Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Can the page file be read?

01 Oct 2012   #21
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Gary, let's go back to basics.

The pagefile is an 'extension' of your RAM. Whenever you run short of RAM and there is a request by a program for RAM, Superfetch will page-out the lowest priority (the one that has not been used for the longest time) part of the occupied RAM in order to make room for the new request. Now that could be anything that happens to linger around in RAM at this point in time.

The good news is that with our modern PCs that have 4GB or more of RAM, chances are slim that anything gets paged out at any time. The page requests (hard faults) that you may see e.g. in the Resource Monitor are mostly fake paging requests. Those occur because Superfetch uses the paging mechanism to populate RAM without really populating the page file.


My System SpecsSystem Spec
.
01 Oct 2012   #22
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by logicearth View Post
Furthermore, if your laptop is stolen do you honestly think someone would care enough to pull fragments of your personal information that may or may not be contained in the pagefile when they now have unrestricted access to your personal information stored on the computer in full. Or passwords stored in the browsers log in cache. Why would they bother with the pagefile? (BTW, encryption keys are already protected from being paged out in the first place, they will not be contained in the pagefile.)
Look, none of your comments have had any bearing on my original question. I don't have a laptop, please read the comments.
My System SpecsSystem Spec
01 Oct 2012   #23
MilesAhead

Windows 7 32 bit
 
 

Quote   Quote: Originally Posted by Britton30 View Post
Since there is much discussion of overwriting the pagefile.sys I am wondering is there a way to read its contents?

I'd also like to view contents of thumbs.db (I think) just to see what if any info is stored in them.
The storage tends to be data allocated by programs. For example, if I wrote a program that changes a graphics file from one format to another, I might allocate a few hundred MB for a buffer to read the whole file into. If memory is short on the system, when another app needs memory, my data may be "swapped out" to the page file.

Program code is considered to already be "paged" in the exe file that sits on disk. That's one reason why the OS frowns on altering code in memory. That and security/malware reasons. But if you can alter the code in ram then the image on disk is not an accurate copy anymore etc..

If your machine was actually some financial server or constantly processed credit card info, then you may want to encrypt the page file for security.

Here's a couple of links with some more info.

Pagefile.sys - Forensics Wiki

Encrypt Your Windows Pagefile To Improve Security

One way to read your pagefile would be to boot a Linux CD and use a hex editor to view it. Likely some of the contents would be text. Skimming it you would likely find sections with readable text.
My System SpecsSystem Spec
.

01 Oct 2012   #24
logicearth

Windows 10 Pro (x64)
 
 

Quote   Quote: Originally Posted by Britton30 View Post
Look, none of your comments have had any bearing on my original question. I don't have a laptop, please read the comments.
My last post was not directed at you.
My System SpecsSystem Spec
01 Oct 2012   #25
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by whs View Post
Gary, let's go back to basics.

The pagefile is an 'extension' of your RAM. Whenever you run short of RAM and there is a request by a program for RAM, Superfetch will page-out the lowest priority (the one that has not been used for the longest time) part of the occupied RAM in order to make room for the new request. Now that could be anything that happens to linger around in RAM at this point in time.

The good news is that with our modern PCs that have 4GB or more of RAM, chances are slim that anything gets paged out at any time. The page requests (hard faults) that you may see e.g. in the Resource Monitor are mostly fake paging requests. Those occur because Superfetch uses the paging mechanism to populate RAM without really populating the page file.
Quote   Quote: Originally Posted by MilesAhead View Post
The storage tends to be data allocated by programs. For example, if I wrote a program that changes a graphics file from one format to another, I might allocate a few hundred MB for a buffer to read the whole file into. If memory is short on the system, when another app needs memory, my data may be "swapped out" to the page file.

Program code is considered to already be "paged" in the exe file that sits on disk. That's one reason why the OS frowns on altering code in memory. That and security/malware reasons. But if you can alter the code in ram then the image on disk is not an accurate copy anymore etc..

If your machine was actually some financial server or constantly processed credit card info, then you may want to encrypt the page file for security.

Here's a couple of links with some more info.

Pagefile.sys - Forensics Wiki

Encrypt Your Windows Pagefile To Improve Security

One way to read your pagefile would be to boot a Linux CD and use a hex editor to view it. Likely some of the contents would be text. Skimming it you would likely find sections with readable text.
Thanks!
My System SpecsSystem Spec
01 Oct 2012   #26
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by logicearth View Post
Quote   Quote: Originally Posted by Britton30 View Post
Look, none of your comments have had any bearing on my original question. I don't have a laptop, please read the comments.
My last post was not directed at you.
My appologies.
My System SpecsSystem Spec
01 Oct 2012   #27
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

This might be of some interest. Couldn't find it our Tutorials.
How to Clear Virtual Memory Pagefile upon shutdown in Windows 7?
My System SpecsSystem Spec
01 Oct 2012   #28
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

My System SpecsSystem Spec
01 Oct 2012   #29
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

That will make for a very slow shutdown BTW. It is something to consider when an OP complains of slow shutdown. A Guy
My System SpecsSystem Spec
01 Oct 2012   #30
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by A Guy View Post
That will make for a very slow shutdown BTW. It is something to consider when an OP complains of slow shutdown. A Guy
True, it went from ~48 seconds to 62 for a reboot.
My System SpecsSystem Spec
Reply

 Can the page file be read?




Thread Tools





Similar help and support threads
Thread Forum
my windows live profile page is in aribic i cant read aribic
some how my profile page language has been changed to arabic i cant read it to change it back ty for your help:cry:
Browsers & Mail
How to read Log File
Hello, I would really appreciate your help with this. Im a bit of a newbie so bear with me. I ran the SFC scannow and received my log file (It's attached), but I cant read what exactly is wrong with my system. The reason I ran the SFC Scan is because when Im on the internet and there are 2...
Performance & Maintenance
Can't read bottom of page
Please help me someone!! Trying to download Adobe but cant scroll down far enough to access the ACCEPT button on Terms and Conditions. Have moved task bar to the left of the screen but this makes no difference.
General Discussion
.dmp file cant read?
I am constantly getting bluescreen crashes and this message shows after reboot. Can anyone help me figure out how to fix it? Thanks! Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7600.2.0.0.256.1 Locale ID: 1033 Additional information about the problem: ...
BSOD Help and Support
Can't read MEMORY.DMP file
So.... I downloaded and installed both the Debugging tools from MS as well as the Symbols package. I run WinDbg and set the Symbol File Path to c:\Symbols; where I installed the Symbols download to. I then Open Crash Dump and load in my MEMORY.DMP file that was created when I got a BSOD...
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:52.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App