flat assembler
Message board for the users of flat assembler.
Index
> Windows > why the simple program takes more than 3 MB of RAM? |
Author |
|
KIRK 20 Dec 2007, 21:15
Code: format PE GUI 4.0 include 'win32ax.inc' start: .code invoke MessageBox,0,0,0,0 invoke ExitProcess,0 .end start compiled to 1,5 kbytes or http://board.flatassembler.net/topic.php?p=45385#45385 MessageBox example compiled to 680 bytes I run program, press Alt+Ctrl+Del and see that it takes 3520 KBytes! Why so much? |
|||
20 Dec 2007, 21:15 |
|
vid 20 Dec 2007, 22:40
use SysInternals process explorer for more detailed information
|
|||
20 Dec 2007, 22:40 |
|
AlexP 20 Dec 2007, 22:44
hmmm... Vid, check out the other post about this person trying to take over the Windows command prompt's output buffer with a pipe. Very interesting, I hope you can give him an explanation of how you can't do it. I suggested a "timing attack on the cmd process" for the moment when it relinquishes it's window. I totally made that up, but is it really possible to make a loop that will attack a program using AttachConsole for the exact moment it exits? That would be volatile lol...
|
|||
20 Dec 2007, 22:44 |
|
f0dder 20 Dec 2007, 23:47
KIRK: as vid recommended, get Process Explorer to get more detailed memory usage staticstics - what you should be most interested in is "Private Bytes" memory usage.
The memory size explorer shows will never really go below 2-3MB, since it includes the DLLs your process uses, and most of that memory is shared among all processes that's running on the system. |
|||
20 Dec 2007, 23:47 |
|
AlexP 21 Dec 2007, 00:40
True, and those dll's may be very large, KERNEL32 I think is default for all apps, either that or NTDLL also. Combine that with stack space, align to page*? and other things it will only go down to around there. Still kind of funny though
|
|||
21 Dec 2007, 00:40 |
|
f0dder 21 Dec 2007, 00:44
You'll always end up including KERNEL32.DLL in your apps - XP forces it's inclusion, Win2k fails silently if you don't end up importing from it (ie., it's good enough to have a single import from, say, GDI32.DLL since GDI32 imports from KERNEL32), because of the way app loading happens (your proces doesn't start initial executing from peheader.entrypoint, but from kernel32.some_deep_function).
KERNEL32 in turn depends on NTDLL. |
|||
21 Dec 2007, 00:44 |
|
bitRAKE 21 Dec 2007, 02:49
Ah, that's nothing - here is a real memory hog:
Last edited by bitRAKE on 21 Dec 2007, 08:23; edited 1 time in total |
|||||||||||
21 Dec 2007, 02:49 |
|
asmfan 21 Dec 2007, 08:00
real available amount of memory to process - min (avail phys. memory; avail virt. mem) but with one remark - you will commit page by page size of total needed to be allocated memory - the cause is Virtual memory fragmentation.
I haven't seen ever that one (32 bit) program could take more than 1.6-1.7 GiB without some special manipulation - e.g. large_address_aware and boot.ini /3gb |
|||
21 Dec 2007, 08:00 |
|
KIRK 21 Dec 2007, 12:36
and what you see?
|
||||||||||
21 Dec 2007, 12:36 |
|
revolution 21 Dec 2007, 12:50
Yep, you got stacks, PID's, TID's, DLL info tables, lots of other information things that Windows likes to use.
|
|||
21 Dec 2007, 12:50 |
|
KIRK 21 Dec 2007, 13:01
RBTray takes only 272 KB,
why such difference? |
|||
21 Dec 2007, 13:01 |
|
revolution 21 Dec 2007, 13:12
You wanted to include MessageBox so that means you get user32 and gdi32 mapped into you process. Background processes may not have used any GUI functions so accordingly have less mapped DLL's.
|
|||
21 Dec 2007, 13:12 |
|
KIRK 21 Dec 2007, 13:22
thanks:)
|
|||
21 Dec 2007, 13:22 |
|
f0dder 21 Dec 2007, 15:26
KIRK wrote: RBTray takes only 272 KB, you need to look at PRIVATE BYTES, not WORKING SET. And do yourself a favor, open perfmon.msc and see the description of the process/memory counters. Working set becomes small when you don't have any visible windows and sit in the background. If you worry too much about these things you can use SetProcessWorkingSetSize(hpro,-1,-1);, but it's a silly hack since windows will trim the working set as necessary. _________________ - carpe noctem |
|||
21 Dec 2007, 15:26 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.