2

We have been using Vmmap, and Processexplorer and MS Detours to analyze the memory usage in our program. Our goal was to validate our program's memory usage. For example, we know that we have X MB of data which we load from disk into memory, we want to make sure that we are not somehow using 2X MB of memory doing this.

However, we noticed the following discrepancies: - for a particular point during execution, Vmmap will report ~1310 MBs of private working set where Processexplorer will report ~1304 MBs (only 6MB off, but which one is "more" accurate...) - memory tracking with MS Detours will report ~948 MBs allocated from HeapAlloc calls, but Vmmap will say that the program is using ~1143 MBs of private heap

My question is, barring errors in our tracking code, and memory being mapped by drivers, can anyone explain how Vmmap and Processexplorer can capture more memory data than our MS Detours hooks?

Other notable calls which we have hooked into are: - VirtualAlloc - ZwAllocateVirtualMemory - RtlAllocateHeap - MapViewOfSection

Many thanks in advance!

StayOnTarget
  • 11,743
  • 10
  • 52
  • 81
ultralazer
  • 21
  • 1
  • Do you know what these metrics mean? If you don't have a comprehensive and deep understanding of them, then there's not much point measuring. I know I don't have such an understanding. – David Heffernan Feb 22 '11 at 19:14
  • @David: oh. should have read more careful. I'm going to delete the comment. Thanks for the hint. – eckes Feb 22 '11 at 19:51
  • 1
    Is it possible that your hooked versions of the allocation routines are counting right? Do the hooks get installed early enough? I mean has some memory been allocated before your hooks get installed? I would trust Process Explorer over anything that almost anyone else would write - Russinovich really knows his stuff. – David Heffernan Feb 22 '11 at 20:17
  • There is no point to compare numbers exactly without knowing how and when they are taken. The .NET Performance counters for GC memory for example are only updated after a GC. It might be that your results differ because Process Explorer and VMMap have different triggers when to update their measured values. – Alois Kraus Apr 03 '11 at 20:11

1 Answers1

1

it would suggest take memory dump at that particular time and open it in windbg and do !address -summary. This command should tell you state of each memory region. If its a .NET application then you may want to go deep and look into GC heap. You may refer the article http://vpnchoudhary.blogspot.com/2011/03/out-of-memory-exception-simple.html for more details.

Vipin Kumar
  • 136
  • 1
  • 9