Free tools for solving Windows Memory problems

To solve Windows Memory problems, you must have a deep understanding of the operating system and have a working knowledge of how to use the Windows debugger or performance monitor. If you are trying to get details such as the kernel stack size or hard disk memory consumption, you will need complex experience related to the debugger commands and kernel data architecture. Faced with the process address space to determine the private and shared memory utilization or total stack size, even the most experienced administrators will feel quite challenging.

Don't be afraid. RamMap and VMMap are easy to solve memory problems. You can download these free tools from the Sysinternals website. Both tools are written by Mark Russinovich and Bryce Cognos.

RamMap

RamMap is used to display the system and process memory status and utilization. It provides an overview bar named "use count", which lists all kinds of system memory partitions, such as paging pool and non-Paging pool, private process, shareable, hard disk space, Kernel stack, and ing file. It also displays the number of cache file memory space called Metafile.

All these partitions are further classified into different types of physical memory consumption, such as active, standby, modified, transformed, adjusted, free, or bad. Each of these columns can be classified by clicking the column header. All these terms are explained in Russinovich's book Windows internal book. As shown in 1, data is displayed neatly in the graphic list view.

Figure 1: count data in RamMap

RamMap also displays the internal utilization of processes in the process bar. Here you can see all listed processes and their corresponding private memory utilization. Data also includes all the process memory that occupies the backup or modification page list, and the amount of memory used for page table items.

Figure 2: RamMap process bar

Another use of RamMap is to display the actual amount of physical memory, one page by one to identify the memory list, use, file name, process, virtual address and pool tags and other attributes. Each column can be classified, and a filtering function can be used to selectively analyze data.

Figure 3: RamMap physical page

Finally, RamMap does a good job in displaying cached file activity and data. You can use the "file summary" and "file details" columns to view the System File Cache to determine the file path, the size occupied by the file, whether the corresponding memory is active, standby, or modified..

Figure 4: RamMap file summary bar

VMMap

So far, we have understood how RamMap displays system and process memory usage. If the memory problem you want to solve seems to be related to a specific process or application, you may need to take a closer look by using VMMap. VMMap is a process-oriented tool that allows you to view existing processes or track new processes and view their memory usage. The information provided by VMMap is far more detailed than RamMap.

When VMMap is started, it prompts you to select the current process you want to review or start a new process. If you start a new process, you will be able to track memory utilization, such as heap and virtual allocation. In Figure 5 below, I select the communicator.exe process.

Figure 5: VMMap display

Once the VMMap main window is displayed, you can see the screen is divided into several parts. The top part is a graphical Summary of the process memory consumption. It is divided into commit space, private bytes, and working sets. In the middle of the screen, memory utilization is classified based on usage, such as private data, shared data, images, ing files, and heap size. Finally, the bottom of the screen shows the page type corresponding to each virtual address, the size and quantity of working sets used, page protection, details of all blocks and partitions. Color tags allow you to quickly see how much memory is consumed for a specific type.

VMMap provides two additional views about the process address space, including a "string" view and a "split" view. The string view allows you to search for all readable strings in the address space. The split view displays the virtual address space of a process in a highlighted color. Therefore, you can see multiple distributions, their sizes, and their continuity.