Windows Memory Management and structure memory_basic_information

From http://blog.csdn.net/yeming81/archive/2008/01/16/2046193.aspx Based on 32-bit windows 1. process address space The software processes run on 32-bit systems, and the addressing bit is also 32-bit. The space that can be expressed is 2 32 = 4G, ranging from 0x0000 0000 ~ 0 xFFFF FFFF. · NULL pointer partition range: 0x0000 0000 ~ 0x0000 FFFF: Protection of illegal memory access example: if the allocation fails for some reason when the memory is allocated, a null pointer 0x0000 0000 is returned; when the user continues to use data, such as data rewriting, the system will exit because of access violations. So why do we need such a large area? isn't an address value enough? I was wondering if it was because I didn't allow 8 or 16 bits. Program How about a 32-bit system ?! Because the null partition has a process space of 16. · Exclusive user partition range: 0x0001 0000 ~ 0x7ffe FFFF: A process can only read or access virtual addresses in this range. Any behavior beyond this range will cause a violation and exit. Example: Binary Program Code Most of the addresses used in will be in this range, and all the EXE and DLL files will be loaded to this. Each process has nearly 2 GB of space. NOTE: If/3G is set on boot. ini, the range of this region is increased from 2g to 3G: 0x0001 0000 ~ 0 xbffe FFFF. · Shared kernel partition range: 0x8000 0000 ~ 0 xFFFF FFFF: This space is used for operating system kernel code, device drivers, device I/O cache, non-page memory pool allocation, Process Table and page table. For example, the process of this address can be shared. NOTE: If/3G is set on boot. ini, the range of this region is reduced from 2g to 1G: 0xc000 0000 ~ 0 xFFFF FFFF. Through the above analysis, we can know that if the system has N processes, the required virtual space is: 2G * n + 2G (the kernel only needs 2 GB of shared space ). 2. ing between process address space and actual memory The address space is mapped to the actual physical page during running. · A region refers to a continuous address in the preceding address space. The area size must be an integer multiple of the granularity (64 K). If it is not, the system automatically processes it as an integer multiple. Different CPU granularities vary, most of which are 64 KB. The status of a region includes idle, Private, ing, and image. In your application, the space application process is called reservation. You can use virtualalloc. The space deletion process is release and virtualfree. After the address space is reserved in the program, you cannot access the data, because you have not paid yet, and there is no real Ram associated with it. At this time, the region status is private; by default, the region status is idle; when the EXE or DLL file is mapped into the process space, the region status changes to the image; when a data file is mapped to a process space, the region status changes to ing. · The maximum memory size supported by the physical memory Windows series varies from 2 GB to 64 GB. Theoretically, the 32-bit CPU can only support addressing 4G memory on the hardware, and the memory exceeding 4G can only be compensated by other technologies. By the way, Windows Personal Edition only supports a maximum of 2 GB of memory. Intel uses address windows extension (AWE) technology to make the addressing range 236 = 64 GB. Of course, the operating system must also work together. The minimum unit of memory allocation is 4 K or 8 K. Generally, the Unit varies depending on the CPU. You can see that the system function can be used to obtain the region granularity and page granularity. · A page file is a system file on a hard disk. Its size can be set in system properties. It is equivalent to physical memory, so it is called virtual memory. In fact, its size is the key to affecting the system speed, if the physical memory is not large. The size of each page is the same as the minimum unit for memory allocation, usually 4 K or 8 K. · The access attribute of a physical page refers to the specific operations performed on the page: readable, writable, and executable. The CPU generally does not support executable operations. It considers readable as executable. However, the operating system provides the executable permission. These six attributes are well understood. The first one is to reject all operations, and the last one is to accept and accept operations; the page_writecopypage_execute_writecopy attributes are very useful when running multiple instances of the same program; it allows programs to share code segments and data segments. Generally, multiple processes read-only or execute pages. If you want to write them, the page will be copied to the new page. These two attributes can be set when the EXE file is mapped. Page_nocachepage_writecombine is required for device driver development. When page_guard writes a byte to the page, the application receives a stack overflow notification, which is useful in thread stack. · During the ing process, the address of the process address space is a virtual address. That is to say, when commands are obtained, the virtual address must be converted to a physical address to access data. This operation is performed by the Page Object and page table. The page size is 4 kb. Each item (32 bits) stores the physical address of a page table. Each page table size is 4 kb, and each item (32 bits) stores the physical address of a physical page. There are a total of 1024 page tables. The 4 K + 4 K * 1 k = 4.4m space can represent the process's 1024*1024*(4 K per page) = 4G address space. The top 10 digits are used to locate one of the 1024 page items. After the physical address of the page table is retrieved, the value of the page table item is obtained using the middle 10 digits. Based on the address worth accessing the physical page, because a page has 4 K size, we can get the unit address with 12 low bits so that we can access this memory unit. Each process has its own page view and page table. How does the initial process find the physical page where the page view is located? The answer is that the CPU's Cr 3 register will save the physical address of the current process page. When a process is created, both the page view and page table need to be created, which requires a total of 4.4 MB. In the process space, 0xc030 0000 ~ 0xc030 0fff is used to save 4 K space for the page. 0xc000 0000 ~ 0xc03f FFFF is the 4 m space used to save the page table. That is to say, you can access these addresses in the program to read the specific values of the Page Object and page table (in kernel mode ). What I don't understand is that the page table space contains the page destination space! As for whether the page view and page table are stored in physical memory or page files, I think the page view is common and should be more likely in physical memory, when the page table needs to be imported from the page file to the physical memory. The page item and page table item are a 32-bit value. When the 0th-bit value of the page item is 1, the page table is already in the physical memory. When the 0th-bit value of the page table item is 1, indicates that the accessed data is already in the memory. There are also many indicators such as whether the data has been changed and whether the data can be read and written. In addition, when the 7th-bit value of the page item is 1, it indicates that this is a 4 m page. This value is already the physical page address, and the 22-bit lower of the virtual address is used as the offset. There are also many other indicators: whether the data has been changed, whether it can be read and written, and so on. 3. Structure: memory_basic_information Typedef struct _ memory_basic_information {
Pvoid baseaddress; // query the base address of the first page occupied by the memory block
Pvoid allocationbase; // The base address of the first region occupied by the memory block, which is less than or equal to baseaddress,
// That is to say, baseaddress must be included in the range allocated by allocationbase.
DWORD allocationprotect; // The protection attribute assigned when the region is reserved for the first time
Size_t regionsize; // the size of the page with the same attributes starting from baseaddress,
DWORD state; // page state. Three possible values are mem_commit, mem_free, and mem_reserve,
// This parameter is the most important for us. We can see the status of the specified memory page.
DWORD protect; // page attribute, which may have the same value as allocationprotect
DWORD type; // The type of the memory block. Three possible values are mem_image, mem_mapped, and mem_private.
} Memory_basic_information, * pmemory_basic_information;From: http://pengwenjia.spaces.live.com/blog/cns! 32e37cae7606b8d4! 203. Entry