - Several executive subsystems create
- Separate look-aside lists for each processor
- A general per-processor paged and non-paged
look-aside list for small allocations
6Look-aside Lists
- Empty, or having freed structure?
- The system allocates from paged or non-paged pool
or allocation can be satisfied very quickly - Pool allocation routine tunes the of freed
buffers once per second - Increased if frequent
- Reduced if not frequent
7Driver Verifier
- Can be used to help find and isolate commonly
found bugs in device driver or other kernel-mode
system code. - Consists of support in several system components
8Driver Verifier Configuration and Initialization
- Driver settings are stored in the registry
- Contains a bitmask for verification types
enabling - 4 memory-related verification options
- Special Pool, Pool tracking, force IRQL Checking.
Low Resources simulation
9Special Pool
- Causes a kernel mode access violation
- Gets the finger pointer at the buggy driver
- Causes some additional validation checks to be
performed when a driver allocates or frees memory
10Pool Tracking (cont.)
- When enabled
- The pool allocation routines associate an
optional 4-letter tag with memory the driver
allocates - The memory manager checks at driver unload time
whether the driver freed all the memory
allocations it made.
11Pool Tracking
- Usage of monitoring driver memory
- To detect memory leaks
- To detect the errors caused by memory
de-allocation no longer required
12Force IRQL Checking
- One of the most common device driver bugs
- Occurs at elevated IRQL
- Memory manager cant service a page fault when
the IRQL is DPC/dispatch level or above - Difficult to test above bug
- Force IRQL checking option is helpful to identify
the faulty driver
13Low Resources simulation
- Causes Driver Verifier to randomly fail memory
allocations that verified device drivers perform - Low resources can be ignored?
- Beginning 7 minutes after system boots Driver
verifier starts randomly failing allocation calls
for device drivers
14Address Space Layout (cont.)
15Address Space Layout (cont.)
- Windows 2000
- 2G or 3GB private address space
- Windows 2000 Advanced Server, Windows 2000
Datacenter Server - 3GB private address space
- The AWE functions provide better solution to the
need for more data
16Address Space Layout (cont.)
- How can we use full 3GB address space?
- /LARGEADDRESSAWARE linker flag ?
IMAGE_FILE_LARGE_ADDRESS_AWARE flag set in the
image header - use /3GB switch when boot Windows 2000 Advanced
Server, Windows 2000 Datacenter Server - How about using /3GB on Windows 2000?
17Virtual Address Space in Consumer Windows
- A bit different from Windows 2000
- Application-wide 2-GB private address space
- System-wide 1-GB system space
- System-wide 1-GB shared memory sections
18System Address Space Layout (cont.)
19System Address Space Layout (cont.)
- System code
- O/S image, HAL, device drivers to boot system
- System mapped views
- Win32k.sys
- Session space
20System Address Space Layout (cont.)
- Hyperspace
- Process working set list and other physical pages
- System working set list
- System cache paged pool
- Pageable system memory heap
- System page table entries
21System Address Space Layout (cont.)
- Non-paged pool
- Non-pageable system memory heap
- Crash dump information
- HAL usage
22System Address Space Layout (cont.)
- Session space
- What is session?
- Session-specific paged pool area used by the
Win32k.sys - Win32 subsystem process(csrss.exe)
- Logon process(winlogon.exe)
- Session manager process(smss.exe)
23Address translation