up any memory. Committing a block means that we actually allocate
space for it in the system page file. No physical memory will be used
until the memory is actually accessed.
VirtualProtect This function sets a memory region’s protection settings,
such as whether the block is readable, writable, or executable (newer
versions of Windows actually prevent the execution of nonexecutable
blocks). It is also possible to use this function to change other low-level
settings such whether the block is cached by the hardware or not, and
so on.
VirtualQuery This function queries the current memory block (essen-
tially retrieving information for the block’s VAD node) for various
details such as what type of block it is (a private allocation, a section, or
an image), and whether its reserved, committed, or unused.
VirtualFree This function frees a private allocation block (like those allo-
cated using VirtualAlloc).
All of these APIs deal with the currently active address space, but Windows
also supports virtual-memory operations on other processes, if the process is
privileged enough to do that. All of the APIs listed here have an Ex version
(VirtualAllocEx, VirtualQueryEx, and so on.) that receive a handle
to a process object and can operate on the address spaces of processes other
than the one currently running. As part of that same functionality, Windows
also offers two APIs that actually access another process’s address space
and can read or write to it. These APIs are ReadProcessMemory and
WriteProcessMemory.
Another group of important memory-manager APIs is the section object
APIs. In Win32 a section object is called a memory-mapped fileand can be cre-
ated using the CreateFileMappingAPI. A section object can be mapped
into the user-mode address space using the MapViewOfFileExAPI, and can
be unmapped using the UnmapViewOfFileAPI.Objects and Handles
The Windows kernel manages objects using a centralized object manager com-
ponent. The object manager is responsible for all kernel objects such as sec-
tions, file, and device objects, synchronization objects, processes, and threads.
It is important to understand that this component only manages kernel-related
objects. GUI-related objects such as windows, menus, and device contexts
are managed by separate object managers that are implemented inside
WIN32K.SYS. These are discussed in the section on the Win32 Subsystem later
in this chapter.80 Chapter 3