The Windows 7 x64 Virtual Memory Manager
by Enrico Matignetti
What Makes It Page? is an extraordinary hacker's journey through the Windows 7 (x64) virtual memory manager. Rather than just relying on commonly available information about Windows 7 internals, the author used WinDbg to analyze the operations and functionality. How many hours he must have spent in this effort and the consequent research is beyond my capacity to answer, but in view of the fact that he has delivered here almost 600 pages of material, suggests years of monk-like work.
The pages are replete with detailed discussions of WinDbg output to show the reader how to track down the important details of how, for example, dirty pages are flagged and what becomes of them. A topic as seemingly innocuous as memory-mapped files gets 40 pages of detailed analysis that rests on the previous 300 pages of detailed explanation. And these explanations are not just highbrowed material for OS nerds. The first section of the book is a thoughtful tutorial on how basic memory operations work: everything from how addresses are calculated to the basics of paging and cache control are explained in clear, readable prose. This foundation is then developed extensively by delving into the specifics of Windows 7's implementation. The author finishes up with a grab-bag of "obscure VMM concepts" that he ran into while doing his work. Among those topics is the effect of memory locking on the counters of available memory.
It's been a very long time since I've seen such extensive and meticulous deep digging to reveal material not previously available. A truly excellent resource for anyone interested in Windows internals.