Pd-2
October 17, 2008, 10:10pm
1
Hello,
What does MemCommit flag in vad->u.vadflags represent? I am dumping the VAD
of committed memory location and observed MemCommit flag is not set.
VirtualQuery indeed returned state of the location as committed. Is this
flag used with any other field in MMVAD structure to differentiate reserved
or commited memory?
/Pd
Have you tried using !vad?
Good luck,
mm
IUnknown IUnknown wrote:
Hello,
What does MemCommit flag in vad->u.vadflags represent? I am dumping the
VAD of committed memory location and observed MemCommit flag is not set.
VirtualQuery indeed returned state of the location as committed. Is this
flag used with any other field in MMVAD structure to differentiate
reserved or commited memory?
/Pd
Pd-2
October 19, 2008, 12:46am
3
Yes. For e.g. memory @ 0x360000 is committed and o/p of !vad is as follows;
kd> !vad 82440970 1
VAD @ 82440970
Start VPN 360 End VPN 361 Control Area 00000000
FirstProtoPte 00000000 LastPte 00000000 Commit Charge 2 (2.)
Secured.Flink 0 Blink 0 Banked/Extend 0
File Offset 0
ViewUnmap PrivateMemory NO_ACCESS
kd> dt -b _MMVAD 82440970
nt!_MMVAD
+0x000 StartingVpn : 0x360
+0x004 EndingVpn : 0x361
+0x008 Parent : 0x822962e0
+0x00c LeftChild : (null)
+0x010 RightChild : (null)
+0x014 u : __unnamed
+0x000 LongFlags : 0x98000002
+0x000 VadFlags : _MMVAD_FLAGS
+0x000 CommitCharge : 0y0000000000000000010 (0x2)
+0x000 PhysicalMapping : 0y0
+0x000 ImageMap : 0y0
+0x000 UserPhysicalPages : 0y0
+0x000 NoChange : 0y0
+0x000 WriteWatch : 0y0
+0x000 Protection : 0y11000 (0x18)
+0x000 LargePages : 0y0
+0x000 MemCommit : 0y0
+0x000 PrivateMemory : 0y1
+0x018 ControlArea : 0x1a070004
+0x01c FirstPrototypePte : 0x81f55da0
+0x020 LastContiguousPte : 0x00300012
+0x024 u2 : __unnamed
+0x000 LongFlags2 : 0x8208b690
+0x000 VadFlags2 : _MMVAD_FLAGS2
+0x000 FileOffset : 0y000010001011011010010000 (0x8b690)
+0x000 SecNoChange : 0y0
+0x000 OneSecured : 0y1
+0x000 MultipleSecured : 0y0
+0x000 ReadOnly : 0y0
+0x000 LongVad : 0y0
+0x000 ExtendableFile : 0y0
+0x000 Inherit : 0y0
+0x000 CopyOnWrite : 0y1
So, is there any way I can determine if allocated memory is reserved or
committed?
/Pd
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:
xxxxx@lists.osr.com ] On Behalf Of Martin O’Brien
Sent: Saturday, October 18, 2008 1:14 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] vadflags.MemCommit?
Have you tried using !vad?
Good luck,
mm
IUnknown IUnknown wrote:
Hello,
What does MemCommit flag in vad->u.vadflags represent? I am dumping the
VAD of committed memory location and observed MemCommit flag is not set.
VirtualQuery indeed returned state of the location as committed. Is this
flag used with any other field in MMVAD structure to differentiate
reserved or commited memory?
/Pd
You are currently subscribed to windbg as: xxxxx@vmware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
> So, is there any way I can determine if allocated memory is reserved or
committed?
VadFlags.MemCommit = 0 means the VAD was created as reserved
(without MEM_COMMIT flag). Individual pages might later be
committed using VirtualAlloc(MEM_COMMIT), so you need
to examine each page using !pte to see if it is committed or not.
–
This posting is provided “AS IS” with no warranties, and confers no
rights.
raj_r
October 23, 2008, 4:42pm
5
Memcommit takes two flags as far as i have noticed 0 and 1
0 means just reserved without commiting
1 means reserved and commited
#include <stdio.h>#include <windows.h> int main (void) { char *IunkCommit; char *IunkReserve; IunkCommit = (char )VirtualAlloc(NULL,0x1000,MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE); IunkReserve = (char )VirtualAlloc(NULL,0x1000,MEM_RESERVE,PAGE_EXECUTE_READWRITE); MessageBox(NULL,“LOOPER”,“Looping Till i Windbg”,NULL); VirtualFree(IunkCommit,1,MEM_RELEASE); VirtualFree(IunkReserve,1,MEM_RELEASE); return 0; } lkd> !process 0 7 IunkVirtual.exe PROCESS 85aaab88 SessionId: 0 Cid: 0ad8 Peb: 7ffdc000 ParentCid: 0668 DirBase: 0f2c03a0 ObjectTable: e2defea8 HandleCount: 29. Image: IunkVirtual.exe VadRoot 85cc79a0 Vads 43 Clone 0 Private 81. Modified 78. Locked 0. DeviceMap e2678dd0 Token e2fab708 ElapsedTime 00:29:13.750 UserTime 00:00:00.015 KernelTime 00:00:00.015 QuotaPoolUsage[PagedPool] 34004 QuotaPoolUsage[NonPagedPool] 1720 Working Set Sizes (now,min,max) (151, 50, 345) (604KB, 200KB, 1380KB) PeakWorkingSetSize 497 VirtualSize 20 Mb PeakVirtualSize 20 Mb PageFaultCount 641 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 122 THREAD 85aaa910 Cid 0ad8.01ac Teb: 7ffdf000 Win32Thread: e1446008 WAIT: (WrUserRequest) UserMode Non-Alertable 85b309b0 SynchronizationEvent Not impersonating DeviceMap e2678dd0 Owning Process 85aaab88 Image: IunkVirtual.exe Attached Process N/A Image: N/A Wait Start TickCount 1365131 Ticks: 111395 (0:00:29:00.546) Context Switch Count 242 LargeStack UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x00401000 Start Address 0x7c810867 Stack Init a8a27000 Current a8a26cb0 Base a8a27000 Limit a8a22000 Call 0 Priority 12 BasePriority 8 PriorityDecrement 2 DecrementCount 16 Kernel stack not resident. lkd> !vad 85cc79a0 VAD level start end commit 8646bcf0 ( 2) 10 10 1 Private READWRITE 85ad4510 ( 3) 20 20 1 Private READWRITE 85b1d448 ( 4) 30 12f 4 Private READWRITE 85aeea68 ( 5) 130 132 0 Mapped READONLY 85b1d5a0 ( 6) 140 23f 16 Private READWRITE 85b462d0 ( 7) 240 24f 6 Private READWRITE 85b1d530 ( 8) 250 25f 0 Mapped READWRITE 85b3b908 ( 9) 260 275 0 Mapped READONLY 85be19b8 (10) 280 2bc 0 Mapped READONLY 85b47fd8 (11) 2c0 300 0 Mapped READONLY 85ac2200 (12) 310 315 0 Mapped READONLY 85b4e758 (13) 320 3e7 0 Mapped EXECUTE_READ 85b163a0 (14) 3f0 3f0 1 Private READWRITE 85b4e788 ( 1) 400 411 5 Mapped Exe EXECUTE_WRITECOPY 85acdd18 ( 3) 420 522 0 Mapped READONLY 85b1d560 ( 2) 530 82f 0 Mapped EXECUTE_READ 85b4f178 ( 4) 830 830 1 Private READWRITE 85b27ab8 ( 3) 840 c3f 16 Private NO_ACCESS 85b1db30 ( 5) c40 c40 1 Private EXECUTE_READWRITE 85b275a0 ( 4) c50 c50 0 Private EXECUTE_READWRITE 85b27f68 ( 6) c60 c6f 5 Private READWRITE 85b25220 ( 7) c70 c72 0 Mapped READONLY 86276e58 ( 5) c80 ccf 0 Mapped READONLY 85ae9db8 ( 7) cd0 cd0 0 Mapped READWRITE 85b35308 ( 8) ce0 d1f 0 Mapped READWRITE 85ade4f0 ( 9) d20 d5f 0 Mapped READWRITE 85cabb10 (10) d70 def 0 Mapped READWRITE 85adc230 ( 6) 5ad70 5ada7 2 Mapped Exe EXECUTE_WRITECOPY 85af7c00 ( 9) 605d0 605d8 2 Mapped Exe EXECUTE_WRITECOPY 85ac2300 ( 8) 74720 7476a 3 Mapped Exe EXECUTE_WRITECOPY 85b0e198 ( 9) 77120 771ab 4 Mapped Exe EXECUTE_WRITECOPY 85b40c38 (10) 774e0 7761b 8 Mapped Exe EXECUTE_WRITECOPY 85b20258 ( 7) 77c10 77c67 7 Mapped Exe EXECUTE_WRITECOPY 85cc79a0 ( 0) 77d40 77dcf 2 Mapped Exe EXECUTE_WRITECOPY 85ae9128 ( 4) 77dd0 77e6a 5 Mapped Exe EXECUTE_WRITECOPY 85b1a6f0 ( 5) 77e70 77f00 1 Mapped Exe EXECUTE_WRITECOPY 85cb3cf0 ( 3) 77f10 77f55 1 Mapped Exe EXECUTE_WRITECOPY 85ad12d0 ( 2) 7c800 7c8f3 5 Mapped Exe EXECUTE_WRITECOPY 85b1da90 ( 1) 7c900 7c9af 5 Mapped Exe EXECUTE_WRITECOPY 85acc170 ( 3) 7f6f0 7f7ef 0 Mapped EXECUTE_READ 85ac8928 ( 2) 7ffb0 7ffd3 0 Mapped READONLY 85be3e18 ( 3) 7ffdc 7ffdc 1 Private READWRITE 85b16e70 ( 4) 7ffdf 7ffdf 1 Private READWRITE Total VADs: 43 average level: 6 maximum depth: 14 lkd> !vad 85b1db30 1 VAD @ 85b1db30 Start VPN c40 End VPN c40 Control Area 00000000 FirstProtoPte 00000000 LastPte 00000000 Commit Charge 1 (1.) Secured.Flink 0 Blink 0 Banked/Extend 0 File Offset 0 ViewUnmap MemCommit PrivateMemory EXECUTE_READWRITE lkd> !vad 85b275a0 1 VAD @ 85b275a0 Start VPN c50 End VPN c50 Control Area 00000000 FirstProtoPte 00000000 LastPte 00000000 Commit Charge 0 (0.) Secured.Flink 0 Blink 0 Banked/Extend 0 File Offset 0 ViewUnmap PrivateMemory EXECUTE_READWRITE lkd> dt -b nt!_MMVAD u.VadFlags.MemCommit 85b1db30 +0x014 u : +0x000 VadFlags : +0x000 MemCommit : 0y1 lkd> dt -b nt!_MMVAD u.VadFlags.MemCommit 85b275a0 +0x014 u : +0x000 VadFlags : +0x000 MemCommit : 0y0 BaseAddress: 00c40000 RegionSize: 00001000 State: 00001000 MEM_COMMIT Protect: 00000040 PAGE_EXECUTE_READWRITE Type: 00020000 MEM_PRIVATE BaseAddress: 00c41000 RegionSize: 0000f000 State: 00010000 MEM_FREE Protect: 00000001 PAGE_NOACCESS BaseAddress: 00c50000 RegionSize: 00001000 State: 00002000 MEM_RESERVE Type: 00020000 MEM_PRIVATE BaseAddress: 00c51000 RegionSize: 0000f000 State: 00010000 MEM_FREE Protect: 00000001 PAGE_NOACCESS regards raj_r On 10/19/08, IUnknown wrote: > > > Yes. For e.g. memory @ 0x360000 is committed and o/p of !vad is as follows; > > > > > kd> !vad 82440970 1 > > VAD @ 82440970 > Start VPN 360 End VPN 361 Control Area 00000000 > FirstProtoPte 00000000 LastPte 00000000 Commit Charge 2 (2.) > Secured.Flink 0 Blink 0 Banked/Extend 0 > File Offset 0 > ViewUnmap PrivateMemory NO_ACCESS > > > > > > kd> dt -b _MMVAD 82440970 > nt!_MMVAD > +0x000 StartingVpn : 0x360 > +0x004 EndingVpn : 0x361 > +0x008 Parent : 0x822962e0 > +0x00c LeftChild : (null) > +0x010 RightChild : (null) > +0x014 u : __unnamed > +0x000 LongFlags : 0x98000002 > +0x000 VadFlags : _MMVAD_FLAGS > +0x000 CommitCharge : 0y0000000000000000010 (0x2) > +0x000 PhysicalMapping : 0y0 > +0x000 ImageMap : 0y0 > +0x000 UserPhysicalPages : 0y0 > +0x000 NoChange : 0y0 > +0x000 WriteWatch : 0y0 > +0x000 Protection : 0y11000 (0x18) > +0x000 LargePages : 0y0 > +0x000 MemCommit : 0y0 > +0x000 PrivateMemory : 0y1 > +0x018 ControlArea : 0x1a070004 > +0x01c FirstPrototypePte : 0x81f55da0 > +0x020 LastContiguousPte : 0x00300012 > +0x024 u2 :__unnamed > +0x000 LongFlags2 : 0x8208b690 > +0x000 VadFlags2 : _MMVAD_FLAGS2 > +0x000 FileOffset : 0y000010001011011010010000 (0x8b690) > +0x000 SecNoChange : 0y0 > +0x000 OneSecured : 0y1 > +0x000 MultipleSecured : 0y0 > +0x000 ReadOnly : 0y0 > +0x000 LongVad : 0y0 > +0x000 ExtendableFile : 0y0 > +0x000 Inherit : 0y0 > +0x000 CopyOnWrite : 0y1 > > > > > So, is there any way I can determine if allocated memory is reserved or > committed? > > > > > /Pd > > > > > -----Original Message----- > From: xxxxx@lists.osr.com > [mailto:xxxxx@lists.osr.com ] On Behalf Of > Martin O’Brien > Sent: Saturday, October 18, 2008 1:14 PM > To: Kernel Debugging Interest List > Subject: Re:[windbg] vadflags.MemCommit? > > > > Have you tried using !vad? > > > > Good luck, > > > > mm > > > > IUnknown IUnknown wrote: > > > Hello, > > > > > > What does MemCommit flag in vad->u.vadflags represent? I am dumping the > > > VAD of committed memory location and observed MemCommit flag is not set. > > > VirtualQuery indeed returned state of the location as committed. Is this > > > flag used with any other field in MMVAD structure to differentiate > > > reserved or commited memory? > > > > > > /Pd > > > > — > > You are currently subscribed to windbg as: xxxxx@vmware.com > > To unsubscribe send a blank email to > xxxxx@lists.osr.com— You are currently > subscribed to windbg as: xxxxx@gmail.com To unsubscribe send a blank > email to xxxxx@lists.osr.com </windows.h></stdio.h>