Windows Memory Management System

Microsoft Windows OS series of graphical interface operating system, developed and sold by
Mircosoft. It is user friendly but not as much powerfull as that of linux based operating system.
Windows many windows on one screen:
1. Desktop is a windows
2. Task bar is also a windows
3. Button too is a windows

32-bit, 64-bit and 86-bit means

It means that they can handle/process these many bits at per unit time.
32-bit processing----- 32 bit per unit time
64-bit processing----- 64 bit per unit time
86-bit processing----- 86 bit per unit time

Memory management---> memory ko manage krna

Types of computer memory there are two different types of computer memory
1. Primary memory or volatile memory data is not stored permanently, jab bhi me apna
device restart karunga tb is memory me se mera sara data delete ho jayega eg RAM
2. Secondary memory or non-volatile memory data is stored permanently and the
storage is external. eg hard disk, pen drive, cd, floppy disk(baba aadam k jamane
ka saman)
It is the process of assigning memory to the different process, application and functioning of the
operating system in the form of blocks. Managing memory will helps you to optimize your
device. Means me apne machine ko apne hisab se bhaga sakta hu as per the specification of
the machine.
Where memory management occurs----> resides in OS, RAM, hardware, application and
processing.
How can I optimize my machines memory?
Or
How can i make my machine fast?
Defragmentation and optimisation of the hard disk.
1. Open My Computer
2. Right click on the main drive. C drive jisme windows install hai
3. Click on Properties and then open Tools tab
4. There you will see Defragment Now button, click it
5. Then it will ask you for analyzing the hard disk space.
6. After analyzing the hard disk partition, click on defragment now option.

Virtual memory When the memory of my RAM runs out of storage capacity then there comes
the concept of virtual memory. Its not the physical memory but acts as the physical memory.
Imagine sb logo k pass ghar hai. Ghar ka koi physical address hai that is only your street
address not your house number. If someone wants to send a mail or letter to you, they are
gonna use the post office. no one known the relation between the letter reference and the
house address apart from the postal workers. Now only the post master knows which letter
refers to which house. So here my post office is my virtual address and postal master is my
virtual memory manager

So in technical terms i can quote that.

A computer can address more memory than the amount physically installed on the system. This
extra memory is actually called virtual memory and it is a section of a hard disk.
Computers have a finite amount of RAM so memory can run out, especially when multiple
programs run at the same time. A system using virtual memory can load larger programs or
multiple programs running at the same time, allowing each one to operate as if it has infinite
memory and without having to purchase more RAM.
To understand better lets look at the picture below:

Virtual memory may at the flash or disk. The application program uses the physical addresses
at the RAM. A virtual memory management systems maps the virtual addresses of the pages
with
the physical addresses of the pages after the pages of the program has been loaded at RAM.

Increase the Virtual memory size

1. Click Start button, right-click Computer, and then click Properties.
2. In the left pane, click Advanced system settings.
3. On the Advanced tab, under Performance, click Settings.
4. Click the Advanced tab, and then, under Virtual memory, click Change.
5. Clear the Automatically manage paging file size for all drives check box.
6. Under Drive [Volume Label], click the drive that contains the paging file you want to
change.
 7. Click Custom size, type a new size in megabytes in the Initial size (MB) or Maximum
size (MB) box, click Set, and then click OK.

Three types of virtual pages

Committed page a page reserved for application and directly maps to the RAM address.
Reserved page at virtual address cannot be used in the application.
Free page can be used and is allocated during the run.

Virtual Address Space virtual memory addresses set that system can use. For maintaining
this system maintains a page table for each and every process. Each process on 32-bit
Microsoft Windows has its own virtual address space that enables addressing up to 4 gigabytes
of memory. Each process on 64-bit Windows has a virtual address space of 8 terabytes.

Memory Pools pool of memory allocation blocks, it dynamically allocates the memory to
processes, application and softwares when they asked for it.

Virtual Memory Functions enables a process to manipulate and determines the status of the
page in its virtual address space

Heap Functions heap is a data structure in a programming language, which helps is

maintaining the variables and data and manipulate it. To manage the huge heap, it calls heap
functions such as heapAlloc, heapFree, getProcessHeap for memory management

Standard C Library Functions malloc, calloc, alloc, free

Comparing Memory Allocation Methods comparison between calloc, malloc, alloc and their
working anc allocations of memory

Assembly Language
What is a language these are set of rules, instructions telling my computer what to do and
what not to do. Because my computer is dumb. It does not know what to do unless and until
we ask or tell him to do.
Different types of languages:
1. High-level computer programming language
2. Middle-level computer language
3. Low-level computer language

High level programming language these are the codes and programming language which are
written in english or almost english language with some specific and defined syntax. It is
basically a symbolic language that use english words and mathematical expressions in it.
Examples are- c, c++, java, python, perl etc.
They are divided in three main categories:
1. Problem-oriented language
2. Procedural language
3. Non-procedural language
Furthermore, the whole category of programming language is also divided into the categories of
the purpose. They are:
1. Purpose e.g. business, educational, scientific.
2. Facilities provided e.g. meaningful variable names, control and data structures, error
checking facilities.
3. Ease of learning and use.
4. Portability - if a program is to he used on or in more than one system.
5. Popularity - availability of compilers/interpreters.
6. Documentation provided.

Middle-level computer languageMedium-level language (MLL) is a computer programming

language that interacts with the abstraction layer of a computer system. Medium-level language
serves as the bridge between the raw hardware and programming layer of a computer system.
MLL converts high-level language code to low-level language code. Example - assembly
language.

Low-level language these are machine codes, which a normal human cannot understand. Our
computer does not understand normally what we speak or what we write. It only understands
and execute the instructions that are in the form of 0 and 1. ex binary language

NUMBER SYSTEMS A number system is a system of writing for expressing numbers. It is the
mathematical notation for representing numbers of a given set by using digits or other symbols
in a consistent manner. It provides a unique representation to every number and represents the
arithmetic and algebraic structure of the figures. It also allows us to operate arithmetic
operations like addition, subtraction, and division.
There are 4 types of number system in computer system:
1. Binary 0 and 1 only numbers -- base 2
2. Decimal 0 to 9 -- 10 numbers -- base 10
3. Octal 0 to 7 -- 8 numbers -- base 8
4. Hexadecimal 0 to 9 and A to F -- 16 numbers -- base 16

Memory address A memory address is a unique identifier used by a device or CPU for data
tracking. This binary address is defined by an ordered and finite sequence allowing the CPU to
track the location of each memory byte.
Assembly language a programming language that consists of instructions that are mnemonic
codes for corresponding machine language instructions.
INC COUNT ; Increment the memory variable COUNT
MOV TOTAL, 48 ; Transfer the value 48 in the
; memory variable TOTAL
ADD AH, BH ; Add the content of the
; BH register into the AH register
AND MASK1, 128 ; Perform AND operation on the
; variable MASK1 and 128
ADD MARKS, 10 ; Add 10 to the variable MARKS
MOV AL, 10 ; Transfer the value 10 to the AL register

Registers Processor operations mostly involve processing data. This data can be stored in
memory and accessed from thereon. However, reading data from and storing data into memory
slows down the processor, as it involves complicated processes of sending the data request into
the memory storage unit and getting the data through the same channel. To speed up the
processor operations, the processor includes some internal memory storage locations, called
registers.
Register are used to quickly accept, store, and transfer data and instructions that are being
used immediately by the CPU
Registers are grouped into three categories
General registers use to hold intermediate results whilst working through a calculation
or algorithm.
Control registers changes or controls the general behavior of a CPU or other digital
device.
Segment registers hold the base value of different segments like Code Segment,
Data Segment etc.
Other registers
1. Memory Address Register (MAR): This register holds the address of memory where
CPU wants to read or write data. When CPU wants to store some data in the memory or
reads the data from the memory, it places the address of the required memory location
in the MAR.
2. Memory Buffer Register (MBR): This register holds the contents of data or instruction
read from, or written in memory. The contents of instruction placed in this register are
transferred to the Instruction Register, while the contents of data are transferred to the
accumulator or I/O register. In other words you can say that this register is used to store
data/instruction coming from the memory or going to the memory.
3. I/O Address Register (I/O AR): I/O Address register is used to specify the address of a
particular I/O device.
4. I/O Buffer Register (I/O BR): I/O Buffer Register is used for exchanging data between
the I/O module and the processor.
5. Program Counter (PC): Program Counter register is also known as Instruction Pointer
Register. This register is used to store the address of the next instruction to be fetched
for execution. When the instruction is fetched, the value of IP is incremented. Thus this
register always points or holds the address of next instruction to be fetched.
6. Instruction Register (IR): Once an instruction is fetched from main memory, it is stored
in the Instruction Register. The control unit takes instruction from this register, decodes
and executes it by sending signals to the appropriate component of computer to carry
out the task.
7. Accumulator Register: The accumulator register is located inside the ALU, It is used
during arithmetic & logical operations of ALU. The control unit stores data values fetched
from main memory in the accumulator for arithmetic or logical operation. This register
holds the initial data to be operated upon, the intermediate results, and the final result of
operation. The final result is transferred to main memory through MBR.
8. Stack Control Register: A stack represents a set of memory blocks; the data is stored
in and retrieved from these blocks in an order, i.e. First In and Last Out (FILO). The
Stack Control Register is used to manage the stacks in memory. The size of this register
is 2 or 4 bytes.
9. Flag Register: The Flag register is used to indicate occurrence of a certain condition
during an operation of the CPU. It is a special purpose register with size one byte or two
bytes. Each bit of the flag register constitutes a flag (or alarm), such that the bit value
indicates if a specified condition was encountered while executing an instruction.

Performance Registers
EAX : Extended Accumulater Register
EBX: Base Register
ECX: Counter Register
EDX: Data Register

Index of Register
Source Index Register
Destination Index Register

ESP : Extended Stack Pointer points at top of the stack

EIP: Extended Instrcution Pointer contains the address of the next register to be used in the
list

Data Movement Instructions: copies a byte or a word from the source location to the destination.
In general, either the source or the destination must be a register, the only exception is that an
immediate value may be moved straight to memory. Here are the accepted forms:
1. Mov The MOV instruction moves data bytes between the two specified operands. The
byte specified by the second operand is copied to the location specified by the first
operand. The source data byte is not affected.
MOV R5, A
Move the value of register A to register R5
2. Push The PUSH instruction increments the stack pointer and stores the value of the
specified byte operand at the internal RAM address indirectly referenced by the stack
pointer. No flags are affected by this instruction.
PUSH A
3. Pop The POP instruction reads a byte from the address indirectly referenced by the
SP register. The value read is stored at the specified address and the stack pointer is
decremented. No flags are affected by this instruction.
POP 34h
4. In Copies the value from the I/O port specified with the second operand to the
destination operand. The source operand can be a byte-immediate or the DX register;
the destination operand can be register AL, AX, or EAX, depending on the size of the
port being accessed.
IN AL,imm8
Input byte from imm8 I/O port address into AL.
5. Out Copies the value from the second operand to the I/O port specified with the
destination operand. The source operand can be register AL, AX, or EAX, depending on
the size of the port being accessed the destination operand can be a byte-immediate or
the DX register.
OUT imm8, AL
Output byte in AL to I/O port address imm8.

Logical and Arithmetic instructions:

Logical instructions they work on bitwise level. They work, process and manipulate from bit to
bit, once at a time. In other words, it will perform and, or, not, xor, etc. type of functions
Arithmetic instruction these are the instructions which helps in performing mathematical
operations on the bits. They perform addition, subtraction, multiplication, division, etc.

INSTRUCTIONS OPERATIONS
 add D, S1, S2 D S1 + S2
S1, S2 AC S1+ S2

sub D, S1, S2 D S1 - S2

mul D, S1, S2 D S1 * S2

div D, S1, S2 D S1 div S2

rem D, S1, S2 D S1 rem S2

and D, S1, S2 D S1 and S2

or D, S1, S2 D S1 or S2

xor D, S1, S2 D S1 xor S2

nor D, S1, S2 D S1 nor S2

not D, S1 D not S1

imul r/m16 AX AL * r/m

inc A A A+1

dec A AA-1

Conditional Instruction these are just like if and else statements in normal programming
language. Which helps in creating loops and conditions and also helps us in jumping the bunch
of statements from execution.

INSTRUCTION EXPRESSION DESCRIPTION

jmp JMP label To jump on a address

JMP L20 location

je je opr Jump if equals

jne jne opr Jump if not equals

jz jz opr Jump if zero

jnz jnz opr Jump if not zero

cmp CMP destination, source To compare source with

CMP DX, 00 destination
Protection Rings ------> hierarchical protection domain---> function is to protect data and f

functionality from flaws and malicious behaviour

Ring3 application are those applications which have least privileges and are less secured

There are special gates for accessing the ring resources in a pre defined manner.

Supervisor mode can be changed and alter by running codes in the system level
Hypervisor mode it is mainly the ring 0 of the protection ring hard to compromise the
system

Ring3 application immunity debugger, ollybdg

Ollydbg tool---> use to debug the software and specially used in reverse engineering of the
softwares. For creating their cracks, patches and getting the registration keys or so called cd
keys of the software to convert demo or trial version in to full version