Looking at Virtual Memory – !vm

This is going to be brief overview at the !vm extension, which provides Virtual Memory statistics. I’ve added the 0x20 flag, since it also provides information about the Kernel’s own memory usage.

The ResAvail (Resident Available Pages) is the number of virtual memory pages currently in physical memory, that would be available if every process only consumed it’s working set minimum. The Available Pages is the combination of virtual and physical memory available to use.

The working set of a process can be seen with the !process extension:

The current values are the default working minimum and maximum values for a process, however, these can be ignored if there is enough memory available to use, and the if the working set hard limits are altered.

The Committed Pages is the number of pages in a process’ address space which contain code and data, and are guaranteed to stay in some form of memory, either it be RAM or on the hard-drive. The Commit Limit is the how many pages can be resident within memory.

The two areas highlighted with the !vm output are good areas to look for pool leaks.

Looking at the Kernel consumption, we can see the current consumption, the highest memory consumption and any recent allocation failures.

Advertisements

About 0x14c

I'm a Computer Science student and writer. My primary interests are Graph Theory, Number Theory, Programming Language Theory, Logic and Windows Debugging.
This entry was posted in Debugging. Bookmark the permalink.

One Response to Looking at Virtual Memory – !vm

  1. VnSpl0it says:

    Great, Thanks !

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s