Windows Memory Management

Source: Internet
Author: User

<< This is not original, is the old article, Pankaj Garg write, look after translated a bit, the original can be found in http://www.intellectualheaven.com/. >>

1 Introduction
The Windows 32-bit x86 operating system can access up to 4GB of physical memory. This is because the address bus for the processor is 32 (we often say 32 bits) and the range of storage units that can be accessed is from 0x00000000 to 0xFFFFFFFF, or 4GB. Windows also allows each process to have its own 4GB logical address space. In the 4G logical address space, only the low 2GB (which can be manipulated under User mode) is available to the user, and the high 2GB is occupied by Windows Core mode (kernel mode).
Some people may ask, my machine does not have a few g of memory, a process can be controlled 4GB, those processes do not fight up ...
Good question, in order to achieve this function, Windows uses a function of the x86 processor (386 and its subsequent processors) called paging paging.
The paging mechanism introduces the concept of logical address, which allows software, or processes, to use logical addresses instead of physical addresses. The paging unit of the processor can transparently translate the logical address into a physical address. Based on this mechanism, Windows implements the dream of having 4GB logical space for each process.
To learn more, let's start by looking at how the x86 paging mechanism works.

2 paging mechanism for x86 processors
The x86 divides the physical address space (or physical memory) into small chunks of 4KB, called Memory pages page.
In this case, 4GB of memory will have 1Mega (1024x1024) 4KB pages. The processor uses a two-level index structure to manage this 1Mega memory page. You can imagine a two-dimensional matrix of 1024x1024.
One dimension is called the page directory, and the second dimension is called Page table.
First we create a page catalog containing 1024 items of entry, each pointing to a page table, so that we have 1024 page tables.
Each page table also has 1024 items of entry, each pointing to a 4KB page. As shown in the following:

The entry for each page Directory page Directory Entry (PDE) is actually a 4byte pointer to a page table. Similarly, each page table entry page, Entry (PTE), is also a 4byte pointer to the physical memory address of 4KB.
So we need 4MB to construct this two-level index structure to manage 1024PDE, each PDE contains 1024PTE, which is 4 x 1024x768 x bytes.

In summary, the entire memory space is divided into 4KB pages. So when a PDE or PTE is used, its high 20 bits point to a 4KB memory page, and the low 12 bits are used to represent page protection information and other internal information (some of the OS's functions are used). The actual physical memory represented by the high 20-bit is called the page number, which is referred to as PFN.

3 Windows Page Table management
In a Windows system, each process has its own page directory and page table, that is, Windows allocates 4MB of space for each process to maintain the table.
When a process is created, each item of the page catalog PD points to the physical address of the page table Pt.
Each item in a page table pt can be valid or invalid, and a valid PTE points to a 4KB page of physical memory that is assigned to the process.
Invalid PTEs are set to a special bit to indicate that they are invalid, and we call them invalid PTEs.
These PTEs are set to allocate physical memory pages when the process requires memory.
One thing to emphasize here is that, for a process, it does not know any details of physical memory, it only uses logical addresses. As for how to map logical addresses to physical addresses, this is done by Windows memory management and processors.

The physical memory of the page catalog PD is referred to as the page directory base address of the pages directory base addresses (abbreviation PDBA). The basic address of this page directory is saved in a special CPU register CR3 (in x86). When the context switches, Windows resets the value of CR3 and points it to the pdba of the current process. In this way, each process can get its own 4GB of physical memory space. Of course, at the same time, the total memory allocation for all processes in the system cannot exceed the size of ram+pagefile, but the above mechanism allows Windows to give each process its own independent 4GB logical (or virtual) address space. We call this virtual address space because even though the process has an entire usable 4GB address space, it can only use the memory that is configured for it. When a process attempts to access a memory address that is not configured, the system gives an illegal access error because the corresponding PTE points to an invalid value.
Additionally, the memory size required by the process cannot exceed the size of the current system's configurable memory.

There are many advantages to separating logical memory from physical memory, and a process can have 4GB of linear space, so programmers don't have to worry about memory fragmentation issues like the DOS era. It also allows Windows to run multiple processes using physical memory on the same machine with each other without worrying about the a process accessing the address space of the B process (unless a, B process uses some shared memory). Therefore, one process cannot read and write memory from another process.

The conversion of the logical address to the physical address is done by the processor. A 32-bit logical address is divided into 3 parts as shown.

The processor first finds the physical address of the page directory based on CR3, then the first 10 bits of the logical address to index the corresponding PDE, and then 10 bits to index the PTE of the page table, thus obtaining the 4KB physical memory page that Pte points to. The low 12 bits of the logical address are used to point to the specific location in the memory page, which is equivalent to an offset within the page.

4 Memory protection
Windows provides memory protection for all processes, such as a process that cannot access memory for other processes. This ensures that there are several processes in the system that are friendly to coexist. So how does windows do it:
Only the physical memory address assigned to this process is stored in the PTE of each process. This ensures that the process cannot access memory that is not part of its own.
Rogue Process (written in the original is a rouge process,rouge is rouge, lipstick meaning, really can't think of, estimate may be a rogue process) may try to modify its page table to access the physical memory of other processes. To prevent this rogue behavior, Windows stores the page table in a nuclear mindset, that is, high-level 2GB memory space. Since then, a user program cannot access or modify the page table. Of course, a kernel-state driver can do this "rogue" behavior, because once a program runs in a nuclear mindset, it is equivalent to having the entire system's permissions. This is explained in detail in the next section.

5 Windows logical Memory layout
Windows sets the logical address space low to 2GB (or 3GB, by setting the boot. INI can be reached) to the user state, high-level 2GB (or 1GB) to the Windows kernel mentality. In the nuclear mindset, Windows retains space from 0xc0000000 to 0XC03FFFFF for page tables and page catalogs. The page table for each process is at the logical address of the 0xc0000000, and the page directory is at the logical address of the 0xc0300000. The layout of the logical memory is as follows:

You can use the Windows Kernel Mindset debugger KD or WinDbg to confirm this (refer to!pte and!vtop debug commands). The physical address of the page directory is stored in CR3.1024 addresses starting from 0xc0300000 represent the PDE. Each PDE occupies a 4-byte address pointer that points to a page table. Each page table has 1024 items, each of which holds a 4-byte physical address pointing to the 4KB physical memory page or an identifier for an invalid entry.

So why does Windows use the logical addresses of 0xc0000000 and 0xc0300000 to store page tables and page catalogs?
Windows wants to put the page table and the page directory in the kernel mentality, not 0x80000000 (2GB high-level adjacent address) on the line.
。。。 Yes, but the user program requires more memory to implement its own large program ... So the 3GB mode is on! cool!
Users can edit a special profile boot. ini to turn on the 3GB setting so that Windows allows a user-state program to control low-level 3GB memory. The 0xc0000000 is a high-level adjacent address of 3GB. So I guess this is the basis for Page table and page directory location. For reference only, see the Windows documentation for details ... Of course, there are other important factors that determine the layout of the page table and the page directory in memory. In order to see more clearly, I forged a process and drew a page table, highlighting some page table items. Note that the size of each item is 4 bytes. P_PT represents the physical address of the page table.

The PDB represents the page directory base address of the process. It indicates that the process 0xc0300000 the physical address corresponding to the logical address. This value is stored in the CR3. Note that Windows can only use logical addresses to access any memory, including page catalogs, so to access page tables and page catalogs, you must maintain some return-returning messages such as PDB in the page catalog. The physical address entries shown in the previous page table are different for each process, but each process has its own PDB entry in the page directory 0x300.

Below we try to translate 4 different logical addresses into physical addresses to understand the importance of PDB entries and how page table layout and address translation work.
The address we are going to convert is: 0x2034ac54,0xc0000000,0xc0300000,0xc0300000[0x300] that is 0xc030c00.
The first address is the logical address of the normal user-state process, the second address is the first logical address of the first page table in the logical address space, the third address is the logical address of the page directory base site, and the fourth address is the logical address of a special item.
Assume that CR3 points to a physical address of 0x13453## #的内存. As mentioned earlier, the low 12 bits are used to hold the page protection information and other data required by the OS, which is not related to our current topic, so we will block it to # # #. A high 20-bit representation of the page number PFN is the physical address of the 4KB alignment page. PFN corresponds to the real physical address is 0x13453000. Let's do the following address translation:
1.0x2034ac54
We divide the 0x2034ac54 into three sections 0010000000 1101001010 110001010100
High 10-bit 0010000000 is the index of the page directory. Turn 16 into a 0x080.
From CR3 the physical address of the directory is also 0x13453000, the logical address is 0xc0300000.
Therefore 0xc0300000[0x080] can get the physical address of the page table p_pt. From the page table above you can tell that its logical address is 0xc00001000 (physical address is 0x45045000). Now let's look at the next 10-bit 1101001010 (that is, 0x34a) as the index of the page table.
Address 0xc00001000[0x34a] can get the physical address of the 4KB page, from the above table can be obtained as 0x34005000.
The last 12 bits of 110001010100 (that is, 0xc54) are offsets relative to the starting position of the 4KB page memory. So the final physical address is 0x34005c54.
The remaining 3 are given to the reader. Once you're done, you can see why the PDB has a 0x300 position.

I am also a reader, make a bar.
2.0xC0000000
Likewise we divide the 0xc0000000 into three parts 1100000000 0000000000 0000000000
High 10-bit 1100000000 is the index of the page directory. Turn 16 into a 0x300.
From CR3 the physical address of the directory is also 0x13453000, the logical address is 0xc0300000.
Therefore 0xc0300000[0x300] can get the physical address of the page table p_pt. From the page table above you can know that its logical address is the address of the PDB 0xc03000000 (physical address is 0x13453000), but also in the page directory, and then check 0xc0300000[0x000] The value of the item, is 0xc0000000 (physical address is 0x6a078000 )。 Now let's look at the next 10-bit 0000000000 (that is, 0x000) as the index of the page table.
Address 0xc00000000[0x000] can get the physical address of the 4KB page, from the above table can be obtained as 0x10480000.
A circle, the conclusion is that the value in the page table will be stored in the corresponding 4KB page of the physical address.
&LT;&LT;2009-10-10 Finish >>

Http://www.cnblogs.com/Kratos/archive/2009/09/09/1563624.html

Windows Memory Management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.