You are on page 1of 14

MEMORY MANAGEMENT IN WINDOWS (with practical example on win-7 32 bit) Term paper

Submitted By: Deepanshu Khanna

I owe a great many thanks to a great many people who helped and supported me during the writing of this CASE STUDY. My deep sense of gratitude to [Mr. RAVI MANRA] (SECURITY ANALYST), support and guidance in writing this paper.

Table Of Contents:
1. Introduction 1.1 Definition 1.2 Purpose 1.3 Description 2. Responsibility of the KERNEL 3. Memory Management with practical example 3.1 Introduction 3.2 Concept of Virtual Memory 3.2.1Virtual address spaces for 32-bit Windows memory 3.3 Working of Virtual Address Space 3.4 Memory Pool 3.5 How to Increase the size of virtual memory (practical) 3.6 How actually the memory is being managed 3.7 Memory Protection With Examples (Practical) 4. Conclusion 5. References

The topic of my project is Memory Management. This paper has main focus on developing a management based method that Microsoft these days is providing to the people with some practical examples that users are unaware of it. It makes great use of many functions. It will definitely enhance your knowledge as well. My project is very different from the papers on the INTERNET in such a way that it is more users friendly and stores records than usual. All and over it is compact and easy to implement.

1.1 Definition- Memory Management is the method of storing the data and programs in the memory while keeping the track of that memory and retrieves the memory space when that memory is not needed to store any data. It basically includes the virtual memory, and how we could protect that memory. In the first decade of the PC, technicians had to deal with conventional memory, upper memory, high memory, extended memory and expanded memory in order to support growing applications. 1.2 Purpose: The basic purpose of memory management in windows is very much important because memory should be enough to keep the data so that more and more data can be put in the small area of the memory and also there should be methods to keep securing the memory. 1.3 Description: As we know that memory is that which stores the programs and these programs are used by the CPU for processing. There are exactly two types of memories Temporary memory and the permanent memory. The memory such as RAM is known as the temporary memory and the memory such as HARD DISK is known as the permanent memory. 2. RESPOSIBILITY OF KERNEL: This portion of my paper will tell exactly how data or any program in the memory executes. When any user wants to execute any program or play any song or video, those programs will be brought from the physical memory or the HARD DISK into the temporary memory i.e. RAM. Now here is the concept of memory management came into existence. This is the responsibility of the OS (operating system) or more technically the KERNEL to provide the vacant memory to each program that user wants to execute.

KERNEL also decides that which program can execute at that time and which program has to wait for some time.

3. Memory Management System with a practical example:

3.1 Introduction: As the topic that has been assigned to me is basically on how to manage the disk space or the memory space inside the windows. So, I am explaining the whole concept of memory management in WINDOWS.. As we know that each each process in Win-32 bit operating system has its own virtual address space that will enable addressing of processes to the memory upto 4GB. And Win-64 will enable the addressing upto 8TB of memory. Whatever will be the threads generated in the process that can have the access to the virtual address space of that process. And no other threads will have the access of address space of other processes. This might help for the processes from being corrupted. 3.2 Concept of VIRTUAL MEMORY: Virtual Memory for a process is the set of virtual address spaces that the process will use for its execution. Now the addresses that are being allocated to the processes are unique and cannot be given to another process while a process is in its execution state, this might help the memory from being corrupted and also the process will execute smoothly. A virtual address in the memory is not the actual physical location of an object residing in that particular space of the memory, but in actual it maintains a page table for each process, this represents the internal data structure which could translate the virtual address to the corresponding physical addresses. Now whenever any thread reference for the process, the system will automatically translates the process to the physical memory address space.

3.2.1 Virtual address spaces for 32-bit Windows memory : The virtual address space for a 32-bit windows operating system is 4 GB (giga-bytes) which has been divided into two partitions: i) One for the use by the process ii) Other is reserved for the system Default Virtual Address Space for 32-bit Windows The following table shows the default memory range for each partition.

Memory range


Low 2GB (0x00000000 through 0x7FFFFFFF)

Used by the process.

High 2GB (0x80000000 through 0xFFFFFFFF)

Used by the system.

Virtual Address Space for 32-bit Windows with 4GT If 4-gigabyte tuning (4GT) is enabled, the memory range for each partition is as follows.

Memory range


Low 3GB (0x00000000 through 0xBFFFFFFF)

Used by the process.

High 1GB (0xC0000000 through 0xFFFFFFFF)

Used by the system.

3.3 WORKING OF THE VIRTUAL ADDRESS SPACE: The working set of a process that has to be executed is the set of the pages that resides in the virtual address space of that process that is being residing in the physical memory. 3.3.1 Page Faults: The situation when any process is demanding for the pageable memory which is not currently in its working set, at that time a page fault occurs. When any page fault in the memory occurs the page fault handler will automatically tries to resolve the page fault and if the handler succeeded then the page is added to the working set. A hard page fault must be resolved by reading page contents from the page's backing store, which is either the system paging file or a memory-mapped file created by the process. A soft page fault can be resolved without accessing the backing store. A soft page fault occurs when: The page is in the working set of some other process, so it is already resident in memory. The page is in transition, because it either has been removed from the working sets of all processes that were using the page and has not yet been repurposed, or it is already resident as a result of a memory manager prefect operation.

A process references an allocated virtual page for the first time (sometimes called a demand-zero faults).

3.4 Memory Pool: Now in order to allocate the memory the

memory manager creates two types of pools for the system utility: i) Non-paged pool ii)Paged pool Both memory pools are located in the region of the address space that is reserved for the system and mapped into the virtual address space of each process. The nonpaged pool consists of virtual memory addresses that are guaranteed to reside in physical memory as long as the corresponding kernel objects are allocated. The paged pool consists of virtual memory that can be paged in and out of the system. To improve performance, systems with a single processor have three paged pools, and multiprocessor systems have five paged pools.

3.5 How to increase the size of virtual memory inside the windows:

Open System by clicking the Start button , rightclicking Computer, and then clicking Properties. In the left pane, click Advanced system settings. If you're prompted for an administrator password or confirmation, type the password or provide confirmation. On the Advanced tab, under Performance, click Settings.




Click the Advanced tab, and then, under Virtual memory, click Change. Clear the Automatically manage paging file size for all drives check box. Under Drive [Volume Label], click the drive that contains the paging file you want to change.



7. Click Custom size, type a new size in megabytes in the Initial size (MB) or Maximum size (MB) box, click Set, and then click OK.

Snapshot of how in actual the Virtual Memory of the Win-7

3.6 How in actual the memory is being managed:

3.6.1 By heap Fucntions:

Each process has a default heap provided by the system. Applications that make frequent allocations from the heap can improve performance by using private heaps. A private heap is a block of one or more pages in the address space of the calling process. After creating the private heap, the process uses functions such as HeapAlloc and HeapFree to manage the memory in that heap. There is no difference between memory allocated from a private heap and that allocated by using the other memory allocation functions. Heap fragmentation is a state in which available memory is broken into small, noncontiguous blocks. When a heap is fragmented, memory allocation can fail even when the total available memory in the heap is enough to satisfy a request, because no single block of memory is large enough. The low-fragmentation heap (LFH) helps to reduce heap fragmentation. The LFH is not a separate heap. Instead, it is a policy that applications can enable for their heaps. When the LFH is enabled, the system allocates memory in certain predetermined sizes. When an application requests a memory allocation from a heap that has the LFH enabled, the system allocates the smallest block of memory that is large enough to contain the requested size. The system does not use the LFH for allocations larger than 16 KB, whether or not the LFH is enabled.

3.7 Memory protection: Memory that belongs to a process is

implicitly protected by its private virtual address space. In addition, Windows provides memory protection by using the virtual memory hardware. The implementation of this protection varies with the processor, for example, code pages in the address space of a process can be marked read-only and protected from modification by user-mode threads.

1. Copy-on-Write Protection:

Copy-on-write protection is an optimization that allows multiple processes to map their virtual address spaces such that they share a physical page until one of the processes modifies the page. This is part of a technique called lazy evaluation, which allows the system to conserve physical memory and time by not performing an operation until absolutely necessary. For example, suppose two processes load pages from the same DLL into their virtual memory spaces. These virtual memory pages are mapped to the same physical memory pages for both processes. As long as neither process writes to these pages, they can map to and share, the same physical pages, as shown in the following diagram.

If Process 1 writes to one of these pages, the contents of the physical page are copied to another physical page and the virtual memory map is updated for Process 1. Both processes now have their own instance of the page in physical memory. Therefore, it is not possible for one process to write to a shared physical page and for the other process to see the changes.

2. DEP PROTECTION: Data Execution Prevention (DEP) is a

security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from your computer's memory reserved for Windows and other authorized programs. These types of attacks can harm your programs and files. DEP can help protect your computer by monitoring your programs to make sure that they use computer memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you. How to turn THE DEP PROTECTION ON: Following are the steps to turn on the DEP protection in WIN-7

Open System by clicking the Start button , rightclicking Computer, and then clicking Properties. Click Advanced system settings. If you're prompted for an administrator password or confirmation, type the password or provide confirmation. Under Performance, click Settings. Click the Data Execution Prevention tab, and then click Turn on DEP for all programs and services except those I select. To turn off DEP for an individual program, select the check box next to the program that you want to turn off DEP for, and then click OK. If the program is not in the list, click Add. Browse to the Program Files folder, find the executable file for the program (it will have an .exe file name extension), and then click Open.


3. 4.


6. Click OK, click OK in the System Properties dialog box if it appears, and then click OK again. You might need to restart your computer for the changes to take effect.

4. Conclusion: Memory management in Microsoft Windows

operating systems has evolved into a rich and sophisticated architecture, capable of scaling from the tiny embedded platforms (where Windows executes from ROM) all the way up to the multi-terabyte NUMA configurations, taking full advantage of all capabilities of existing and future hardware designs. With each release of Windows, memory management supports many new features and capabilities.

5. References:
i) spx ii)