Pular para o conteúdo principal

Investigate memory usage with Windows 7 Resource Monitor

Investigate memory usage with Windows 7 Resource Monitor: "

I last week’s blog post, Learn how to use the Windows 7 Resource Monitor for effective troubleshooting, I introduced you to the Resource Monitor tool’s powerful features and explained how you can use it to get a better understanding how system resources are used by processes and services. I also indicated that you can use Resource Monitor to delve into specific problems, such as and investigating memory usage.


In this edition of the Windows Desktop Report, I’ll show you how to use the detailed information displayed in Windows 7 Resource Monitor to investigate memory usage.


This blog post is also available in the PDF format in a TechRepublic Download.


Memory basics


Without getting too technical, let’s take a moment to brief look a memory management in Microsoft Windows 7. Doing so will help you to interpret the information displayed on the Memory tab.


To begin with, Windows 7 operating system’s memory manager creates a virtual memory system that is made up of available physical memory and a page file system on the hard disk. Using this virtual memory system allows the operating system to allocate fixed-length blocks of memory, called pages, that is contiguous in both physical memory addressing and virtual memory addressing.


Getting started


To get started with Resource Monitor, click the Start button, type Resmon.exe in the Start Search box, and press [Enter]. When you see the Resource Monitor user interface, select the Memory tab, as shown in Figure A.


Figure A



The Memory tab in Resource Monitor provides detailed information about Windows 7’s memory use.

The Processes table


On the Memory tab, the Processes table, as shown in Figure B, lists all of the currently running processes and breaks down each process’ memory use in several categories.


Figure B



The Processes table breaks down each process’ memory use in several categories.

Image


Of course, the Image column shows the process’ executable file name. As you can see, Processes that represent applications are easy to identify. For example, it’s easy to tell that the notepad.exe process corresponds to Notepad. Processes named svchost.exe represent various services being run by the operating system. You can find the name of the service enclosed in parenthesis adjacent to each instance of svchost.exe shown in the Image column.


PID


The PID column shows the process’ Process ID number, which is simply a number that uniquely identifies a process while it runs.


Commit


The Commit column shows the amount of virtual memory in kilobytes that the operating system has reserved for a process. This number includes the amount of physical memory that is in use as well as any pages that have been saved in the page file.


Working Set


The Working Set column shows the amount of physical memory in kilobytes that is currently in use by the process. The working set can be broken down into Shareable and Private categories of memory.


· Sharable


The Sharable column shows the amount of physical memory in kilobytes that is currently in use by the process and is shared with other processes. Sharing sections or pages of memory for common processes saves memory space because only one copy of the page is required. More specifically, one copy of the page is physically in memory and it is then mapped to the virtual address space of other processes that need access. For example, system DLLs such as Ntdll, Kernel32, Gdi32, and User32, share memory among all processes.


· Private


The Private column shows the amount of physical memory in kilobytes that is currently in use by the process that is not shared with other processes. This number provides you with a pretty accurate measure of the amount of memory that a particular application needs in order to run.


Hard Faults/sec


The Hard Faults/sec column shows the average number of hard page faults per second that have occurred in the last minute. If a process attempts to use more physical memory than is currently available, the system must write, or page, some of the memory contents to disk. If the process later needs and accesses the memory contents that exist on the disk, it is called a Hard Fault.


Watching Hard Faults


Now that you have a good idea of the memory information presented in the Processes table let’s take look at what to look for if you want to monitor memory usage. As you load applications and work with files, the operating system’s memory manager monitors the Working Set of each process and watches for requests for additional memory resources. As the Working Set of a process grows, the memory manager balances the process’ demand for more memory against requests from the kernel and other processes. If available address space becomes scarce, the memory manager must scale back the size of the working set. This typically means paging some of the memory contents to disk.


If that page must be read back from the disk, it causes a Hard Fault. While Hard Faults are a pretty normal occurrence, multiple Hard Faults typically require additional time so that the system can read pages from the disk. When Hard Faults occur too frequently, the resulting disk reads will decrease system responsiveness. If you have ever been working on your system and suddenly everything seems to run in slow motion and then just as suddenly comes back to regular speed, chances are good that your system is busily swapping memory around so that it can continue working.


As such, if you notice an excessive number of Hard Faults related to a particular process on a regular basis, chances are your system needs more physical memory.


To more closely watch processes that are encountering a large number of Hard Faults, you can use the Filtering system built into Resource Monitor. Select the check box adjacent to that process and it will move to the top of the list. You’ll then see those Hard Faults appear in orange in the graph.


(Keep in mind that there are many other factors that come into play when it comes to memory usage and that monitoring Hard Faults isn’t the only or the best way to monitor memory use. But, it provides you with a good starting point.)


The Physical Memory table


While the Processes table provides you with a more granular view of memory usage, the Physical Memory table provides you with a global view. The main feature of the Physical Memory table is a bar graph that provides you with unique view of memory usage, as shown in Figure C.


Figure C



Physical Memory table’s bar graph provides you with a global view of win 7’s memory usage.

As you can see, each section of the bar graph is labeled and represents a list of pages of memory. As you use your system, the memory manager is at work in the background moving memory back and forth between these lists in order to maintain a delicate balance between using physical memory and the hard disk in order to allow your system to work efficiently and effectively. Let’s take a closer look


Hardware Reserved


Beginning on the left, in grey, is the Hardware Reserved list which shows the amount of memory reserved for hardware. This list represents the amount of memory that the various hardware devices installed in your system have reserved so that they can communicate with the operating system. Of course, memory reserved for hardware is essentially locked and as such is not available to the memory manager.


Typically, the amount of Hardware Reserved memory ranges from 10MB to 70MB but can vary depending on the system’s hardware configuration and might be several hundred MB. Examples of components that can affect the amount of memory reserved include:



  • System BIOS

  • Motherboard resources, such as I/O advanced programmable interrupt controller (APIC)

  • Sound cards or any other devices that require memory-mapped I/O

  • PCI Express (PCIe) bus

  • Video card

  • Various chipsets

  • Flash devices


(Some folks have reported inordinately huge amounts of memory being allocated to the Hardware Reserved list. While I haven’t encountered this situation myself and can’t verify the suggested solution, many folks have reported that upgrading the system BIOS firmware solved the problem.)


In Use


The In Use list, shown in green in Figure C, represents the amount of memory being used by the operating system, drivers and the various running processes. In Use memory is calculated by adding the sizes of the Modified, Standby, and Free values and subtracting this from the amount of recognized memory, which is listed as Total in the section just below the graph. The Total memory is calculated by subtracting any Hardware Reserved memory from the Installed RAM.


Modified


Shown in orange, the Modified list represents the pages of memory that contain data that has been modified, but has not been accessed for a while. As such it is not technically in use, but can still be pulled into service quickly if needed. If memory in the Modified list has not been accessed in a long time, the memory manager will write the page to disk and then move it to the Standby list.


Standby


The Standby list, which is shown in blue, contains pages that have been removed from process working sets, but are still linked to their respective working sets. As such, Standby list is essentially a cache. However, memory pages in the Standby list are prioritized in a range of 0-7, with 7 being the highest. Essentially, a page related to a high priority process will receive a high priority level in the Standby list.


For example, processes that are Sharable will be a high priority and pages associated with these Sharable processes will have the highest priority in the Standby list


Now, if a process needs a page that is associated with the process, and that page is now in the Standby list, the memory manager immediately returns the page to that process’ working set. However, all pages on the Standby list are available for memory allocation requests from any process. When a process requests additional memory and there is not enough memory in the Free list, the memory manager checks the page’s priority and will take a page with a low priority from the Standby list, initialize it, and allocate it to that process.


Free


The Free list, shown in light blue, contains pages of memory that have not yet been allocated to a process or were previously allocated but returned to the memory manager when the process ended. (While both “not yet been allocated” and “previously allocated” memory both show in the Free part of this bar graph, the “not yet been allocated” pages are actually part of another list called the Zero Page list. These are so called because they have been initialized to zero, and are ready for use when the memory manager needs a new page.)


The question of Free memory


Now that you have a good idea of how the memory manger in Windows 7 works on a global level, let’s take a few minutes to discuss a common misconception with Windows 7’s memory management scheme. As you can see in Figure C, Free memory is the second smallest list in the graph. The misconception is to look at that small value and think that Windows 7 is a memory hog and how can a system run effectively when there is hardly any Free memory.


But just the opposite is true, in the case of Windows 7’s memory management scheme, Free memory is wasted memory. The more memory that Windows 7 keeps in play, the better. By keeping memory full and juggling pages between the various lists along with using its Standby priority system, Windows 7 improves efficiency and does its best to keep memory pages from hitting the page file where Hard Faults and sluggish performance is more likely to occur.


Watching memory use


Want to see Windows 7’s memory management scheme in action? To do so, restart your system. As soon as you get logged in, launch Resource Monitor, select the Memory tab and immediately take note of the size of each of the lists shown on the Physical Memory bar graph.


Then begin loading applications - lots of them - the bigger, the better. As each application is loading, switch over to Resource Monitor and watch the size of the lists on the Physical Memory bar graph change. Once you have loaded as many applications as you want, begin closing them. As each application is closing, switch over to Resource Monitor and watch the size of the lists on the Physical Memory bar graph change.


Once you go through this exaggerated scenario, you’ll have a good, front-row, idea of how Windows 7’s memory management scheme works on your system. Now that you have a good idea of what to look for, you can use Resource Monitor to keep tabs on memory usage as you use your system during the course of a normal computing session.


What’s your take?


What do you think about using Resource Monitor to keep tabs on memory usage? As always, if you have comments or information to share about this topic, please take a moment to drop by the TechRepublic Community Forums and let us hear from you.


Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic’s Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!





"

Comentários

Postar um comentário

Postagens mais visitadas deste blog

Improve Windows Security By Closing Open Ports

Improve Windows Security By Closing Open Ports : " A standard Windows operating system has a number of ports open after installation. Some of these ports are needed for the system to function properly while others might not. These ports can pose a security risk as every open port on a system might be an entry point for a malicious user. A port basically allows communication to or from the device. Characteristics are a port number, an IP address and a protocol type. This article will give you the tools at hand to identify and evaluate the open ports on your Windows system to make a decision in the end whether they can or should be closed or left open. Software programs and tools that we will use: CurrPorts : Available for 32-bit and 64-bit editions of Windows. It is a port monitor that displays all open ports on a computer system. We will use it to identify the ports and the programs that are using them. Windows Task Manager: Also used to identify the programs and link some p
Postar um comentário
Leia mais

Diagnosing a Blue Screen of Death Error in Windows

Diagnosing a Blue Screen of Death Error in Windows : For many years now the famous Blue Screen of Death (BSoD) has been the ultimate indication that something disastrous has happened to make your computer die, but how useful is the information in the BSoD and the respective crash dump file that Windows produces? The best article I ever found explaining the BSoD in depth is here on the Microsoft website, however it’s quite technical and doesn’t discuss how to actually troubleshoot a problem. The crash dump file is just technical details of what was being held in the computer’s memory at the time of the crash, and this will include details on every driver and service that was loaded, and every piece of software that was running. The most useful pieces of information are to be found on the BSoD itself and are highlighted on the screenshot below. These are the BSoD error name, the stop error code and the name of the driver or service that has failed (this last one might not always appea
Postar um comentário
Leia mais

Use BGInfo to Build a Database of System Information of Your Network Computers

Use BGInfo to Build a Database of System Information of Your Network Computers : " One of the more popular tools of the Sysinternals suite among system administrators is BGInfo which tacks real-time system information to your desktop wallpaper when you first login. For obvious reasons, having information such as system memory, available hard drive space and system up time (among others) right in front of you is very convenient when you are managing several systems. A little known feature about this handy utility is the ability to have system information automatically saved to a SQL database or some other data file. With a few minutes of setup work you can easily configure BGInfo to record system information of all your network computers in a centralized storage location. You can then use this data to monitor or report on these systems however you see fit. BGInfo Setup If you are familiar with BGInfo, you can skip this section. However, if you have never used this tool, it takes ju
Postar um comentário
Leia mais