Windows XP & Vista Memory Management

Sources:•http://www.microsoft.com/whdc/driver/kernel/XP_kernel.mspx#ECLAC•http://www.et.byu.edu/groups/it344/Class%20Notes/CaseStudies/LinuxWinRefs/Chapter%2021_WinXP.pdf

ObjectiveBecome familiar with Window’s methods of implementing memory management and handling memory space

Windows XP – Basics

Windows XP uses a virtual memory manager (VMM)

VMM creates 4GB contiguous memory space that spans both main memory and disk memory

Memory space on disk is called a pagefile

Windows XP Memory Organization

Each process given unique 4GB virtual address space 2GB for process 2GB for kernel-mode components

Each process has a page directory table Each process’ page directory table is stored in a

universal page directory register A page directory table is full of page directory entries

(PDE), each of which points to a page table A page table consists of page table entries (PTE), which

point to a page frame in main memory or on disk

Windows XP Virtual Address Translation

For faster access times, Windows also implements a Translation Look-aside Buffer (a buffer that holds a limited amount of entries but translates directly from a virtual address to a physical one)

Structure of a PTE in Windows XP

5-bit Protection bits 20-bits for offset in page file 4-bits for specifying if the page is on disk and wh

ich pagefile it is located in 3-bits to indicate the state of a page that is in me

mory: Valid Modified Transition – in the process of being written to disk

Protection in Page Table in Windows XP 5-bits (called protection bits) on each PTE

hold security information1-bit for read privileges1-bit for write privileges1-bit for execute privileges1-bit for copy-on-write1-bit for specifying whether the system should

throw an exception upon access of that PTE

Windows XP’s Logical Prefetcher

Windows keeps traces of memory accesses by certain applications, including Windows itself, and stores that information in scenario files

Windows also keeps track of which applications are needed most commonly at start-up

When Windows XP is starting up and initializing devices, it makes one asynchronous request via the prefetcher for the pages needed by the applications to be loaded

Windows XP’s Logical Prefetcher

Fetches by the location of the pages on disk

What is a potential problem with this method?Pages can get scattered over the disk

To overcome this problem, Prefetcher uses system idle time to optimize the layout of the pages and move the pages to the appropriate location on disk

Windows XP’s Prefetcher – Pros and Cons Pros

Reduces window’s boot time Reduces required disk access time by loading

multiple pages for application at once Drawback

more disk space is used to store application memory-access traces

However… most users prefer faster application loads as opposed to

more disk-space

Windows XP’s Prefetcher’s Parameters

Prefetcher’s default settings can be found and modified in the Windows Registry at the location shown below.

EnablePrefetcher (DWORD)0x00000001= application launch prefetching0x00000002= boot prefetching0x00000003= both

Windows Vista Memory Management Overview

Superfetch

An improvement upon the Windows XP Prefetch feature

One improvement comes in the way of security: when blocks of memory are loaded in main memory, they are written to a random location. This is known as Address Space Layout Randomization or ASLR

This keeps malicious software from knowing the starting address for a given application, thus preventing remote execution attacks

Superfetch vs Prefetch

Prefetchonly loads pages for application upon launch

SuperfetchTries to always keep the pages for the most-

used applications in main memory

Readyboost

Process of using USB flash drives or CF and SD memory cards to increase main memory

Basic concept being that USB flash drives can be accessed faster than disk drives