Author Topic: Memory usage  (Read 10934 times)

0 Members and 1 Guest are viewing this topic.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Memory usage
« Reply #15 on: September 05, 2007, 09:33:25 AM »
and i guess, "error in user mode = program crash only" but error in kernel mode = blue screen".. right?

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11660
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Memory usage
« Reply #16 on: September 05, 2007, 11:46:12 AM »
That is sneaky, is there any advantage in doing this or is it just masking resource usage ?

Well, it has its pros and cons.

The advantage is that it makes the filesystem scanner (that needs to run in kernel-mode anyway) slightly faster (avoiding the need of transitions between kernel- and user- mode).

The disadvatange is that any error in the engine usually means instant computer crash (or instant reboot).
Also, porting most stuff to kernel-mode is quite hard - so e.g. unpacking support is harder to implement in this case (especially if you want/need to use 3rd party code). That's one of the reasons you cannot enable archive unpacking in AVG's on-access scanner, by the way... ;)

Also, it's worth noting that this model had been used by Norton and McAfee (roughly till their 2004 versions). It was abandoned then - I suppose they figured out that the drawbacks simply outweighted the benefits.

How can we measure such resources usage in this situation (kernel-mode driver)?

There's no easy way because the driver memory is allocated from a system-wide pool (i.e. it doesn't belong to any process, really).

A simple way to get a rough idea is:
- boot the machine with the driver active
- in the Task Manager, go to the Performance tab and note the values in the Kernel Memory section (Total, Paged and NonPaged values)
- uninstall the driver (or the software which carries the driver)
- reboot
- again, use the Task Manager to find out the Kernel memory usage

The difference should quite accurately indicate how much memory the driver allocated.


A slighly more sophisticated method of resource tracking is to use the Windows Driver Verifier (verifier.exe). This is a handy tool (ships with Win2K+), but it's not really designed for normal users (just for developers/geeks). The tool allows you to track all memory blocks allocated by a driver, and much more.

and i guess, "error in user mode = program crash only" but error in kernel mode = blue screen".. right?

Undoubtly... :)
And this includes e.g. cases of (slightly) faulty RAMs - the larger the "crash surface", the bigger the chance that the computer will keep crashing on the user. Even MS is slowly realizing that their goal for the future should be to minimize the amount of code running in the kernel - as is evident from the early specs/builds of Windows 7 (the successor of Vista/Win2K8Srv).

Cheers
Vlk
« Last Edit: September 05, 2007, 03:53:51 PM by Vlk »
If at first you don't succeed, then skydiving's not for you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87080
  • No support PMs thanks
Re: Memory usage
« Reply #17 on: September 05, 2007, 02:26:18 PM »
Thanks for the detailed explanation Vlk, very interesting.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Memory usage
« Reply #18 on: September 05, 2007, 09:51:12 PM »
Thanks for the info Vlk.
You've been in Redmond, do you know anything on Windows 7?
Is MS dropping Vista?
The best things in life are free.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11660
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Memory usage
« Reply #19 on: September 05, 2007, 10:39:31 PM »
Quote
You've been in Redmond, do you know anything on Windows 7?

I know some stuff but as a matter of fact, I'm not supposed to discuss them publicly. Sorry :-[
(but it's nothing too important, really)


Quote
Is MS dropping Vista?

No way :)
If at first you don't succeed, then skydiving's not for you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Memory usage
« Reply #20 on: September 05, 2007, 10:45:14 PM »
Quote
Is MS dropping Vista?
No way :)
Thanks 8)
The best things in life are free.