Chapter 2: Windows Memory Architecture

 

1. partitions in the virtual address space

◆ NULL pointer assignment partition (from 0x00000000 ~ 0x0000ffff ). this partition is reserved to help programmers capture NULL pointer assignments. if the thread in the process tries to read and obtain the memory address written in the partition, it will cause access violations. (Note: When running code, we often encounter a situation where the pointer has not been allocated to the space to start pointing to the operation. in this way, if our program is in debug mode, the program will be down in one place. We can view its memory and find it: 0xcccccccccc. returns 0x00000000 ).

◆ Swap and DLL. In addition, the system will map all memory ing files accessible by the process to this partition ).

By default, when a 64-bit application is run, the system will keep the address space in user mode in address 0x000000008000000, this ensures that all memory is allocated from the lowest 2 GB in the 64-bit address space. (This is the space sandbox ).

We can use two functions to allocate and release regions: virtualalloc and virtualfree.

2. Upload file itself. This greatly improves the performance.

Memory ing file: When a file image (that is, an EXE file) of a program on the hard disk is used as the physical storage corresponding to the address space area, we call this file image a memory ing file.

3. Page protection Attribute Table

Protection attributes	Description
Page_noaccess	Attempts to read, write, or execute code on the page will cause access violations.
Page_readonly	Attempts to write or execute code on the page will cause access violations.
Page_readwrite	Attempting to execute code on the page will cause access violations
Page_execute	Attempts to read or write pages will cause access violations.
Page_execute_read	Attempting to write a page will cause access violation
Page_execute_readwrite	Performing any operations on the page will not cause access violations.
Pate_writecopy	Attempting to execute code on the page will result in access violation. Attempting to write code to the page will allow the system to create a private copy of the page for the process (using Page Swap files as the backup storage)
Page_execute_writecopy	Performing any operations on the page will not cause access violations. Attempting to write a page will allow the system to create a separate private copy of the page (using Page Swap files as the backup storage)

If Data Execution Protection (DEP) is enabled, the operating system uses page_execute _ * To protect attributes only for memory areas that actually require code execution. other protection attributes are used only for the memory area where data should be stored. (such as thread stack and Application Stack ). if the CPU executes code without page_execute _ * protection, an exception is thrown.

Sometimes, to improve efficiency, the system often needs to share two or more processes with the same memory. to avoid unnecessary errors, the system specifies the copy attribute during write on the shared storage page. when the system maps an EXE or DLL to an address space, it calculates the number of writeable pages. Then, the system allocates storage space from the page swap file to accommodate these writeable pages. if the middleware attempts to write a shared page, perform the following steps:

1). the system finds an idle page in the memory.

2). The system copies the page content to be modified by the thread to the idle page found in step 1. Note that the system will not modify the original page at this time.

3). Update the process page table.

In addition, page_writecopy or page_execute_writecopy cannot be used to protect attributes when the address is reserved or physical memory is transferred. This will cause virtualalloc to fail.

Other access attribute flags:

Page_nocache: Used to prohibit the caching of allocated pages. This flag exists mainly for driver developers who need to control the memory buffer, and is not recommended to others.

Page_writecombine: it is also used by driver developers. It allows multiple write operations on a single device to be combined to improve efficiency.

Page_guard: enables the application to be notified when any byte on the page is written.

4. data Alignment: the CPU execution efficiency is the highest only when alignment data is accessed. the data address is divided into the data size. If the result is 0, the data is aligned.

In x86 and AMD CPUs, the CPU is used to automatically execute necessary operations to access misplaced data. the IA-64 CPU can not be automatically processed, it is through the notification operating system, let it for processing. under normal circumstances, Windows will automatically convert the data misplacement error to an exception_datatype_misalignment exception. we can use seterrormode to enable the operating system to automatically correct data misplacement Errors for all threads in the process.

Uint seterrormode (uint fuerrormode );

Here we should set the sem_noalignmentfaultexcept flag. As long as this flag is set, the system will automatically correct access to the misplaced data. Once this flag is changed, it cannot be changed again within the process's lifecycle.

In the C/C ++ compiler of the IA-64 CPU version, when accessing data through a pointer with a _ unaligned modifier, the compiler will think that the data is not aligned, and generate additional CPU commands to access data. (Note that x86 does not support this keyword)