Windows API Documentation

Core System Services: Memory Management

Windows employs a sophisticated virtual memory manager (VMM) that provides each process with its own private virtual address space. This space is large and contiguous, simplifying application development by abstracting away the complexities of physical memory limitations. The VMM maps virtual addresses used by applications to physical memory addresses, disk storage (paging file), or shared memory.

Key Concepts:

  • Virtual Address Space: A 64-bit range of addresses available to each process.
  • Physical Address Space: The actual RAM available on the system.
  • Page: The smallest unit of memory management, typically 4 KB.
  • Page Table: Data structures used by the VMM to translate virtual addresses to physical addresses.
  • Page Fault: An exception raised when a process accesses a page that is not currently in physical memory.

The VMM manages the allocation and deallocation of physical memory pages. It aims to keep frequently accessed pages in RAM and moves less frequently used pages to the paging file on disk to free up physical memory.

Developers can allocate memory for their applications using various Windows APIs. The choice of API depends on the scope, lifetime, and intended use of the memory.

Heap Allocation

The process heap is a region of memory managed by the system for dynamic allocation within a process. APIs like HeapAlloc and LocalAlloc (older API, often redirects to heap) are used for this purpose. Memory allocated on the heap is generally private to the process.

HANDLE hHeap = GetProcessHeap();
LPVOID lpData = HeapAlloc(hHeap, HEAP_ZERO_MEMORY, 1024);
if (lpData != NULL) {
    // Use allocated memory
    HeapFree(hHeap, 0, lpData);
}

Virtual Allocation

The VirtualAlloc and VirtualAllocEx functions allow direct manipulation of the process's virtual address space. This provides more control over memory attributes like protection and commit status. It's often used for allocating large, contiguous blocks or for specific memory protection requirements.

LPVOID lpAddress = VirtualAlloc(NULL, 4096, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (lpAddress != NULL) {
    // Use allocated memory
    VirtualFree(lpAddress, 0, MEM_RELEASE);
}

Windows enforces memory protection to prevent processes from accessing or modifying memory that doesn't belong to them. Each memory page can have specific access rights (e.g., PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE). Attempting to violate these protections results in an access violation exception.

Memory-mapped files provide a mechanism to map the contents of a file directly into the virtual address space of a process. This allows treating file I/O as memory access, which can be more efficient for large files or when sharing data between processes.

Key Memory Management APIs

  • VirtualAlloc / VirtualAllocEx: Reserves or commits pages of memory.
  • VirtualFree: Releases or decommits pages of memory.
  • VirtualProtect / VirtualProtectEx: Changes the access protection for a region of pages.
  • HeapAlloc / HeapFree: Allocates and frees memory from the process's heap.
  • GlobalAlloc / GlobalFree (deprecated): Older APIs for global memory allocation.
  • LocalAlloc / LocalFree (deprecated): Older APIs for local memory allocation.
  • CreateFileMapping: Creates or opens a named or unnamed file mapping object.
  • MapViewOfFile: Maps a view of a file mapping into the address space of the calling process.