1 / 19

Windows Kernel Internals Advance Virtual Memory

Windows Kernel Internals Advance Virtual Memory. *David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation. PFN: Working Set Page. PFN: Free Page. PFN: Standby Page. PFN: Transition page. PFN Fields. PteAddress: VA of PTE referencing page

adamma
Download Presentation

Windows Kernel Internals Advance Virtual Memory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Kernel InternalsAdvance Virtual Memory *David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation © Microsoft Corporation

  2. PFN: Working Set Page © Microsoft Corporation

  3. PFN: Free Page © Microsoft Corporation

  4. PFN: Standby Page © Microsoft Corporation

  5. PFN: Transition page © Microsoft Corporation

  6. PFN Fields PteAddress: VA of PTE referencing page RefCount: count of WS or IO locks OriginalPte: PTE to restore on soft-fault PteFrame: PageFrame for PteAddress Flags: PageColor : 4 PageLocation : 3 RemovalRequested : 1 CacheAttribute : 2 Modified : 1 ReadInProgress : 1 WriteInProgress : 1 PrototypePte: 1 © Microsoft Corporation

  7. Page Table Entries • Some fields defined by hardware • Six PTE states: • Active/valid • Transition • Modified-no-write • Demand zero • Page file • Mapped file © Microsoft Corporation

  8. Valid x86 Hardware PTEs Reserved Global Dirty Accessed Cache disabled Write through Owner Write Cd O A D R Wt W Pageframe 1 G R R R 0 5 4 7 2 1 3 9 6 31 12 11 10 8 © Microsoft Corporation

  9. Transition Page file Prototype Page file offset Protection PFN 0 0 Transition 0 1 4 5 9 31 12 11 10 Transition Prototype HW ctrl Page file offset Protection 0 1 0 1 4 5 9 31 12 11 10 Cache disable Write through Owner Write x86 Invalid PTEs © Microsoft Corporation

  10. x86 Invalid PTEs Demand zero: Page file PTE with zero offset and PFN Unknown: PTE is completely zero or Page Table doesn’t exist yet. Examine VADs. Pointer to Prototype PTE pPte bits 7-27 pPte bits 0-6 0 0 1 4 5 7 8 9 31 12 11 10 © Microsoft Corporation

  11. MMPAGING_FILE • PFN_NUMBER Size, MaxSize, MinSize, FreeSpace, CurrUsage, PeekUsage, HighestPage • pFileObject • ModWriterMdlEntries[] • pPageFileName • pAllocationBitmap • Flags: • PageFileNumber, RefCount, BootPart © Microsoft Corporation

  12. MMSUPPORT // embedded in EPROCESS • WorkingSetExpEntry[2] • LastTrimTime • Flags • PageFaultCount, PeakWorkingSetSize, GrowthSinceLastEstimate • MinimumWorkingSetSize, MaximumWorkingSetSize • pVmWorkingSetList • WSLE_NUMBER Claim, NextEstimationSlot, NextAgingSlot, EstimatedAvailable, WorkingSetSize © Microsoft Corporation

  13. MMADDRESS_NODE • pParent, pLeft, pRight • StartingVpn, EndingVpn © Microsoft Corporation

  14. MMVAD • MMADDRESS_NODE AddressTreeNode • pControlArea • pFirstProtoPte • pLastContigPte • Flags: • CommitCharge, PhysMap, ImageMap, Awe, Prot, MemCommit, Private, LargePages, WriteWatch, NoChange, FileOffset64k, SecNoChange, ReadOnly, Extendable, Inherit, CopyOnWrite © Microsoft Corporation

  15. CONTROL_AREA • pSegment • DereferenceListEntry[2] • nSectRefs, nPfnRefs, nMapViews, nCacheViews, nUserRefs • nModWrites, nFlushesActive, • Flags • pFileObject • iPfnBase • Subsections[] © Microsoft Corporation

  16. SUBSECTION • pControlArea • Flags: • ReadOnly, ReadWrite, SubsectionStatic, GlobalMemory, Protection, StartingSector, SectorEndOffset • StartingSector • nFullSectors • pSubsectBasePtes • nUnusedPtes • nPtesInSubsection • pNextSubsection • nMappedViews © Microsoft Corporation

  17. SECTION • MMADDRESS_NODE AddressTreeNode • pSegment • Size • InitialPageProt • Flags: • BeingDeleted, BeingCreated, BeingPurged, NoModifiedWriting, FailAllIo, Image, Based, File, Networked, NoCache, PhysicalMemory, CopyOnWrite, Commit, FloppyMedia, WasPurged, UserReference, GlobalMemory, DeleteOnClose, FilePointerNull, DebugSymbolsLoaded, SetMappedFileIoComplete, CollidedFlush, NoChange, HadUserReference, ImageMappedInSystemSpace, UserWritable, Accessed, GlobalOnlyPerSession, Rom © Microsoft Corporation

  18. SEGMENT • pControlArea • nPtes • nWritableUserRefs • Size • PteTemplate • nCommittedPages • Flags • BasedAddress • PrototypePte • ProtoPtes[] © Microsoft Corporation

  19. Discussion © Microsoft Corporation

More Related