Obtaining pagefile number programmatically?

OSR_Community_User · November 8, 2012, 10:26am

Is there any way to obtain the pagefile number of a pagefile
programmatically on a running system? The win32_PageFile WMI class
doesn’t appear to include this value which is needed to interpret soft
PTE entries. I know how to obtain this information from a crash dump.
But that is not something that I can do from a running system.

Regards,

gmg.

Doron_Holan · November 8, 2012, 12:13pm

Why at runtime? What problem are you trying to solve?

d

debt from my phone

From: George M. Garner Jr.
Sent: 11/8/2012 7:27 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Obtaining pagefile number programmatically?

Is there any way to obtain the pagefile number of a pagefile
programmatically on a running system? The win32_PageFile WMI class
doesn’t appear to include this value which is needed to interpret soft
PTE entries. I know how to obtain this information from a crash dump.
But that is not something that I can do from a running system.

Regards,

gmg.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Igor_Sharovar · November 8, 2012, 2:52pm

>Is there any way to obtain the pagefile number of a pagefile programmatically on a running >system? The win32_PageFile WMI class doesn’t appear to include this value which is needed to >interpret soft PTE entries. I know how to obtain this information from a crash dump. But that is not >something that I can do from a running system.

You may get such information from Windows Registry.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles contains information about paths of page files in the system. You need to parse this string to find how many page files are in a system.

Igor Sharovar

OSR_Community_User · November 8, 2012, 3:45pm

On 11/8/2012 2:54 PM, xxxxx@hotmail.com wrote:

> Is there any way to obtain the pagefile number of a pagefile programmatically on a running >system? The win32_PageFile WMI class doesn’t appear to include this value which is needed to >interpret soft PTE entries. I know how to obtain this information from a crash dump. But that is not >something that I can do from a running system.

You may get such information from Windows Registry.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles contains information about paths of page files in the system. You need to parse this string to find how many page files are in a system.

Igor Sharovar

Thanks, Igor. That registry value appears to give the path, maximum
size and minimum size, in that order. Unfortunately, the page file
number is not included. The registry key provides configuration
information. Presumably, the OS will initialize the page files
according to the information in the registry, but I wouldn’t bet that
the instant values on a running system always match what was configured.
In fact, the system that I am looking at now has two page files
configured in the registry, the second with a zero minimum and maximum
size. But only one page file is actually initialized in memory.

To answer Doron’s question, I don’t absolutely need to do this at
runtime. The alternative is to pull this information out of the dump
file later and try to match up the file paths. However, a more robust
and reliable solution would be to store this information along with the
page file when it is acquired, assuming that there is some standard way
to access this metadata. We would prefer to develop a robust and
reliable solution here. Not sure how you do things over at MS.

Regards,

George.

Igor_Sharovar · November 8, 2012, 6:34pm

>Unfortunately, the page file number is not included. The registry key provides configuration >information.
If you will have two page files in the system it would show two paths in Windows Registry.
You could verify it easily by setting another file in Computer/Property/Advanced/Performance Options/Virtual memory/ Change.

Igor Sharovar

Pavel_Lebedinsky · November 8, 2012, 9:40pm

Can you describe in more detail what you are trying to do?

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of George M. Garner Jr.
Sent: Thursday, November 8, 2012 12:45 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining pagefile number programmatically?

To answer Doron’s question, I don’t absolutely need to do this at runtime. The alternative is to pull this information out of the dump file later and try to match up the file paths. However, a more robust and reliable solution would be to store this information along with the page file when it is acquired, assuming that there is some standard way to access this metadata. We would prefer to develop a robust and reliable solution here. Not sure how you do things over at MS.

Pavel_Lebedinsky · November 8, 2012, 9:44pm

> If you will have two page files in the system it would show two paths in Windows Registry.

Unless one or both pagefiles were deleted from the registry and the system hasn’t been rebooted yet. Or maybe registry actually has more than 2 pagefile entries but some of them couldn’t be created for whatever reason.

OSR_Community_User · November 12, 2012, 12:22pm

On 11/8/2012 9:39 PM, Pavel Lebedynskiy wrote:

Can you describe in more detail what you are trying to do?

-----Original Message-----

Pavel,

Thanks for taking the time to respond to this post. If you look at the
thread over on the windbg list entitled, “Using a pagefile with windbg,”
you will see one possible application. Windbg apparently has long had
the ability to add a pagefile as a dump information file (see
documentation). This can be useful for debugging or other purposes. To
add a pagefile to windbg the pagefile needs to be formatted with a
special header. Unfortunately, MS has never bothered to document the
contents of the header or explain how to format a pagefile to make it
useful with windbg. However, we know that at a minimum the header will
need to contain the pagefile number or index. Soft PTE’s don’t contain
a file path. They contain an index. So my thought was that it would be
simpler to record this information at the time that the pagefile was
acquired. The alternative is to extract the index from the appropriate
structure in the dump file later and try to match original file paths.
Obtaining the index at runtime would be simpler (and therefore more
reliable) if there were some supported way to get the OS to cough the
information up. But that doesn’t appear to be the case.

Regards,

George.

OSR_Community_User · November 19, 2012, 12:48am

It would seem that there is no way to obtain system pagefile information
for the swap file on Windows 8. The swap file is filtered out by WMI
and the SystemPagefileInformation class. The swap file is really just a
pagefile with a special purpose. The usage statistics are of interest
for the swap file for the same reasons that they are of interest for
other pagefiles. Hopefully a new information class will be added to a
future release with more reliable pagefile information, including the
pagefile index.

Regards,

gmg.