Hi,
how can I use windbg (kernel debugging mode) to check if a page which has been allocated by a process is locked (cant be paged out)?
Thanks.
I’m not exactly sure about your question, but I’ll start answering it any
way…
As long as there are references to the PFN (!pfn) it won’t be paged out. By
“locked and can’t be paged out” I’ll assume that you mean, “an MDL was built
for the user address and had MmProbeAndLockPages called on it.”
I don’t think you can tell if the reference count specifically came from
MmProbeAndLockPages without searching for and parsing every MDL in the
system. Normally this wouldn’t be possible, but if you set the
TrackLockedPages value you could scan the (undocumented internal) MDL
tracking structure in the process and find the MDL used to lock the pages
(on some versions of Windows !lockedpages will do this for you, on some
versions it won’t work due to missing types).
But, let me ask: why do you care or need to know?
-scott
OSR
@OSRDrivers
wrote in message news:xxxxx@windbg…
Hi,
how can I use windbg (kernel debugging mode) to check if a page which has
been allocated by a process is locked (cant be paged out)?
Thanks.
Set your process context and then:
- Use !wsle 1. If the entry for the page appears before FirstDynamic then
it is locked by using VirtualLock function. - Use !vad or !ps (Vads tab) or !mm from DbgKit
(http://www.andreybazhan.com/dbgkit.html) to see if the page is an AWE or a
Large Page. - Use !pte and !pfn. If Reference Count is greater than 1, then the page is
locked by using Mm*Lock* functions.
–
@AndreyBazhan
http://www.andreybazhan.com
wrote in message news:xxxxx@windbg…
Hi,
how can I use windbg (kernel debugging mode) to check if a page which has
been allocated by a process is locked (cant be paged out)?
Thanks.
As far as I understood entries before FirstDynamic were fixed and represent
pages occupied by the working set list itself. The information you have
shared is new for me. Can you please elaborate a bit on this? Does calling
VirtualLock change the value of FirstDynamic? If yes, why does the memory
manager need to do this specifically for VirtualLock? I mean why it can’t
simply use the dynamic entries in the WSL just like they are used normally.
Thanks
On Fri, Jul 1, 2016 at 5:58 PM, Andrey Bazhan wrote:
> Set your process context and then:
>
> 1. Use !wsle 1. If the entry for the page appears before FirstDynamic then
> it is locked by using VirtualLock function.
> 2. Use !vad or !ps (Vads tab) or !mm from DbgKit (
> http://www.andreybazhan.com/dbgkit.html) to see if the page is an AWE or
> a Large Page.
> 3. Use !pte and !pfn. If Reference Count is greater than 1, then the page
> is locked by using MmLock functions.
>
> –
> @AndreyBazhan
> http://www.andreybazhan.com
>
>
> wrote in message news:xxxxx@windbg…
>
> Hi,
>
> how can I use windbg (kernel debugging mode) to check if a page which has
> been allocated by a process is locked (cant be paged out)?
>
> Thanks.
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
></http:>
Yes.
Because this simplifies working set manager’s job of trimming or emptying working set and increases performance (no need to check each entry if it’s locked).
–
@AndreyBazhan
http://www.andreybazhan.com
“Dhananjay Kumar” wrote in message news:xxxxx@windbg…
As far as I understood entries before FirstDynamic were fixed and represent pages occupied by the working set list itself. The information you have shared is new for me. Can you please elaborate a bit on this? Does calling VirtualLock change the value of FirstDynamic? If yes, why does the memory manager need to do this specifically for VirtualLock? I mean why it can’t simply use the dynamic entries in the WSL just like they are used normally.
Thanks
On Fri, Jul 1, 2016 at 5:58 PM, Andrey Bazhan wrote:
Set your process context and then:
1. Use !wsle 1. If the entry for the page appears before FirstDynamic then it is locked by using VirtualLock function.
2. Use !vad or !ps (Vads tab) or !mm from DbgKit (http://www.andreybazhan.com/dbgkit.html) to see if the page is an AWE or a Large Page.
3. Use !pte and !pfn. If Reference Count is greater than 1, then the page is locked by using MmLock functions.
–
@AndreyBazhan
http://www.andreybazhan.com
wrote in message news:xxxxx@windbg…
Hi,
how can I use windbg (kernel debugging mode) to check if a page which has been allocated by a process is locked (cant be paged out)?
Thanks.
—
WINDBG is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:>