About memory management
32-bit Windows systems, each process has 4GB (Gigabytes) size virtual memory space can be addressed (because 32-bit pointers can use any value from 0x00000000 - 0xFfffffffff), while 64-bit Windows systems, each The process has 8TB (terabytes) size virtual memory spaces (because 64-bit pointers can use any of the 0x0000000000000000 - 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFff All threads in a process can access virtual address spaces belonging to this process, but the thread does not allow access to virtual address spaces that belong to other processes, which prevents process virtual address spaces from being damaged by other processes.
Virtual Address Space
The virtual address space used by the process is not the actual physical location of the object. The operating system retains a page image for each process. The page image is the operating system to convert the virtual address space to the internal data structure of the actual physical address space. Each time a thread uses an address, the operating system automatically converts the virtual address into the corresponding actual physical address.
The virtual address space is divided into several parts:
The low 2GB virtual address space (0x00000000 --- 0x7fffffff) is available in the process.
Memory high 2GB virtual address space (0x80000000 --- 0xffffffff) is reserved for use.
Note: Windows Server 2003 Enterprise Edition, Windows 2000 Advanced Server, Windows NT 4.0 SP3 Server Enterprise Edition's low 3GB virtual address space (0x00000000 --- 0xBffFFFFF) is available free to use, and the memory high 1GB virtual address space ( 0xC0000000 --- 0xfffffffffFFFFF is reserved as a system.
The virtual memory space for Windows ME / 98/95 is divided below
0K - 64K (0xffff) is not writable, this range is used when the system is loaded. It is the process private. 64K (0x10000) - 4MB (0x3FFFF) is reserved for MS-DOS compatibility. This memory space can be readable by the process. The address space of this range contains some MS-DOS relationships and code, so the process should not read and write this area at will. It is the process private. 4MB (0x400000) - 2GB (0x7fffffff) can be used by the user. This user data can be read and written, but the code can only run in this segment cannot be written. It is the process private. 2GB (0x80000000) - 3GB (0xBFFFFFF) shared area can be read and written by all processes. Many system DLLs and other system data are stored in this area. 3GB (0xc0000000) - 4GB (0xffffffFFF) system memory, can be read or written by any process, but this area is some system code resident, so writing to the area may undermine the operating system, which triggers some potential disaster consequences. .
Virtual Address Space and Physical Address Space
Virtual address space is much larger than the actual physical space, can be used by all processes. In order to increase the size of the physical storage, the system uses a hard disk as a storage space outside. All running processes can be used by all the actual physical memory and free space utilized by page files (paging file) on the hard disk. Disk files are often used to increase the total number of physical storage spaces. The physical storage space of the process and virtual memory address space uses Memory Units - Page (Pages). The size of the page is related to the host. For example, on the X86 computer, the host page size is 4KB. In order to make the management memory has the greatest flexibility, the system can move between the physical memory page (Pages) and disk files. When a page (PAGE) is moved to physical memory, the operating system updates the page maps file of the affected process. When the system requires physical memory space, it may have no enough space that may have physical memory space, and the system will move the product to the page file (PAGING). The process of operating the physical memory of the operating system is completely transparent to the application.
Virtual address and physical address address conversion diagram
Pages
Free (free): This page is not submitted nor reserved, not subject to any process. This page can be used to commit, reserve, or simultaneously submit and reserved. The result of trying to read or write an idle (free) is triggering an illegal abnormality
Reserved: This page is reserved to future use, and the address of this range cannot be used to assign. This page does not contact any physical storage space, and can be used to submit
Submitted: Physical storage space can be assigned to the page, control access by the memory management option. When you try to read a page for the first time, the operating system initializes the submission page and loads the physical memory. When the process ends, the system releases the storage space for the submission page.
Memory protection status
The memory of a process is implied by its virtual address space. In addition, Windows provides hardware measures for virtual memory protection by changing processor status. For example: The code page of the process address space is marked as a read-only state via the user mode thread, thereby preventing modification.
The memory protection options provided by Windows are listed below. When you assign or protect a memory page, you must explicitly indicate its corresponding protection options.
Page_execute: Allows to run in the submitted page area. If you try to read and write the submitted area, an access violation will be triggered.
Page_execute_read: Allows to run and read in the submitted page area. If you try to write to the submission area, an access violation will be triggered.
Page_execute_readwrite: Allows to run, read, and write in the submitted page area.
Page_execute_writecopy: Allows to run, read, write in the submitted page area. This page is shared by Read-on-Write and Copy-On-Write.
Page_noAccess: Does not allow any operations to be submitted. If you try to read, write or run the submission page, an access violation exception is triggered, and the usual protection fault is called.
Page_readonly: Allows read operations in the submitted page area, and if you try to write in this area, an access violation will be triggered. If the system distinguishes only read-only access and execution access, try running the code in the area, which will also generate an access violation.
Page_Readwrite: Allows read and write operations to be submitted.
Page_WriteCopy: A copy-ON-WRITE protected for the page of the submit area. Note: This flag is not supported by Windows ME / 98/95. Page_guard: The page in this area becomes a protective page (Guard Pages). Any attempt to access a protective page will cause the system to evoke the state of status_guard_page and turn off the protection page status. When an access attempt causes the system to turn off the protection page status, the following page protection will take over. If a protective page exception occurs during system service, the system usually returns a fault status flag. This option cannot be used simultaneously with Page_noAccess. Note: Windows Me / 98/95 does not support this logo. This process can be done by Page_noAccess.
Page_nocache: The submitted area page is not allowed to use CPU Cache. The hardware attributes of physical memory should be indicated as "no cache", but usually do not recommend so use. So if the two requests will be written to the same memory address, only the last write will happen.
Page_WriteCombine: Allows memory access to write operations. If the write request of the processor Cache memory is allowed to be optimized. So if the two requests are written to the same memory address, only the last write operation will occur. Note: page_guard and page_nocache flags are not specified simultaneously with Page_WriteCombine. If you try to do this, the function returns the system_invalid_page_protecion NT error code.
Copy-On-Write Protection
Copy-On-Write Protection is to allow multiple processes to map their virtual address space optimization. They share a physical page until a certain process modifies the page. Copy-On-Write is part of the Lazy Evaluation technology that allows the system to save physical memory sharing until a process modifies the mapping page.
For example: assuming that two processes are loaded from the same DLL to their virtual memory space. These virtual memory pages are mapped to the same powerless page. As long as the process does not write to these pages, the page will be mapped and shared with the same physical page.
Figure:
If the process 1 is written to one of these pages, the content of this physical page is copied to another physical page, and the virtual memory mapping of the process 1 is also updated. Now two processes have their own page instances in physical memory space. Therefore, a process is not possible to write to shared memory.
As shown below:
Virtual memory function
Virtual memory allocation Virtualalloc
This function retains or submits a page area in the calling process virtual memory space. The memory allocation back is automatically initialized to zero unless the MEM_RESET flag is specified.
Function protest:
LPVOID VIRTUALLOC
LPVOID LPADDRESS,
SIZE_T SWSIZE,
DWORD FLAlocationType,
DWORD FLPROTECT
);
parameter:
LPAddress
The start address of the distribution area. If the memory is preserved, this specified address is rounded 64K. That is to say, if you assign the memory address within 64K, then the system is automatically rounded with an integer multiple of 64K. If the memory is ready to be retained and submitted, the address is rounded as a page size (4K in 0x86 next page). Determine the page size of the host to call the getSystemInfo function. If lpaddress is NULL, it is determined by the system to determine the assigned area.
DWSIZE
The size of the area (unit byte). If the LPAddress parameter is null, this value is rounded as the boundary range of the next page. In addition, the allocation page includes all pages, namely one or more bytes from lPaddress to (LPADDRESS DWSIZE). For example: allocating a page across a page boundary range, causing the page and the rounded page of two pages in the allocation area. FLallocationType
Memory allocation type. This parameter must contain one of the following parameter values.
MEM_COMMIT: Allocated physical storage spaces in a page file of the memory or disk according to the specified memory page area. This function initializes memory as zero.
Try to submit a memory page that is ready to be submitted.
If the value of LPADDRESS is null, specifying MEM_COMMIT without specifying MEM_RESERVE to cause function to keep and submit memory pages. If the value of LPAddress is not null, specify MEM_COMMIT without specifying MEM_RESERVE, and when the virtual memory space is not retained, the function call will fail.
MEM_RESERVE: Keep the virtual address spatial range of the process, but does not assign any actual physical storage space in the page file of the memory or disk.
You can submit the reserved memory page after the VirtualAlalloc function is called.
MEM_RESET: Specifies that the data specified by lpaddress and dwsize within the memory is no longer useful. This page should not be read or written to page files. But the memory block may be used later, so it should not be used by DECOMMITTED. This value cannot be mixed with other markers, neither use OR operation to use it with other flag values.
Using this value cannot guarantee the operating range to empty, if you want to empty it, you can decommit memory and then submit it from the new.
When you specify the MEM_RESET, the Virtualalloc function ignores the FProtect. But you have to set an effective protection value, like page_noaccess.
If you use MEM_RESET and the memory range is mapped to a file, then VirtualAlalloc returns an error. Recommendation: This flag is used when mapping to a page file.
Note: This flag is not supported by Windows ME / 98/95.
MEM_LARGE_PAGES: Use large pages support to allocate memory. This size must be a larger page multiple. This value can be obtained via the getLargePageMinimum function.
MEM_PHYSICAL: Assign physical memory for read and write access. This value is separately used for AWE memory (Address Windowing Extensions).
This value must be used with MEM_RESERVE and cannot be used with other values with OR operation.
MEM_TOP_DOWN: Allocated in the highest address space.
Note: This flag is not supported by Windows ME / 98/95.
MEM_WRITE_WATCH: The page that causes the system tracking to be written to allocation space. If you specify this value, you must also specify MEM_RESERVE.
When the area is allocated or written tracking status, you want to get a getWritEwatch function that has been written. Resetting the write tracking status can call the getWriteWatch or the RESETWRITEWATCH function.
Flprotect
Memory protection assigned to the page area. If the page is submitted, you can use the OR operation along with Page_Guard or Page_nocache together to specify any memory protection options.
If the function call is successful, return the base address of the assigned page area. If the function call fails returns a NULL value. You can get additional error messages via getLastError.
The VirtualAlaLoc function cannot keep a page that has been retained, but it can submit a page ready to be submitted. That is to say, a page range can be submitted, regardless of whether it is ready to be submitted, and the function can always be successfully executed. You can keep a page block using the VitualAlloc function, then additionally submit the page separately from the reserved block. This allows the process to keep one area of its own virtual memory space until you do need to use an actual physical memory space.
The VirtualFree function can decommit a submitted page, release a page storage space or simultaneous DECOMMIT and release a submitted page. You can also release a retained page to turn it into an idle page.
If the LPAddress parameter is not empty, this function uses the LPAddress and DWSIZE parameters to calculate the size of the assigned page area. The full state of the page area must be compatible with the FLallocationType parameter specified when assignment.
Virtual Memory Release Function Virtualfress
This function is used to release, DECOMMITS, or release and Decommits a page area of the assigned virtual address space.
Function protest:
Bool VirtualFree
LPVOID LPADDRESS,
SIZE_T DWSIZE,
DWORD DWFREETYPE
);
parameter:
LPADDRESS: The base address of the page area that will be released.
If the dwfreetype parameter is MEM_RELEASE, this parameter must be the base address returned when the VirtualAlalloc function returns the page area.
DWSIZE: The released memory area is the unit is byte (Byte).
If the dwfreetype parameter is MEM_RELEASE, this parameter must be zero. This function will release all areas whose VitRualAlloc functions are reserved.
If the dwfreetype parameter is the MEM_DECOMMIT this function DECOMMITS all memory pages. Includes memory pages from lPaddress to LPADDress DWSIZE. If lpaddress is the base address returned by the VirtualAlloc function, and DWSIZE is zero, this function decommits all the area allocated by the VirtualAlloc. All regions are then set to reserved.
DWFreetype: Memory release operation type.
MEM_DECOMMIT: Do not submit those page areas that have been submitted. After this operation, the page becomes a reserved state.
If you try not to submit a page that is not submitted, this function will not return to fail. That is, you can submit a page area regardless of whether or not submitted status has been set.
Note: Do not use with the MEM_RELEASE flag.
MEM_RELEASE: Release the specified page area. These pages become idle after this operation.
If you specify this flag, you must set DWSIZE to 0, and LPAddress must point to the base address returned when the VirtualAlloc function is called.
If any page in the area is submitted, this function first decommits and then releases them.
From different states to release the page, this function does not call failed.
Note: Do not use with MEM_DECOMMIT.
If this function is successful, the return value is not 0, if the failure returns 0, but you can get more error messages by calling the getLastError function.
The VirtualFree function can decommit different states of different states. If a page is defrommit but not released, the status flag will be converted to the reserved state. You can then call Virtualalloc to submit again, or release it. . If you try to read a reserved page, you will trigger an access violation. Also this function can also release the page area of different states.
Note that in memory is released or
Decommit
