Transcript Windows 記憶體架構

Windows Memory
Architecture
井民全製作
A Process’s Virtual Address Space
 Every Process has its own private virtual
address


32-bits processes  4 GB address space
64-bits processes  16 EB (extrabytes)
 A thread in a process can access its own
address space

Other process’s address space hidden and
inaccessible
A thread in process A cannot access
the data in process B’s address space
Process A
Thread access
0x12345678
code
Win2K: 作業系統的
記憶體位址是被隱藏
的不被thread 看到
Process B
Thread access
0x12345678
Win98: 則 thread 可
能會意外存取道系統
的資料 (詳情請看後面的
記憶體分佈表)
code
How a Virtual Address Space is Partitioned
Partition
32-bit Win2000
32-bit Win2000 (x86 w/3 GB
user mode)
Win98
0x00000000 ~ 0x0000FFFF
( 64 KB)
與 32-bit Win2000 一樣
0x00000000 ~ 0x00000FFF
( 4 KB)
沒有
沒有
0x00001000 ~ 0x003FFFFF
( 4MB )
User-Mode
(你可使用的區
域)
0x00010000 ~ 0x7FFEFFFF
(你可以使用 ~ 2 GB 的空間)
0x00010000~ 0xBFFEFFFF
(你可以使用 ~ 3 GB 的空間)
(由於一部份用來使用 16-bit
相容, 故可用範圍比較小)
0x00400000 ~ 0x7FFFFFFF
64-KB禁區
(Only Win2000)
0x7FFF0000 ~ 0x7FFFFFFF
NULL- Pointer
Assignment
給 16-bit DOS程
式/Windows 相
容區間
DLL 或 Memory
Map file 共享區
間 (Only Win98)
Kernel-Mode
(作業系統與驅
動程式存放處)
0xBFFF0000~0xBFFFFFFF
( 64 KB)
( 64 KB)
沒有
沒有
沒有
0x80000000 ~0xBFFFFFFF
( 1GB)
0x80000000 ~ 0xFFFFFFFF
0xC0000000 ~ 0xFFFFFFFF
0xC0000000~0xFFFFFFFF
(作業系統 2GB)
(作業系統 1GB)
(作業系統 1GB)
修正
Partition
32-bit Win2000 (對照組)
NULL- Pointer
Assignment
0x00000000 ~ 0x0000FFFF
( 64 KB)
給 16-bit DOS程式
/Windows 相容區間
0x00010000 ~ 0x7FFEFFFF
(你可以使用~ 2 GB 的空間)
64-KB禁區
(Only Win2000)
0x7FFF0000 ~ 0x7FFFFFFF
Kernel-Mode
(作業系統與驅動程式
存放處)
數量單位對照表
10
2
 1024  1 K
2 20  1024 K  1 M
230  1024 M  1 G
2 40  1024G  1 T
0x00000000'00000000 ~ 0x00000000'0000FFFF
( 64 KB)
沒有
User-Mode
(你可使用的區域)
DLL 或 Memory Map
file 共享區間 (Only
Win98)
64-bit Win2000
沒有
0x00000000'00010000 ~ 0x000003FF'FFFEFFFF
(你只能使用 ~ 2 GB 的空間, 為了相容32bit程式)
(使用 /LARGEADDRESSAWARE link 才能使用~4 TB)
0x000003FF'FFFF0000 ~ 0x000003FF'FFFFFFFF
( 64 KB)
( 64 KB)
沒有
沒有
0x80000000 ~ 0xFFFFFFFF
(作業系統 2GB)
0x00000400'00000000 ~ 0xFFFFFFFF'FFFFFFFF
16,777,212-TB )
(作業系統
並沒有完全使用到
How a Virtual Address Space is
Partitioned (64k for W2k, 4K for W98)
 Null-Pointer Assignment Partition


Help to detect NULL-pointer assignments
Any thread attempts to read/ write this partition
 access violation
int* pnSomeInteger=(int*) malloc(sizeof(int));
*pnSomeInteger=5;
當 malloc 配置記憶體不足時, 會傳回 NULL,
上面的程式會導致存取位址空間
0x00000000
Windows 98 Only
- MS-DOS/16 Bits Windows AP compatibility partition
 4MB address space
(0x00001000 – 0x003fffff)
 For MS-DOS or 16-bits Windows AP
Our 32-bits AP should
not attempt to access this
partition
在 Win2000 中, 這區段屬於 User Mode
User-Mode Partition
(0x00010000-0x7FFEFFFF 大約是 2 G bytes) 剩下空間的給 User-Mode
 The process’s private address space
 One process cannot access
another process’s data in this partition
Win2000:
1. all .exe and DLL modules load in this area
2. System also maps all memory-mapped files within this partition
Win98:
1. System DLLs load in the Shared Memory Mapped File partition
2. all shared DLLs will be the same virtual address for all processes
3. memory-mapped files never appear in the user-mode area
System DLLs Kernel32, AdvAPI32, User32 and GDI32
A Large outcry from developers
 Getting a 3-GB User-Mode Partition
(1G for Kernel)
Windows XP Professional (and greater)
- Windows Server 2003
- Windows Server 2003, Enterprise Edition
- Windows Server 2003, Datacenter Edition
- Windows 2000 Advanced Server
- Windows 2000 Datacenter Server
- Windows NT Server 4.0, Enterprise Edition
 Enable this mode
Linking setup
/LARGEADDRESSAWARE
boot.ini
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Pro"
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Pro with /3GB" /3GB
參考資料: http://www.eyeonline.com/support/technical_faqs/technical_faqs.html
Penalty for the 3-GB Mode
 Reduce the number of threads, stack and
other resource
 使你程式可以存取 3 GB 的相關資料
參考資料
ms-help://MS.MSDNQTR.2004JAN.1033/memory/base/4gt_ram_tuning.htm
64-bits Windows
 A lots of source code in which pointers are
assumed to be 32-bit values
系統必須保證動態配置的
記憶體不會高於
0x000000007FFFFFFF
位址空間
user mode
除非,你的 AP 使用
/LARGEADDRESSAWA
RE 建立, 否則預設的情
況下,只能使用 2-GB 位
址空間 (DLL 不受影響)
在 64-bit 環境配置記憶體
位址可能高於2G, 但是你的
程式卻以為位址只有 32 bits
這樣會發生 Pointer Truncation
問題.
在 64-bit 環境中,呼叫 32-bit DLL
並傳送位址(超過 2G)給它處理
4-TB address space in 64-bits Windows
64-KB Off-Limits Partition (W2k Only)
(0x7FFF0000-0x7FFFFFFF)
 Access  access violation
 因為高層的位址空間(0x80000000以上)只有
Kernel mode 程式能夠存取, 為了檢查位址
更快速,Windows 2000 保留這部分的記憶
體區間.
0x7FFFFFFF
0x80000000 以上
64k 空間保留
0x7FFF0000
User-Mode 可使用
的空間
access violation
Win98 Only
Shared MMF Partition(0x80000000-0xBFFFFFFF 大約１ＧＢ)
 System store data that is shared all
32-bits processes
 System DLLs are all loaded in this
area with the same address for every
processes
 System also maps all memorymapped file in this partition
Kernel-Mode Partition
 The area is where the OS’s code resides



Thread scheduling, memory
management,
File systems support, networking support,
All device drivers is loaded in this
partition
 Shared among all processes
 Access  access violation
(win2000)
Win98:
the data in this partition is not protected
(Any AP can corrupt the OS)
Regions in an address space
 VirtualAlloc  allocating a region
The region begins on an allocation granularity
使用的部分 xxxxx 下一個配置的起點
boundary (64KB)
0x00010000
0x00020000
64K-byte
 The size is a multiple of the page size (4-KB
for win2K) 不同 CPU 有不同的 page size (Intel Itanium  8k bytes)
Ex: If you attempt to reserve a 10-KB region of
address space  12-KB 12 % 4 =0

你可以用
GetSysteInfo API
得到 page size
 VirtualFree  releasing the region
The system reserves regions for your process
System 用來管理 Process 的區塊
1. PEB (Process environment block)
2. TEB (Thread environment block)
這兩個由系統管理的 Region 並不受起始位址的限制
Process 用來管理 Thread 的區塊
Committing Physical Storage Within a
Region
 Before you use a reserved regions, you must


Committing process
Allocate physical storage
Map this storage to the reserved region
 Note


Physical storage is always committed in pages
Call VirtualAlloc( ) to do this
 Decommitting by calling VirtualFree( )
看範例程式: VirtualAlloc動態配置記憶體
重要參考資料
 ms-
help://MS.MSDNQTR.2004JAN.1033/dngenli
b/html/msdn_ntvmm.htm