Friday, December 19, 2008

[General]Private Bytes some useful information

Private Bytes:
Microsoft says,
‘Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes’.
Going deep...
VM Size in ‘TaskManager’ is actually a misnomer of Private bytes (in Perfmon ) and this is one of the counter we will consider if our module is having some memory leak. Hope most of us have a belief that Private Bytes of a process will increase on increasing the code size or if a new DLL is loaded in to that process. I tell you this is not fully correct! We cannot relate the Private Bytes value with the code size increased or size of the DLL Loaded, also there will be no change in Private Bytes even if the DLL is loaded for the first time or if it’s already loaded by some other process. The Private byte is actually related to the increase in data area & the allocation made by our module or through the DLLs loaded by our module.
There are some segments in each EXE or DLL READONLY, EXECUTEREAD, READWRITE, WRITECOPY. Of this READONLY & EXECUTEREAD correspond to the code or instruction set where as the READWRITE & WRITECOPY area corresponds to the data area. An increase in READWRITE & WRITECOPY (normally very less compared to READONLY+EXECUTEREAD ) area will increase the Private Bytes, but an increase in READONLY & EXECUTEREAD will have no reflection in Private Bytes because these area is loaded in to a shared area of the virtual address space. So for e.g. loading a DLL of size 500K (with READWRITE + WRITECOPY area of 20K) will not increase the Private Bytes of the loading process by 500K but only by 20K(READWRITE + WRITECOPY area). Suppose if the DLL is not rebased (rebasing is specifying load address) it will try to load in the default address (may be @ the address 0X10000000) and if that is failed (if some other DLL is loaded in to that address before) then the whole DLL size will be added to the Private Bytes ! So please take care rebasing DLLs with proper address (prefer non conflicting address).
Ohh You might be getting bored up I know, So let me brief through an expression,
Private Bytes = Memory Allocation from our module + Memory Allocation for our module through the loaded DLLs + (READWRITE + WRITECOPY of our module) + (READWRITE + WRITECOPY of all the loaded DLLs) + The whole size of the DLLs loaded which were not rebased and failed loading in the default address(i.e. READONLY+ EXECUTEREAD+ READWRITE + WRITECOPY of those DLLs)
Let me introduce some tools (if you already know please excuse me). With the below tools we will get the details of how and where our Private Byte is spend (a higher level abstract).
Process Explorer:
This tool is available @ SysInternals (
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx) and is helpful to explore the process details. In our scope it help to know whether the DLLs are rebased and loaded in the expected load address.
VaDump:
This is a command line tool which available in windows 2000 Resource kit (
http://download.microsoft.com/download/win2000platform/vadump/1.00.0.1/NT5/EN-US/vadump_setup.exe) and is used to dump the segment details (READONLY, EXECUTEREAD, READWRITE & WRITECOPY) of virtual address space.

No comments: