本文为原创翻译,采用中英对照,译注是自行添加的说明,内容会持续更新,翻译速度大约是一天1~2页原文,本文仅翻译下册第10章,上册的所有章节已经有中文版实体书和PDF版,可以搜索相关信息;个人所学有限,译文的错误之处还请提出指正,不胜感激。
第一部分译文预计翻译的内容如下:
CHAPTER 10
Memory Management
In this chapter, you’ll learn how Windows implements virtual memory and how it manages the subset of virtual memory kept in physical memory. We’ll also describe the internal structure and components that make up the memory manager, including key data structures and algorithms. Before
examining these mechanisms, we’ll review the basic services provided by the memory manager and key concepts such as reserved memory versus committed memory and shared memory.
第10章:内存管理
在本章中,你将学习windows如何实现虚拟内存,以及如何管理驻留在物理内存中的虚拟内存子集。我们也会描述组成“windows内存管理器”的内部结构和组件,包括关键数据结构和算法。
在考察这些机制之前,我们先回顾一下内存管理器提供的基础服务,以及诸如 reserved memory , committed memory ,shared memory 这些重要概念。
Introduction to the Memory Manager
By default, the virtual size of a process on 32-bit Windows is 2 GB. If the image is marked specifically as large address space aware, and the system is booted with a special option (described later in this chapter), a 32-bit process can grow to be 3 GB on 32-bit Windows and to 4 GB on 64-bit Windows.
The process virtual address space size on 64-bit Windows is 7,152 GB on IA64 systems and 8,192 GB on x64 systems. (This value could be increased in future releases.)
windows内存管理器简介
默认情况下,32位windows上的一个进程的虚拟大小(地址空间)为2GB,如果该进程对应的二进制映像文件被特别标注了“large address space aware”(察觉到大地址空间),并且系统以特殊选项引导(本章稍后讨论),那么32位进程在32位windows上的虚拟大小可达到3GB;在64位windows上的虚拟大小可达到4GB;运行在Intel IA-64体系结构的64位windows上的64位进程的虚拟地址空间大小为7152GB;在x64体系结构上则为8192GB;(在处理器硬件和操作系统软件的后续发布版中,这些值可能会增大)
As you saw in Chapter 2, “System Architecture,” in Part 1 (specifically in Table 2-2), the maximum amount of physical memory currently supported by Windows ranges from 2 GB to 2,048 GB, depending on which version and edition of Windows you are running. Because the virtual address space
might be larger or smaller than the physical memory on the machine, the memory manager has two primary tasks:
■ Translating, or mapping, a process’s virtual address space into physical memory so that when a thread running in the context of that process reads or writes to the virtual address space, the correct physical address is referenced. (The subset of a process’s virtual address space that is
physically resident is called the working set. Working sets are described in more detail later in this chapter.)
■ Paging some of the contents of memory to disk when it becomes overcommitted―that is, when running threads or system code try to use more physical memory than is currently available― and bringing the contents back into physical memory when needed.
另一方面,在本书上册第二章“系统架构”中的表2-2提到,windows当前支持的最大物理内存从2GB到2048GB不等,这取决于你运行的windows版本和位数;由于虚拟地址空间可能比机器上安装的物理内存总量要大,也有可能比它小;因此内存管理器的二个主要任务为:
■ 将一个进程的虚拟地址空间翻译或映射成物理内存,从而使运行在该进程上下文中的线程读写虚拟地址空间时,能够引用正确的物理地址。
(windows将驻留在物理内存中的进程虚拟地址空间子集称为“工作集”,它的更多细节将在本章后面描述)
■ 当物理内存过载时(例如,当运行的线程或内核代码尝试请求比当前可用的更多内存时),将其中部分内容换出至磁盘,以及在需要时将这些内容换回(入)物理内存。
In addition to providing virtual memory management, the memory manager provides a core set of services on which the various Windows environment subsystems are built. These services include memory mapped files (internally called section objects), copy-on-write memory, and support for applications using large, sparse address spaces. In addition, the memory manager provides a way for a process to allocate and use larger amounts of physical memory than can be mapped into the process virtual address space at one time (for example, on 32-bit systems with more than 3 GB of physical memory). This is explained in the section “Address Windowing Extensions” later in this chapter.
除了提供虚拟内存管理服务外,内存管理器还为构建其上的各种windows环境子系统提供一组核心服务;这些服务包括内存映射文件(在windows中叫做section objects),写时复制内存,以及支持应用程序使用大规模,稀疏(非连续)的地址空间。此外,内存管理器提供了一种方法,给进程一次性分配和使用大量的物理内存,甚至可以超过该进程能够映射的虚拟地址空间上限(例如,在32位系统上,可以分配多于3GB的物理内存)。在本章后面的“Address Windowing
Extensions”(地址窗口扩展?)部分,将对其进行解释。
Note
There is a Control Panel applet that provides control over the size, number, and locations of the paging files, and its nomenclature suggests that “virtual memory” is the same thing as the paging file. This is not the case. The paging file is only one aspect of virtual memory. In fact, even if you run with no page file at all, Windows will still be using virtual memory. This distinction is explained in more detail later in this chapter.
注意:
在控制面板中有一项提供对页面文件的大小,数量,以及位置的控制(译注:即“系统”选项卡-> 高级系统设置 ->高级选项卡 -> 单击性能栏目的“设置”,再切换到“高级选项卡”,单击“虚拟内存”栏目的“更改”);其命名法指出“virtual memory”(虚拟内存)与分页文件是相同的概念;情况并非如此。分页文件仅仅是虚拟内存的一个方面。实际上,即便你设置成完全不使用页面文件,windows将依旧使用虚拟内存。本章后面将详细解释这之间的区别。
Memory Manager Components
The memory manager is part of the Windows executive and therefore exists in the file Ntoskrnl.exe.
No parts of the memory manager exist in the HAL. The memory manager consists of the following components:
■ A set of executive system services for allocating, deallocating, and managing virtual memory,most of which are exposed through the Windows API or kernel-mode device driver interfaces
■ A translation-not-valid and access fault trap handler for resolving hardware-detected memory management exceptions and making virtual pages resident on behalf of a process
内存管理器的组件
内存管理器是windows执行体的一部分,因此它存在于文件 Ntoskrnl.exe 之中。内存管理器没有任何部分是位于HAL(译注:硬件抽象层)中的。内存管理器由下列组件构成:
■ 一组用于分配,释放,以及管理虚拟内存的执行体系统服务,其中多数通过Windows API或者内核模式设备驱动接口对外暴露;
■ 一个翻译无效和访问错误陷阱处理程序,用于解决硬件探测到的内存管理异常,以及为一个进程分配驻留在物理内存中的虚拟页;(这句翻译的不好,原文是A translation-not-valid and access fault trap handler for resolving hardware-detected memory management exceptions and making virtual pages resident on behalf of a process。谁知道怎么翻译较好?)
■ Six key top-level routines, each running in one of six different kernel-mode threads in the System process (see the experiment “Mapping a System Thread to a Device Driver,” which shows how to identify system threads, in Chapter 2 in Part 1):
■ 6个关键的顶级(译注:这里应该是任务的调度优先级,数值越大,优先级越高)例程,每个例程运行着System进程中6种不同的内核模式线程之一(回顾上册第2章的实验“将一个系统线程映射到一个设备驱动”,该实验展示了辨别系统线程的方法):
1. The balance set manager (KeBalanceSetManager, priority 16). It calls an inner routine, the working set manager (MmWorkingSetManager), once per second as well as when free memory falls below a certain threshold. The working set manager drives the overall memory management policies, such as working set trimming, aging, and modified page writing.
1. balance set manager(KeBalanceSetManager,平衡集管理器,优先级16 )。它调用一个内部例程,叫做working set manager
(MmWorkingSetManager,工作集管理器)后者每秒被调用一次;此外,当可用内存低于某个阈值时,它也会被调用。工作集管理器会驱动整体的内存管理策略,例如工作集大小微调(裁剪),增加页面的使用年龄(译注:用于页面置换算法确定最近最少使用的页面,作为牺牲页换出内存),以及在修改过的页面换出内存前,将其写回磁盘上的交换空间(分页文件)。
2. The process/stack swapper (KeSwapProcessOrStack, priority 23) performs both process and kernel thread stack inswapping and outswapping. The balance set manager and the thread-scheduling code in the kernel awaken this thread when an inswap or outswap operation needs to take place.
2. process/stack swapper(KeSwapProcessOrStack, 进程/栈交换器,优先级23)。执行进程与内核线程栈的换入换出操作。平衡集管理器与内核中的线程调度代码(译注:即操作系统调度器;在Linux和UNIX上,任务调度通常以进程为单位,而windows则支持线程粒度的调度)在需要进行换入和换出操作时,就会唤醒这个线程。(译注:在UNIX变体如4.3BSD上,执行相同任务的是一个叫做swapper的系统进程,通常在系统的空闲物理页框即物理内存不足,或者某些进程长时间没有获得调度从而变成非活动进程时,swapper进程和windows的
process/stack swapper线程被唤醒,将这些进程换出内存,从而释放空间)
3. The modified page writer (MiModifiedPageWriter, priority 17) writes dirty pages on the modified list back to the appropriate paging files. This thread is awakened when the size of the modified list needs to be reduced.
3. modified page writer (MiModifiedPageWriter, 已修改页面写回器,优先级17)。将已修改页列表中的“脏”页写回适当的分页文件。(译注:通常由处理器的组件MMU,即内存管理单元在向一个PTE页表项负责的4KB地址空间中某个地址写入数据时设置该PTE的修改位,Dirty bit ,即脏位;内核通过该位的值来判断是否应该先写回硬盘上的分页文件;Intel x86/64体系结构中,提供了一条特权指令供内核清除该位) 。当需要减小已修改页列表的尺寸时,该线程就会被唤醒。
4. The mapped page writer (MiMappedPageWriter, priority 17) writes dirty pages in mapped files to disk (or remote storage). It is awakened when the size of the modified list needs to be reduced or if pages for mapped files have been on the modified list for more than 5 minutes. This second modified page writer thread is necessary because it can generate page faults that result in requests for free pages. If there were no free pages and there was only one modified page writer thread, the system could deadlock waiting for free pages.
4. mapped page writer (MiMappedPageWriter, 映射页面写入器,优先级17)。将从磁盘文件映射到内存的“脏”页写回磁盘(或远程存储),以更新修改结果。当需要减小已修改页列表的尺寸,或者映射文件的页面位于已修改页列表超过5分钟,该线程就会被唤醒。(这第二个)映射页面写入器线程是必须的;如果只有一个已修改页面写回器线程,并且当前没有空闲页面,它可能生成由请求空闲页面而导致的页面错误,此时该线程将被阻塞在等待产生空闲页面事件,但是又没有第二个能够释放页面的线程可供调度,于是整个系统会进入死锁状态来等待可用页面。(译注:这段译文经过自行润色,原文直译不好理解,希望没有偏离作者要表达的意思)
5. The segment dereference thread (MiDereferenceSegmentThread, priority 18) is responsible for cache reduction as well as for page file growth and shrinkage. (For example, if there is no virtual address space for paged pool growth, this thread trims the page cache so that the paged pool used to anchor it can be freed for reuse.)
5. segment dereference thread (MiDereferenceSegmentThread, 暂译为“内存段解引用线程”,优先级 18)。负责减少系统高速缓存数量(译注:这里不是CPU芯片内的硬件L1~L3 cache,应该是指windows将磁盘上的分页文件用作物理内存的高速缓存这一概念)以及负责分页文件的增长和收缩。(例如,若没有虚拟地址空间用于分页池增长,该线程将裁剪页面缓存的大小,从而用于分页池的稳定释放和重用)(译注:这句也不太好翻译,原文是For example, if there is no virtual address space for paged pool growth, this thread trims the page cache so that the paged pool used to anchor it can be freed for reuse )
6. The zero page thread (MmZeroPageThread, base priority 0) zeroes out pages on the free list so that a cache of zero pages is available to satisfy future demand-zero page faults.
Unlike the other routines described here, this routine is not a top-level thread function but is called by the top-level thread routine
Phase1Initialization. MmZeroPageThread never returns to its caller, so in effect the Phase 1 Initialization thread becomes the zero page thread by calling this routine. Memory zeroing in some cases is done by a faster function called MiZeroInParallel. See the note in the section “Page List Dynamics” later in this chapter.
Each of these components is covered in more detail later in the chapter.
6. zero page thread (译注:MmZeroPageThread,零页线程,基础优先级为 0,该线程属于可变优先级类线程,此类线程的当前优先级以基础优先级为下限,可以动态变化,例如,当此类线程由于等待I/O事件而被挂起,内核在调度运行其它就绪线程前,将提升此类线程的当前优先级;当此类线程用完了本次分配给它的时间片而被挂起,内核降低其当前优先级,并用于下一轮调度时判断的标准)。零页线程将空闲页列表(译注:可能通过类似单向链表的数据结构实现)中的页全部用0填充,然后换出内存,从而使得分页文件缓存中有全0的页面可用于满足将来的“零页需求”类型的页面错误,并且能够被换入内存。与这里描述的其它5类例程不同,此例程并非顶级线程函数,但是它会被一个叫做 Phase1Initialization 的顶级线程例程调用;(译注: Phase1Initialization 是系统启动时,初始化内核与执行体的第二阶段函数,第一阶段由 Phase0Initialization函数负责)。零页线程从不返回(给它的调用者),因此实际上,Phase1 初始化线程函数(在最后)通过调用此例程变成零页线程。内存清零操作有时候通过一个叫“MiZeroInParallel”的函数完成,其速度更快。更多细节请查看本章后面的“Page List Dynamics”(动态页列表?直译。。。);本章后面会涵盖每个内存管理器组件的更多细节。
Internal Synchronization
Like all other components of the Windows executive, the memory manager is fully reentrant and supports simultaneous execution on multiprocessor systems―that is, it allows two threads to acquire resources in such a way that they don't corrupt each other's data. To accomplish the goal of being fully reentrant, the memory manager uses several different internal synchronization mechanisms, such as spinlocks, to control access to its own internal data structures. (Synchronization objects are discussed in Chapter 3, “System Mechanisms,” in Part 1.)
Some of the systemwide resources to which the memory manager must synchronize access include:
■ Dynamically allocated portions of the system virtual address space
■ System working sets
■ Kernel memory pools
■ The list of loaded drivers
■ The list of paging files
■ Physical memory lists
■ Image base randomization (ASLR) structures
■ Each individual entry in the page frame number (PFN) database
Per-process memory management data structures that require synchronization include the working set lock (held while changes are being made to the working set list) and the address space lock (held whenever the address space is being changed). Both these locks are implemented using
pushlocks.
内部同步
正如windows执行体的所有其它组件一样,内存管理器是完全可重入的,并且支持在多处理器系统上同时执行――换句话说,以这样的方式能够允许2个线程在不损坏彼此数据的情况下获取资源。为了实现可完全重入这一目标,内存管理器使用了几种不同的内部同步机制,例如自旋锁,用于控制对系统自身内部数据结构的访问(同步对象在本书上册第3章“系统机制”中讨论)
内存管理器必须对其访问进行同步化的一些系统范围资源包括:
■ 系统虚拟地址空间的动态分配部分;
■ 系统工作集;
■ 内核内存池;
■ 已加载驱动程序的列表;
■ 分页文件列表;
■ 物理内存列表;
■ 映像(加载)基址随机化(ASLR)结构;
■ 页框号(PFN)数据库中,每个单独的条目;(译注:这里的页框号数据库,类似操作系统维护的页表;页框号即物理页号;页表中的每个条目称为页表项,即PTE)
每一个进程与内存管理相关的数据结构中,需要同步的包括:工作集锁(当工作集列表正在变更时持有该锁),地址空间锁(每当地址空间正被改变时持有该锁)。这些锁都使用推锁(pushlocks)实现。
Examining Memory Usage
The Memory and Process performance counter objects provide access to most of the details about system and process memory utilization. Throughout the chapter, we'll include references to specific
performance counters that contain information related to the component being described. We've included relevant examples and experiments throughout the chapter. One word of caution, however:
different utilities use varying and sometimes inconsistent or confusing names when displaying memory information. The following experiment illustrates this point. (We'll explain the terms used in this example in subsequent sections.)
审查内存使用
“内存与进程性能计数器对象”提供对绝大多数与系统和进程内存使用率细节相关的访问。贯穿本章,我们将引用特定性能计数器,这些计数器包含与本章描述的内存管理器组件有关的信息,我们也涵盖了相应的例子与实验。然而,需要提醒一下:当显示内存信息时,不同的工具使用不同的――有时是不一致或让人困惑的名称。下面的实验说明了这一点。(我们将在后续部分解释这个例子中使用的术语)
EXPERIMENT: Viewing System Memory Information
The Performance tab in the Windows Task Manager, shown in the following screen shot, displays basic system memory information. This information is a subset of the detailed memory information available through the
performance counters. It includes data on both physical and virtual memory usage.
实验:查看系统内存信息
如下的屏幕截图所示,windows任务管理器中的性能标签,显示基本的系统内存信息,这个信息仅是性能计数器提供的详细内存信息的一组子集,它包含物理内存和虚拟内存使用率相关的数据。
(原文使用EN-US语系的系统截图,我把它替换成自己机器上的ZH-CN语系截图,主要是方便大家对照下面的表格来理解图中每个术语的含义)
The following table shows the meaning of the memory-related values.
下表解释任务管理器中使用的内存相关术语的含义:
Memory bar histogram 内存的条柱形图 |
Bar/chart line height shows physical memory in use by Windows (not available as a performance counter). The remaining height of the graph is equal to the Available counter in the Physical Memory section, described later in the table. The total height of the graph is equal to the Total counter in that section. This represents the total RAM usable by the operating system, and does not include BIOS shadow pages, device memory, and so on. 该条柱形图的行高显示windows使用的物理内存情况(亮绿色区域,该区域没有相应的性能计数器)。该图中剩余的高度(暗绿色区域)相当于“物理内存(MB)”栏位中的“可用”计数器,后续的表格会讲到。该图的总高度相当于栏位中的“总数”计数器;总数表示操作系统能够使用的物理内存总量,并且不包含BIOS shadow pages(直译为BIOS影子页面,也就是将一些外围硬件设备自带的 BIOS ROM 映射到系统内存)与设备内存等(将一些外围硬件设备自带的存储器或缓存映射到系统内存)。 |
Physical Memory (MB): Total 物理内存(以MB,百万字节为单位):总数 |
Physical memory usable by Windows 即windows可用的物理内存,如前所述,等于内存条形图的总高; |
Physical Memory (MB): Cached 已缓存 |
Sum of the following performance counters in the Memory object: Cache Bytes, Modified Page List Bytes, Standby Cache Core Bytes, Standby Cache Normal Priority Bytes, and Standby Cache Reserve Bytes (all in Memory object) 内存对象中的一些性能计数器总合,包括Cache Bytes,Modified Page List Bytes,Standby Cache Core Bytes,Standby Cache Normal Priority Bytes,以及 Standby Cache Reserve Bytes(译注:这里保持原文,避免翻译引起的语义准确性争议) |
Physical Memory (MB):Available 可用 |
Amount of memory that is immediately available for use by the operating system, processes, and drivers. Equal to the combined size of the standby, free, and zero page lists. 可以由操作系统,进程,驱动程序立即使用的物理内存数量,它等于备用(standby),空闲(free),以及零页列表(zero page lists)三者之和。(译注:打开任务管理器中的资源监视器 ,在“物理内存”栏目中通过简单的加法即可验证,需要注意,简体中文语系windows 7 客户机系列的翻译出了一点小错误:最右边的方格图例应该是“空闲”,而非“可用”) |
Physical Memory (MB): Free 空闲 |
Free and zero page list bytes 空闲页和零页列表中的页面总字节(译注:系统自身给出的解释为“不包含任何有价值数据<零页?>,以及当进程,驱动程序,操作系统需要更多内存时将首先使用的内存”) |
Kernel Memory (MB): Paged 内核内存(以MB,百万字节为单位):分页数 |
Pool paged bytes. This is the total size of the pool, including both free and allocated regions 分页池的总字节,包含空闲和已分配区域; |
Kernel Memory (MB): Nonpaged 未分页数 |
Pool nonpaged bytes. This is the total size of the pool, including both free and allocated regions 不可分页池的总字节,包含空闲和已分配区域; |
System: Commit (two numbers shown) 系统栏位中的“提交”(以GB,十亿字节为单位) |
Equal to performance counters Committed Bytes and Commit Limit, respectively 前后显示2个数字,分别等于Committed Bytes和Commit Limit这2个性能计数器; |
To see the specific usage of paged and nonpaged pool, use the Poolmon utility, described in the “Monitoring Pool Usage” section.
使用在“监控页面池使用率”小节中讨论的工具Poolmon,可以查看分页池和非分页池的具体使用情况。
The Process Explorer tool from Windows Sysinternals (http://www.microsoft.com/technet/sysinternals) can show considerably more data about physical and virtual memory. On its main screen, click View and then System Information, and then choose the Memory tab. Here is
an example display from a 32-bit Windows system:
来自Windows Sysinternals (http://www.microsoft.com/technet/sysinternals) 的Process Explorer(进程浏览器或进程资源管理器)能够显示更多有关物理内存和虚拟内存的数据。在其主界面中,单击View菜单->System Information,在打开的界面中选择Memory选项卡即可查看。下面这个显示的例子来自一个32位的windows系统:
We will explain most of these additional counters in the relevant sections later in this chapter.
Two other Sysinternals tools show extended memory information:
■ VMMap shows the usage of virtual memory within a process to an extremely fine level of detail.
■ RAMMap shows detailed physical memory usage.
These tools will be featured in experiments found later in this chapter.
Finally, the !vm command in the kernel debugger shows the basic memory management information available through the memory-related
performance counters. This command can be useful if you're looking at a crash dump or hung system. Here's an example of its output from a 4-GB Windows client system:
我们将在本章后续相关部分解释这些附加的计数器。
另外2个Sysinternals工具能够显示扩展的内存信息:
■ VMMap将一个进程内的虚拟内存使用情况显示到一个极端细致的水平;
■ RAMMap显示物理内存使用情况的细节;
本章后续将通过实验来展示这些工具的特色。
最后,内核调试器中的 !vm 命令通过内存相关的性能计数器显示可用的基本内存管理信息。如果你正检查一个崩溃转储或挂掉的系统,该命令可能有用。下面的例子来自于一个4GB物理内存的windows客户机系统上的输出:
1: kd> !vm *** Virtual Memory Usage *** Physical Memory: 851757 ( 3407028 Kb) Page File: \??\C:\pagefile.sys Current: 3407028 Kb Free Space: 3407024 Kb Minimum: 3407028 Kb Maximum: 4193280 Kb Available Pages: 699186 ( 2796744 Kb) ResAvail Pages: 757454 ( 3029816 Kb) Locked IO Pages: 0 ( 0 Kb) Free System PTEs: 370673 ( 1482692 Kb) Modified Pages: 9799 ( 39196 Kb) Modified PF Pages: 9798 ( 39192 Kb) NonPagedPool Usage: 0 ( 0 Kb) NonPagedPoolNx Usage: 8735 ( 34940 Kb) NonPagedPool Max: 522368 ( 2089472 Kb) PagedPool 0 Usage: 17573 ( 70292 Kb) PagedPool 1 Usage: 2417 ( 9668 Kb) PagedPool 2 Usage: 0 ( 0 Kb) PagedPool 3 Usage: 0 ( 0 Kb) PagedPool 4 Usage: 28 ( 112 Kb) PagedPool Usage: 20018 ( 80072 Kb) PagedPool Maximum: 523264 ( 2093056 Kb) Session Commit: 6218 ( 24872 Kb) Shared Commit: 18591 ( 74364 Kb) Special Pool: 0 ( 0 Kb) Shared Process: 2151 ( 8604 Kb) PagedPool Commit: 20031 ( 80124 Kb) Driver Commit: 4531 ( 18124 Kb) Committed pages: 179178 ( 716712 Kb) Commit limit: 1702548 ( 6810192 Kb) Total Private: 66073 ( 264292 Kb) 0a30 CCC.exe 11078 ( 44312 Kb) 0548 dwm.exe 6548 ( 26192 Kb) 091c MOM.exe 6103 ( 24412 Kb)
We will describe many of the details of the output of this command later in this chapter.
我们将在本章稍后描述该命令输出的众多细节。
Services Provided by the Memory Manager
The memory manager provides a set of system services to allocate and free virtual memory, share memory between processes, map files into memory, flush virtual pages to disk, retrieve information about a range of virtual pages, change the protection of virtual pages, and lock the virtual pages into memory.
Like other Windows executive services, the memory management services allow their caller to supply a process handle indicating the particular process whose virtual memory is to be manipulated.
The caller can thus manipulate either its own memory or (with the proper permissions) the memory of another process. For example, if a process creates a child process, by default it has the right to manipulate the child process’s virtual memory. Thereafter, the parent process can allocate, deallocate, read, and write memory on behalf of the child process by calling virtual memory services and passing a handle to the child process as an argument. This feature is used by subsystems to manage the memory of their client processes. It is also essential for implementing debuggers because debuggers must be able to read and write to the memory of the process being debugged.
内存管理器提供的服务
内存管理器提供一组系统服务用于分配和释放虚拟内存,在进程间共享内存,将磁盘文件映射至内存,将虚拟页刷新到磁盘,取回一系列有关虚拟页的信息,更改虚拟页的保护权限,以及将虚拟页锁在内存中。与其它Windows执行体服务一样,内存管理服务允许它们的调用者提供一个进程句柄,用于指明要被操控虚拟内存的特定进程;调用者因而能够操控其自身内存(以适当的权限)或者其它进程的内存
;例如,一个进程创建了一个子进程,默认情况下,父进程有权操控它的子进程的虚拟内存;随后,父进程可以通过调用虚拟内存服务并且传递一个该子进程的句柄作为参数,从而能够代表该子进程分配,释放,以及读写内存。这个特性被子系统用来管理它们“客户进程”的内存。这个特性对于实现调试器也是必需的,因为调试器必须能够读写被调试进程的内存。