本文爲原創翻譯,採用中英對照,譯註是自行添加的說明,內容會持續更新,翻譯速度大約是一天1~2頁原文,本文僅翻譯下冊第10章,上冊的所有章節已經有中文版實體書和PDF版,可以搜索相關信息;個人所學有限,譯文的錯誤之處還請提出指正,不勝感激。
第一部分譯文預計翻譯的內容如下:
CHAPTER 10
Memory Management
In this chapter, you’ll learn how Windows implements virtual memory and how it manages the subset of virtual memory kept in physical memory. We’ll also describe the internal structure and components that make up the memory manager, including key data structures and algorithms. Before
examining these mechanisms, we’ll review the basic services provided by the memory manager and key concepts such as reserved memory versus committed memory and shared memory.
第10章:內存管理
在本章中,你將學習windows如何實現虛擬內存,以及如何管理駐留在物理內存中的虛擬內存子集。我們也會描述組成“windows內存管理器”的內部結構和組件,包括關鍵數據結構和算法。
在考察這些機制之前,我們先回顧一下內存管理器提供的基礎服務,以及諸如 reserved memory , committed memory ,shared memory 這些重要概念。
Introduction to the Memory Manager
By default, the virtual size of a process on 32-bit Windows is 2 GB. If the image is marked specifically as large address space aware, and the system is booted with a special option (described later in this chapter), a 32-bit process can grow to be 3 GB on 32-bit Windows and to 4 GB on 64-bit Windows.
The process virtual address space size on 64-bit Windows is 7,152 GB on IA64 systems and 8,192 GB on x64 systems. (This value could be increased in future releases.)
windows內存管理器簡介
默認情況下,32位windows上的一個進程的虛擬大小(地址空間)爲2GB,如果該進程對應的二進制映像文件被特別標註了“large address space aware”(察覺到大地址空間),並且系統以特殊選項引導(本章稍後討論),那麼32位進程在32位windows上的虛擬大小可達到3GB;在64位windows上的虛擬大小可達到4GB;運行在Intel IA-64體系結構的64位windows上的64位進程的虛擬地址空間大小爲7152GB;在x64體系結構上則爲8192GB;(在處理器硬件和操作系統軟件的後續發佈版中,這些值可能會增大)
As you saw in Chapter 2, “System Architecture,” in Part 1 (specifically in Table 2-2), the maximum amount of physical memory currently supported by Windows ranges from 2 GB to 2,048 GB, depending on which version and edition of Windows you are running. Because the virtual address space
might be larger or smaller than the physical memory on the machine, the memory manager has two primary tasks:
■ Translating, or mapping, a process’s virtual address space into physical memory so that when a thread running in the context of that process reads or writes to the virtual address space, the correct physical address is referenced. (The subset of a process’s virtual address space that is
physically resident is called the working set. Working sets are described in more detail later in this chapter.)
■ Paging some of the contents of memory to disk when it becomes overcommitted—that is, when running threads or system code try to use more physical memory than is currently available— and bringing the contents back into physical memory when needed.
另一方面,在本書上冊第二章“系統架構”中的表2-2提到,windows當前支持的最大物理內存從2GB到2048GB不等,這取決於你運行的windows版本和位數;由於虛擬地址空間可能比機器上安裝的物理內存總量要大,也有可能比它小;因此內存管理器的二個主要任務爲:
■ 將一個進程的虛擬地址空間翻譯或映射成物理內存,從而使運行在該進程上下文中的線程讀寫虛擬地址空間時,能夠引用正確的物理地址。
(windows將駐留在物理內存中的進程虛擬地址空間子集稱爲“工作集”,它的更多細節將在本章後面描述)
■ 當物理內存過載時(例如,當運行的線程或內核代碼嘗試請求比當前可用的更多內存時),將其中部分內容換出至磁盤,以及在需要時將這些內容換回(入)物理內存。
In addition to providing virtual memory management, the memory manager provides a core set of services on which the various Windows environment subsystems are built. These services include memory mapped files (internally called section objects), copy-on-write memory, and support for applications using large, sparse address spaces. In addition, the memory manager provides a way for a process to allocate and use larger amounts of physical memory than can be mapped into the process virtual address space at one time (for example, on 32-bit systems with more than 3 GB of physical memory). This is explained in the section “Address Windowing Extensions” later in this chapter.
除了提供虛擬內存管理服務外,內存管理器還爲構建其上的各種windows環境子系統提供一組核心服務;這些服務包括內存映射文件(在windows中叫做section objects),寫時複製內存,以及支持應用程序使用大規模,稀疏(非連續)的地址空間。此外,內存管理器提供了一種方法,給進程一次性分配和使用大量的物理內存,甚至可以超過該進程能夠映射的虛擬地址空間上限(例如,在32位系統上,可以分配多於3GB的物理內存)。在本章後面的“Address Windowing
Extensions”(地址窗口擴展?)部分,將對其進行解釋。
Note
There is a Control Panel applet that provides control over the size, number, and locations of the paging files, and its nomenclature suggests that “virtual memory” is the same thing as the paging file. This is not the case. The paging file is only one aspect of virtual memory. In fact, even if you run with no page file at all, Windows will still be using virtual memory. This distinction is explained in more detail later in this chapter.
注意:
在控制面板中有一項提供對頁面文件的大小,數量,以及位置的控制(譯註:即“系統”選項卡-> 高級系統設置 ->高級選項卡 -> 單擊性能欄目的“設置”,再切換到“高級選項卡”,單擊“虛擬內存”欄目的“更改”);其命名法指出“virtual memory”(虛擬內存)與分頁文件是相同的概念;情況並非如此。分頁文件僅僅是虛擬內存的一個方面。實際上,即便你設置成完全不使用頁面文件,windows將依舊使用虛擬內存。本章後面將詳細解釋這之間的區別。
Memory Manager Components
The memory manager is part of the Windows executive and therefore exists in the file Ntoskrnl.exe.
No parts of the memory manager exist in the HAL. The memory manager consists of the following components:
■ A set of executive system services for allocating, deallocating, and managing virtual memory,most of which are exposed through the Windows API or kernel-mode device driver interfaces
■ A translation-not-valid and access fault trap handler for resolving hardware-detected memory management exceptions and making virtual pages resident on behalf of a process
內存管理器的組件
內存管理器是windows執行體的一部分,因此它存在於文件 Ntoskrnl.exe 之中。內存管理器沒有任何部分是位於HAL(譯註:硬件抽象層)中的。內存管理器由下列組件構成:
■ 一組用於分配,釋放,以及管理虛擬內存的執行體系統服務,其中多數通過Windows API或者內核模式設備驅動接口對外暴露;
■ 一個翻譯無效和訪問錯誤陷阱處理程序,用於解決硬件探測到的內存管理異常,以及爲一個進程分配駐留在物理內存中的虛擬頁;(這句翻譯的不好,原文是A translation-not-valid and access fault trap handler for resolving hardware-detected memory management exceptions and making virtual pages resident on behalf of a process。誰知道怎麼翻譯較好?)
■ Six key top-level routines, each running in one of six different kernel-mode threads in the System process (see the experiment “Mapping a System Thread to a Device Driver,” which shows how to identify system threads, in Chapter 2 in Part 1):
■ 6個關鍵的頂級(譯註:這裏應該是任務的調度優先級,數值越大,優先級越高)例程,每個例程運行着System進程中6種不同的內核模式線程之一(回顧上冊第2章的實驗“將一個系統線程映射到一個設備驅動”,該實驗展示了辨別系統線程的方法):
1. The balance set manager (KeBalanceSetManager, priority 16). It calls an inner routine, the working set manager (MmWorkingSetManager), once per second as well as when free memory falls below a certain threshold. The working set manager drives the overall memory management policies, such as working set trimming, aging, and modified page writing.
1. balance set manager(KeBalanceSetManager,平衡集管理器,優先級16 )。它調用一個內部例程,叫做working set manager
(MmWorkingSetManager,工作集管理器)後者每秒被調用一次;此外,當可用內存低於某個閾值時,它也會被調用。工作集管理器會驅動整體的內存管理策略,例如工作集大小微調(裁剪),增加頁面的使用年齡(譯註:用於頁面置換算法確定最近最少使用的頁面,作爲犧牲頁換出內存),以及在修改過的頁面換出內存前,將其寫回磁盤上的交換空間(分頁文件)。
2. The process/stack swapper (KeSwapProcessOrStack, priority 23) performs both process and kernel thread stack inswapping and outswapping. The balance set manager and the thread-scheduling code in the kernel awaken this thread when an inswap or outswap operation needs to take place.
2. process/stack swapper(KeSwapProcessOrStack, 進程/棧交換器,優先級23)。執行進程與內核線程棧的換入換出操作。平衡集管理器與內核中的線程調度代碼(譯註:即操作系統調度器;在Linux和UNIX上,任務調度通常以進程爲單位,而windows則支持線程粒度的調度)在需要進行換入和換出操作時,就會喚醒這個線程。(譯註:在UNIX變體如4.3BSD上,執行相同任務的是一個叫做swapper的系統進程,通常在系統的空閒物理頁框即物理內存不足,或者某些進程長時間沒有獲得調度從而變成非活動進程時,swapper進程和windows的
process/stack swapper線程被喚醒,將這些進程換出內存,從而釋放空間)
3. The modified page writer (MiModifiedPageWriter, priority 17) writes dirty pages on the modified list back to the appropriate paging files. This thread is awakened when the size of the modified list needs to be reduced.
3. modified page writer (MiModifiedPageWriter, 已修改頁面寫回器,優先級17)。將已修改頁列表中的“髒”頁寫回適當的分頁文件。(譯註:通常由處理器的組件MMU,即內存管理單元在向一個PTE頁表項負責的4KB地址空間中某個地址寫入數據時設置該PTE的修改位,Dirty bit ,即髒位;內核通過該位的值來判斷是否應該先寫回硬盤上的分頁文件;Intel x86/64體系結構中,提供了一條特權指令供內核清除該位) 。當需要減小已修改頁列表的尺寸時,該線程就會被喚醒。
4. The mapped page writer (MiMappedPageWriter, priority 17) writes dirty pages in mapped files to disk (or remote storage). It is awakened when the size of the modified list needs to be reduced or if pages for mapped files have been on the modified list for more than 5 minutes. This second modified page writer thread is necessary because it can generate page faults that result in requests for free pages. If there were no free pages and there was only one modified page writer thread, the system could deadlock waiting for free pages.
4. mapped page writer (MiMappedPageWriter, 映射頁面寫入器,優先級17)。將從磁盤文件映射到內存的“髒”頁寫回磁盤(或遠程存儲),以更新修改結果。當需要減小已修改頁列表的尺寸,或者映射文件的頁面位於已修改頁列表超過5分鐘,該線程就會被喚醒。(這第二個)映射頁面寫入器線程是必須的;如果只有一個已修改頁面寫回器線程,並且當前沒有空閒頁面,它可能生成由請求空閒頁面而導致的頁面錯誤,此時該線程將被阻塞在等待產生空閒頁面事件,但是又沒有第二個能夠釋放頁面的線程可供調度,於是整個系統會進入死鎖狀態來等待可用頁面。(譯註:這段譯文經過自行潤色,原文直譯不好理解,希望沒有偏離作者要表達的意思)
5. The segment dereference thread (MiDereferenceSegmentThread, priority 18) is responsible for cache reduction as well as for page file growth and shrinkage. (For example, if there is no virtual address space for paged pool growth, this thread trims the page cache so that the paged pool used to anchor it can be freed for reuse.)
5. segment dereference thread (MiDereferenceSegmentThread, 暫譯爲“內存段解引用線程”,優先級 18)。負責減少系統高速緩存數量(譯註:這裏不是CPU芯片內的硬件L1~L3 cache,應該是指windows將磁盤上的分頁文件用作物理內存的高速緩存這一概念)以及負責分頁文件的增長和收縮。(例如,若沒有虛擬地址空間用於分頁池增長,該線程將裁剪頁面緩存的大小,從而用於分頁池的穩定釋放和重用)(譯註:這句也不太好翻譯,原文是For example, if there is no virtual address space for paged pool growth, this thread trims the page cache so that the paged pool used to anchor it can be freed for reuse )
6. The zero page thread (MmZeroPageThread, base priority 0) zeroes out pages on the free list so that a cache of zero pages is available to satisfy future demand-zero page faults.
Unlike the other routines described here, this routine is not a top-level thread function but is called by the top-level thread routine
Phase1Initialization. MmZeroPageThread never returns to its caller, so in effect the Phase 1 Initialization thread becomes the zero page thread by calling this routine. Memory zeroing in some cases is done by a faster function called MiZeroInParallel. See the note in the section “Page List Dynamics” later in this chapter.
Each of these components is covered in more detail later in the chapter.
6. zero page thread (譯註:MmZeroPageThread,零頁線程,基礎優先級爲 0,該線程屬於可變優先級類線程,此類線程的當前優先級以基礎優先級爲下限,可以動態變化,例如,當此類線程由於等待I/O事件而被掛起,內核在調度運行其它就緒線程前,將提升此類線程的當前優先級;當此類線程用完了本次分配給它的時間片而被掛起,內核降低其當前優先級,並用於下一輪調度時判斷的標準)。零頁線程將空閒頁列表(譯註:可能通過類似單向鏈表的數據結構實現)中的頁全部用0填充,然後換出內存,從而使得分頁文件緩存中有全0的頁面可用於滿足將來的“零頁需求”類型的頁面錯誤,並且能夠被換入內存。與這裏描述的其它5類例程不同,此例程並非頂級線程函數,但是它會被一個叫做 Phase1Initialization 的頂級線程例程調用;(譯註: Phase1Initialization 是系統啓動時,初始化內核與執行體的第二階段函數,第一階段由 Phase0Initialization函數負責)。零頁線程從不返回(給它的調用者),因此實際上,Phase1 初始化線程函數(在最後)通過調用此例程變成零頁線程。內存清零操作有時候通過一個叫“MiZeroInParallel”的函數完成,其速度更快。更多細節請查看本章後面的“Page List Dynamics”(動態頁列表?直譯。。。);本章後面會涵蓋每個內存管理器組件的更多細節。
Internal Synchronization
Like all other components of the Windows executive, the memory manager is fully reentrant and supports simultaneous execution on multiprocessor systems—that is, it allows two threads to acquire resources in such a way that they don't corrupt each other's data. To accomplish the goal of being fully reentrant, the memory manager uses several different internal synchronization mechanisms, such as spinlocks, to control access to its own internal data structures. (Synchronization objects are discussed in Chapter 3, “System Mechanisms,” in Part 1.)
Some of the systemwide resources to which the memory manager must synchronize access include:
■ Dynamically allocated portions of the system virtual address space
■ System working sets
■ Kernel memory pools
■ The list of loaded drivers
■ The list of paging files
■ Physical memory lists
■ Image base randomization (ASLR) structures
■ Each individual entry in the page frame number (PFN) database
Per-process memory management data structures that require synchronization include the working set lock (held while changes are being made to the working set list) and the address space lock (held whenever the address space is being changed). Both these locks are implemented using
pushlocks.
內部同步
正如windows執行體的所有其它組件一樣,內存管理器是完全可重入的,並且支持在多處理器系統上同時執行——換句話說,以這樣的方式能夠允許2個線程在不損壞彼此數據的情況下獲取資源。爲了實現可完全重入這一目標,內存管理器使用了幾種不同的內部同步機制,例如自旋鎖,用於控制對系統自身內部數據結構的訪問(同步對象在本書上冊第3章“系統機制”中討論)
內存管理器必須對其訪問進行同步化的一些系統範圍資源包括:
■ 系統虛擬地址空間的動態分配部分;
■ 系統工作集;
■ 內核內存池;
■ 已加載驅動程序的列表;
■ 分頁文件列表;
■ 物理內存列表;
■ 映像(加載)基址隨機化(ASLR)結構;
■ 頁框號(PFN)數據庫中,每個單獨的條目;(譯註:這裏的頁框號數據庫,類似操作系統維護的頁表;頁框號即物理頁號;頁表中的每個條目稱爲頁表項,即PTE)
每一個進程與內存管理相關的數據結構中,需要同步的包括:工作集鎖(當工作集列表正在變更時持有該鎖),地址空間鎖(每當地址空間正被改變時持有該鎖)。這些鎖都使用推鎖(pushlocks)實現。
Examining Memory Usage
The Memory and Process performance counter objects provide access to most of the details about system and process memory utilization. Throughout the chapter, we'll include references to specific
performance counters that contain information related to the component being described. We've included relevant examples and experiments throughout the chapter. One word of caution, however:
different utilities use varying and sometimes inconsistent or confusing names when displaying memory information. The following experiment illustrates this point. (We'll explain the terms used in this example in subsequent sections.)
審查內存使用
“內存與進程性能計數器對象”提供對絕大多數與系統和進程內存使用率細節相關的訪問。貫穿本章,我們將引用特定性能計數器,這些計數器包含與本章描述的內存管理器組件有關的信息,我們也涵蓋了相應的例子與實驗。然而,需要提醒一下:當顯示內存信息時,不同的工具使用不同的——有時是不一致或讓人困惑的名稱。下面的實驗說明了這一點。(我們將在後續部分解釋這個例子中使用的術語)
EXPERIMENT: Viewing System Memory Information
The Performance tab in the Windows Task Manager, shown in the following screen shot, displays basic system memory information. This information is a subset of the detailed memory information available through the
performance counters. It includes data on both physical and virtual memory usage.
實驗:查看系統內存信息
如下的屏幕截圖所示,windows任務管理器中的性能標籤,顯示基本的系統內存信息,這個信息僅是性能計數器提供的詳細內存信息的一組子集,它包含物理內存和虛擬內存使用率相關的數據。
(原文使用EN-US語系的系統截圖,我把它替換成自己機器上的ZH-CN語系截圖,主要是方便大家對照下面的表格來理解圖中每個術語的含義)
The following table shows the meaning of the memory-related values.
下表解釋任務管理器中使用的內存相關術語的含義:
Memory bar histogram 內存的條柱形圖 | Bar/chart line height shows physical memory in use by Windows (not available as a performance counter). The remaining height of the graph is equal to the Available counter in the Physical Memory section, described later in the table. The total height of the graph is equal to the Total counter in that section. This represents the total RAM usable by the operating system, and does not include BIOS shadow pages, device memory, and so on. 該條柱形圖的行高顯示windows使用的物理內存情況(亮綠色區域,該區域沒有相應的性能計數器)。該圖中剩餘的高度(暗綠色區域)相當於“物理內存(MB)”欄位中的“可用”計數器,後續的表格會講到。該圖的總高度相當於欄位中的“總數”計數器;總數表示操作系統能夠使用的物理內存總量,並且不包含BIOS shadow pages(直譯爲BIOS影子頁面,也就是將一些外圍硬件設備自帶的 BIOS ROM 映射到系統內存)與設備內存等(將一些外圍硬件設備自帶的存儲器或緩存映射到系統內存)。 |
Physical Memory (MB): Total 物理內存(以MB,百萬字節爲單位):總數 | Physical memory usable by Windows 即windows可用的物理內存,如前所述,等於內存條形圖的總高; |
Physical Memory (MB): Cached 已緩存 | Sum of the following performance counters in the Memory object: Cache Bytes, Modified Page List Bytes, Standby Cache Core Bytes, Standby Cache Normal Priority Bytes, and Standby Cache Reserve Bytes (all in Memory object) 內存對象中的一些性能計數器總合,包括Cache Bytes,Modified Page List Bytes,Standby Cache Core Bytes,Standby Cache Normal Priority Bytes,以及 Standby Cache Reserve Bytes(譯註:這裏保持原文,避免翻譯引起的語義準確性爭議) |
Physical Memory (MB):Available 可用 | Amount of memory that is immediately available for use by the operating system, processes, and drivers. Equal to the combined size of the standby, free, and zero page lists. 可以由操作系統,進程,驅動程序立即使用的物理內存數量,它等於備用(standby),空閒(free),以及零頁列表(zero page lists)三者之和。(譯註:打開任務管理器中的資源監視器 ,在“物理內存”欄目中通過簡單的加法即可驗證,需要注意,簡體中文語系windows 7 客戶機系列的翻譯出了一點小錯誤:最右邊的方格圖例應該是“空閒”,而非“可用”) |
Physical Memory (MB): Free 空閒 | Free and zero page list bytes 空閒頁和零頁列表中的頁面總字節(譯註:系統自身給出的解釋爲“不包含任何有價值數據<零頁?>,以及當進程,驅動程序,操作系統需要更多內存時將首先使用的內存”) |
Kernel Memory (MB): Paged 內核內存(以MB,百萬字節爲單位):分頁數 | Pool paged bytes. This is the total size of the pool, including both free and allocated regions 分頁池的總字節,包含空閒和已分配區域; |
Kernel Memory (MB): Nonpaged 未分頁數 | Pool nonpaged bytes. This is the total size of the pool, including both free and allocated regions 不可分頁池的總字節,包含空閒和已分配區域; |
System: Commit (two numbers shown) 系統欄位中的“提交”(以GB,十億字節爲單位) | Equal to performance counters Committed Bytes and Commit Limit, respectively 前後顯示2個數字,分別等於Committed Bytes和Commit Limit這2個性能計數器; |
To see the specific usage of paged and nonpaged pool, use the Poolmon utility, described in the “Monitoring Pool Usage” section.
使用在“監控頁面池使用率”小節中討論的工具Poolmon,可以查看分頁池和非分頁池的具體使用情況。
The Process Explorer tool from Windows Sysinternals (http://www.microsoft.com/technet/sysinternals) can show considerably more data about physical and virtual memory. On its main screen, click View and then System Information, and then choose the Memory tab. Here is
an example display from a 32-bit Windows system:
來自Windows Sysinternals (http://www.microsoft.com/technet/sysinternals) 的Process Explorer(進程瀏覽器或進程資源管理器)能夠顯示更多有關物理內存和虛擬內存的數據。在其主界面中,單擊View菜單->System Information,在打開的界面中選擇Memory選項卡即可查看。下面這個顯示的例子來自一個32位的windows系統:
We will explain most of these additional counters in the relevant sections later in this chapter.
Two other Sysinternals tools show extended memory information:
■ VMMap shows the usage of virtual memory within a process to an extremely fine level of detail.
■ RAMMap shows detailed physical memory usage.
These tools will be featured in experiments found later in this chapter.
Finally, the !vm command in the kernel debugger shows the basic memory management information available through the memory-related
performance counters. This command can be useful if you're looking at a crash dump or hung system. Here's an example of its output from a 4-GB Windows client system:
我們將在本章後續相關部分解釋這些附加的計數器。
另外2個Sysinternals工具能夠顯示擴展的內存信息:
■ VMMap將一個進程內的虛擬內存使用情況顯示到一個極端細緻的水平;
■ RAMMap顯示物理內存使用情況的細節;
本章後續將通過實驗來展示這些工具的特色。
最後,內核調試器中的 !vm 命令通過內存相關的性能計數器顯示可用的基本內存管理信息。如果你正檢查一個崩潰轉儲或掛掉的系統,該命令可能有用。下面的例子來自於一個4GB物理內存的windows客戶機系統上的輸出:
1: kd> !vm *** Virtual Memory Usage *** Physical Memory: 851757 ( 3407028 Kb) Page File: \??\C:\pagefile.sys Current: 3407028 Kb Free Space: 3407024 Kb Minimum: 3407028 Kb Maximum: 4193280 Kb Available Pages: 699186 ( 2796744 Kb) ResAvail Pages: 757454 ( 3029816 Kb) Locked IO Pages: 0 ( 0 Kb) Free System PTEs: 370673 ( 1482692 Kb) Modified Pages: 9799 ( 39196 Kb) Modified PF Pages: 9798 ( 39192 Kb) NonPagedPool Usage: 0 ( 0 Kb) NonPagedPoolNx Usage: 8735 ( 34940 Kb) NonPagedPool Max: 522368 ( 2089472 Kb) PagedPool 0 Usage: 17573 ( 70292 Kb) PagedPool 1 Usage: 2417 ( 9668 Kb) PagedPool 2 Usage: 0 ( 0 Kb) PagedPool 3 Usage: 0 ( 0 Kb) PagedPool 4 Usage: 28 ( 112 Kb) PagedPool Usage: 20018 ( 80072 Kb) PagedPool Maximum: 523264 ( 2093056 Kb) Session Commit: 6218 ( 24872 Kb) Shared Commit: 18591 ( 74364 Kb) Special Pool: 0 ( 0 Kb) Shared Process: 2151 ( 8604 Kb) PagedPool Commit: 20031 ( 80124 Kb) Driver Commit: 4531 ( 18124 Kb) Committed pages: 179178 ( 716712 Kb) Commit limit: 1702548 ( 6810192 Kb) Total Private: 66073 ( 264292 Kb) 0a30 CCC.exe 11078 ( 44312 Kb) 0548 dwm.exe 6548 ( 26192 Kb) 091c MOM.exe 6103 ( 24412 Kb)
We will describe many of the details of the output of this command later in this chapter.
我們將在本章稍後描述該命令輸出的衆多細節。
Services Provided by the Memory Manager
The memory manager provides a set of system services to allocate and free virtual memory, share memory between processes, map files into memory, flush virtual pages to disk, retrieve information about a range of virtual pages, change the protection of virtual pages, and lock the virtual pages into memory.
Like other Windows executive services, the memory management services allow their caller to supply a process handle indicating the particular process whose virtual memory is to be manipulated.
The caller can thus manipulate either its own memory or (with the proper permissions) the memory of another process. For example, if a process creates a child process, by default it has the right to manipulate the child process’s virtual memory. Thereafter, the parent process can allocate, deallocate, read, and write memory on behalf of the child process by calling virtual memory services and passing a handle to the child process as an argument. This feature is used by subsystems to manage the memory of their client processes. It is also essential for implementing debuggers because debuggers must be able to read and write to the memory of the process being debugged.
內存管理器提供的服務
內存管理器提供一組系統服務用於分配和釋放虛擬內存,在進程間共享內存,將磁盤文件映射至內存,將虛擬頁刷新到磁盤,取回一系列有關虛擬頁的信息,更改虛擬頁的保護權限,以及將虛擬頁鎖在內存中。與其它Windows執行體服務一樣,內存管理服務允許它們的調用者提供一個進程句柄,用於指明要被操控虛擬內存的特定進程;調用者因而能夠操控其自身內存(以適當的權限)或者其它進程的內存
;例如,一個進程創建了一個子進程,默認情況下,父進程有權操控它的子進程的虛擬內存;隨後,父進程可以通過調用虛擬內存服務並且傳遞一個該子進程的句柄作爲參數,從而能夠代表該子進程分配,釋放,以及讀寫內存。這個特性被子系統用來管理它們“客戶進程”的內存。這個特性對於實現調試器也是必需的,因爲調試器必須能夠讀寫被調試進程的內存。
