Embed

13 Windows Memory Architecture

Document Sample

Shared by: xiang peng

Tags

Stats

views:: 14
posted:: 11/8/2011
language:: Japanese
pages:: 17

Public Domain

Windows Memory

Architecture

井民全製作

A Process’s Virtual Address Space

 Every Process has its own private virtual

address

 32-bits processes  4 GB address space

 64-bits processes  16 EB (extrabytes)

 A thread in a process can access its own

address space

 Other process’s address space hidden and

inaccessible

A thread in process A cannot access

the data in process B’s address space

Process A

Thread access

0x12345678

code

Win2K: 作業系統的

記憶體位址是被隱藏 Process B

的不被thread 看到

Thread access

0x12345678

Win98: 則 thread 可

能會意外存取道系統 code

的資料 (詳情請看後面的

記憶體分佈表)

How a Virtual Address Space is Partitioned

Partition 32-bit Win2000 32-bit Win2000 (x86 w/3 GB Win98

user mode)

NULL- Pointer 0x00000000 ~ 0x0000FFFF 與 32-bit Win2000 一樣 0x00000000 ~ 0x00000FFF

Assignment ( 64 KB) ( 4 KB)

給 16-bit DOS程沒有沒有 0x00001000 ~ 0x003FFFFF

式/Windows 相 ( 4MB )

容區間

User-Mode 0x00010000 ~ 0x7FFEFFFF 0x00010000~ 0xBFFEFFFF (由於一部份用來使用 16-bit

(你可使用的區 (你可以使用 ~ 2 GB 的空間) (你可以使用 ~ 3 GB 的空間) 相容, 故可用範圍比較小)

域) 0x00400000 ~ 0x7FFFFFFF

64-KB禁區 0x7FFF0000 ~ 0x7FFFFFFF 沒有

0xBFFF0000~0xBFFFFFFF

(Only Win2000)

( 64 KB) ( 64 KB)

DLL 或 Memory 沒有沒有 0x80000000 ~0xBFFFFFFF

Map file 共享區

間 (Only Win98) ( 1GB)

Kernel-Mode

0x80000000 ~ 0xFFFFFFFF 0xC0000000 ~ 0xFFFFFFFF 0xC0000000~0xFFFFFFFF

(作業系統與驅

動程式存放處) (作業系統 2GB) (作業系統 1GB) (作業系統 1GB)

修正

Partition 32-bit Win2000 (對照組) 64-bit Win2000

NULL- Pointer 0x00000000 ~ 0x0000FFFF 0x00000000'00000000 ~ 0x00000000'0000FFFF

Assignment ( 64 KB) ( 64 KB)

給 16-bit DOS程式沒有沒有

/Windows 相容區間

User-Mode 0x00010000 ~ 0x7FFEFFFF

0x00000000'00010000 ~ 0x000003FF'FFFEFFFF

(你可使用的區域) (你可以使用~ 2 GB 的空間)

(你只能使用 ~ 2 GB 的空間, 為了相容32bit程式)

(使用 /LARGEADDRESSAWARE link 才能使用~4 TB)

64-KB禁區 0x7FFF0000 ~ 0x7FFFFFFF

0x000003FF'FFFF0000 ~ 0x000003FF'FFFFFFFF

(Only Win2000)

( 64 KB) ( 64 KB)

DLL 或 Memory Map 沒有沒有

file 共享區間 (Only

Win98)

Kernel-Mode 0x00000400'00000000 ~ 0xFFFFFFFF'FFFFFFFF

0x80000000 ~ 0xFFFFFFFF

(作業系統與驅動程式

存放處) (作業系統 2GB) (作業系統 16,777,212-TB )

數量單位對照表並沒有完全使用到

210  1024  1 K

2 20  1024K  1 M

230  1024M  1 G

2 40  1024G  1 T

How a Virtual Address Space is

Partitioned (64k for W2k, 4K for W98)

 Null-Pointer Assignment Partition

 Help to detect NULL-pointer assignments

 Any thread attempts to read/ write this partition

 access violation

int* pnSomeInteger=(int*) malloc(sizeof(int));

*pnSomeInteger=5;

當 malloc 配置記憶體不足時, 會傳回 NULL,

上面的程式會導致存取位址空間

0x00000000

Windows 98 Only

- MS-DOS/16 Bits Windows AP compatibility partition

 4MB address space (0x00001000 – 0x003fffff)

 For MS-DOS or 16-bits Windows AP

Our 32-bits AP should

not attempt to access this

partition

在 Win2000 中, 這區段屬於 User Mode

User-Mode Partition

(0x00010000-0x7FFEFFFF 大約是 2 G bytes) 剩下空間的給 User-Mode

 The process’s private address space

 One process cannot access

another process’s data in this partition

Win2000:

1. all .exe and DLL modules load in this area

2. System also maps all memory-mapped files within this partition

Win98:

1. System DLLs load in the Shared Memory Mapped File partition

2. all shared DLLs will be the same virtual address for all processes

3. memory-mapped files never appear in the user-mode area

System DLLs Kernel32, AdvAPI32, User32 and GDI32

A Large outcry from developers

 Getting a 3-GB User-Mode Partition (1G for Kernel)

Windows XP Professional (and greater)

- Windows Server 2003

- Windows Server 2003, Enterprise Edition

- Windows Server 2003, Datacenter Edition

- Windows 2000 Advanced Server

- Windows 2000 Datacenter Server

- Windows NT Server 4.0, Enterprise Edition

Linking setup

 Enable this mode /LARGEADDRESSAWARE

boot.ini

[boot loader]

timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Pro"

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Pro with /3GB" /3GB

參考資料: http://www.eyeonline.com/support/technical_faqs/technical_faqs.html

Penalty for the 3-GB Mode

 Reduce the number of threads, stack and

other resource

 使你程式可以存取 3 GB 的相關資料

參考資料

ms-help://MS.MSDNQTR.2004JAN.1033/memory/base/4gt_ram_tuning.htm

64-bits Windows

 A lots of source code in which pointers are

assumed to be 32-bit values

系統必須保證動態配置的在 64-bit 環境配置記憶體

記憶體不會高於位址可能高於2G, 但是你的

0x000000007FFFFFFF 程式卻以為位址只有 32 bits

位址空間這樣會發生 Pointer Truncation

user mode 問題.

除非,你的 AP 使用

/LARGEADDRESSAWA 在 64-bit 環境中,呼叫 32-bit DLL

RE 建立, 否則預設的情並傳送位址(超過 2G)給它處理

況下,只能使用 2-GB 位

址空間 (DLL 不受影響)

4-TB address space in 64-bits Windows

64-KB Off-Limits Partition (W2k Only)

(0x7FFF0000-0x7FFFFFFF)

 Access  access violation

 因為高層的位址空間(0x80000000以上)只有

Kernel mode 程式能夠存取, 為了檢查位址

更快速,Windows 2000 保留這部分的記憶

體區間.

0x7FFFFFFF 0x80000000 以上

access violation

64k 空間保留

0x7FFF0000

User-Mode 可使用

的空間

Win98 Only

Shared MMF Partition(0x80000000-0xBFFFFFFF 大約１ＧＢ)

 System store data that is shared all

32-bits processes

 System DLLs are all loaded in this

area with the same address for every

processes

 System also maps all memory-

mapped file in this partition

Kernel-Mode Partition

 The area is where the OS’s code resides

 Thread scheduling, memory

management,

 File systems support, networking support,

 All device drivers is loaded in this

partition

 Shared among all processes

 Access  access violation (win2000)

Win98:

the data in this partition is not protected

(Any AP can corrupt the OS)

Regions in an address space

 VirtualAlloc  allocating a region

你可以用

 The region begins on an allocation granularity

使用的部分 xxxxx 下一個配置的起點

GetSysteInfo API boundary (64KB)

得到 page size 0x00010000 64K-byte 0x00020000

 The size is a multiple of the page size (4-KB

for win2K) 不同 CPU 有不同的 page size (Intel Itanium  8k bytes)

Ex: If you attempt to reserve a 10-KB region of

address space  12-KB 12 % 4 =0

 VirtualFree  releasing the region

The system reserves regions for your process

System 用來管理 Process 的區塊

1. PEB (Process environment block)

2. TEB (Thread environment block)

這兩個由系統管理的 Region 並不受起始位址的限制 Process 用來管理 Thread 的區塊

Committing Physical Storage Within a

Region

 Before you use a reserved regions, you must

 Allocate physical storage Committing process

 Map this storage to the reserved region

 Note

 Physical storage is always committed in pages

 Call VirtualAlloc( ) to do this

 Decommitting by calling VirtualFree( )

看範例程式: VirtualAlloc動態配置記憶體

重要參考資料

 ms-

help://MS.MSDNQTR.2004JAN.1033/dngenli

b/html/msdn_ntvmm.htm