Windbg Check memory consumption

Memory Type :

That is, the type value, a total of four kinds: the first is nothing, that is not yet used;

The second is Mem_image, where the address is mapped to a fragment of an executable image file, such as a DLL file;

The third is Mem_ MAPPED, where the address is mapped to a fragment of a non-executable image file, such as a page file;

The fourth type is mem_private, that is, private memory, where the private is for the process, private memory can not be shared among multiple processes;

Protection Mode : That is protect value, the above example has seen two protection modes,

NoAccess and ReadWrite. It is literally easy to understand the meaning that the former cannot be accessed because free memory is invalid memory, while the latter is readable and writable, but cannot be executed, indicating where the data is stored. All available protections include: page_noaccess (inaccessible), page_readonly (read-only), Page_readwrite (read-write), Page_execute (executable), Page_execute_read (execute and readable), Page_execute_readwrite (Execute and read/write), page_writecopy (copy on Write), Page_execute_writecopy (execute, and copy on Write), Page_guard (protection)

Memory Usage : The usage value, which has some values and uses. Regionusageisvad: Indicates that this address area has been assigned; Regionusagefree: This address area has been released, neither reserved nor submitted, and can be applied in the future;

• Regionusageimage: Represents the image of this address area that is mapped to a binary file; region Usagestack: Represents this address area for line stacks; Regionusageteb: Represents the TEB structure of all threads that this address area uses to hold the target process;
• Regionusageheap: Represents this address area for heap memory; Regionusage Pdb: Represents this address area to hold the PEB structure of the target process ; Regionusageprocessparameters: Represents this memory block for saving the startup parameters of the target process;
• Regionusageenviromentblock: Represents the environment block for this address area to hold the target process

In the user environment, you can use the following command to display memory statistics, including memory usage, memory type, memory status!address-summary

• !vprot [ address ]
• !vadump [-v]

The command!vprot displays information about the specified memory block, focusing on memory-protected information, the command!vadump displaying the entire memory space information, and the dump, which opens the-V option to display detailed (Verbose) information.

As mentioned above, the user environment uses "!address–summary" to display the memory statistics of the user space; now look at two kernel commands to display the memory statistics in a kernel environment:

• !memusage

This command displays memory statistics from the physical memory angle. Countless page table information will be printed out, which can be said to be "the most memory" information. This command looks at all the page frames, so the runtime can be very time-consuming.

• !vm

This command displays memory statistics from the point of view of virtual memory, not only the use of virtual memory from a global perspective, but also the ability to display memory usage in process units.

Windbg Check memory consumption