 |
Windows 7: Can the page file be read?
|
01 Oct 2012
|
#21 | |
Vista, Windows7, Mint Mate, Zorin, Windows 8 Florida in winter, Black Forest/Germany |
Gary, let's go back to basics.
The pagefile is an 'extension' of your RAM. Whenever you run short of RAM and there is a request by a program for RAM, Superfetch will page-out the lowest priority (the one that has not been used for the longest time) part of the occupied RAM in order to make room for the new request. Now that could be anything that happens to linger around in RAM at this point in time.
The good news is that with our modern PCs that have 4GB or more of RAM, chances are slim that anything gets paged out at any time. The page requests (hard faults) that you may see e.g. in the Resource Monitor are mostly fake paging requests. Those occur because Superfetch uses the paging mechanism to populate RAM without really populating the page file.
| My System Specs |
| System Manufacturer/Model Number HP, Dell, Gateway, Toshiba - 4 laptops and 2 desktops
OS Vista, Windows7, Mint Mate, Zorin, Windows 8
CPU from 1.6GHz Duo to i7
Monitor(s) Displays 2x HP w2207
Keyboard with trackball - no mices
Mouse Trackball mice
Hard Drives 5x HDD, 7x SSD, 12x Externals
Internet Speed DSL 6000
|
01 Oct 2012
|
#22 | |
Windows 7 Ultimate X64 SP1 Mt. Crumpit/Whoville |
Quote: Originally Posted by logicearth  Furthermore, if your laptop is stolen do you honestly think someone would care enough to pull fragments of your personal information that may or may not be contained in the pagefile when they now have unrestricted access to your personal information stored on the computer in full. Or passwords stored in the browsers log in cache. Why would they bother with the pagefile? (BTW, encryption keys are already protected from being paged out in the first place, they will not be contained in the pagefile.) Look, none of your comments have had any bearing on my original question. I don't have a laptop, please read the comments. | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Home Built Desktop By DataTech
OS Windows 7 Ultimate X64 SP1
CPU Intel i5-2550K, Differing ~4.4-4.8GHz No built in GPU
Motherboard ASUS P8Z68-V PRO/GEN3
Memory 16GB G.Skill Sniper 2133MHz 4x4GB
Graphics Card ASUS ENGTX460 DirectCU/2DI/1GD5 GeForce GTX 460
Sound Card Onboard Realtek 5-1
Monitor(s) Displays Samsung P2570HD
Screen Resolution 1920x1080
Keyboard Old, beat-up Dell USB From 10 yrs Ago
Mouse Gigabyte m6900 wired
PSU Corsair HX650W
Case Inwin Dragon Rider
Cooling Hyper 212 EVO w/two Noctua fans, push-pull, @1300 RPM
Hard Drives Crucial M4 128GB for OS, 750GB Seagate MomentusXT for data, 500GB Seagate Constellation for storage
Internet Speed 8-19 Mbs down, 3-4 Mbs up Comcast Cable
Antivirus Norton Internet Security
Browser IE 9, Opera when needed
Other Info 4 case fans, LG BluRay-RE, ASUS DVD-RW, Mr. Fusion power generator with flux capacitor, 1.21 gigawatts.
|
01 Oct 2012
|
#23 | |
|
Quote: Originally Posted by Britton30 Since there is much discussion of overwriting the pagefile.sys I am wondering is there a way to read its contents?
I'd also like to view contents of thumbs.db (I think) just to see what if any info is stored in them. The storage tends to be data allocated by programs. For example, if I wrote a program that changes a graphics file from one format to another, I might allocate a few hundred MB for a buffer to read the whole file into. If memory is short on the system, when another app needs memory, my data may be "swapped out" to the page file.
Program code is considered to already be "paged" in the exe file that sits on disk. That's one reason why the OS frowns on altering code in memory. That and security/malware reasons. But if you can alter the code in ram then the image on disk is not an accurate copy anymore etc..
If your machine was actually some financial server or constantly processed credit card info, then you may want to encrypt the page file for security.
Here's a couple of links with some more info. Pagefile.sys - Forensics Wiki Encrypt Your Windows Pagefile To Improve Security
One way to read your pagefile would be to boot a Linux CD and use a hex editor to view it. Likely some of the contents would be text. Skimming it you would likely find sections with readable text. | | My System Specs | | System Manufacturer/Model Number HP Media Center
OS Windows 7 32 bit
CPU AMD 5200+ dual core
Memory 2 GB
Graphics Card NVidia GeForce 6150SE 128 MB
Monitor(s) Displays CRT
Screen Resolution 1280x1024
Keyboard PS/2
Mouse PS/2 Wheel Mouse
Hard Drives 500 GB Sata internal :
SIIG USB 3.0 docking stations w/WD Caviar Black 6 Gb/s drives
Other Info SIIG USB 3.0 PCIexpress card.
|
01 Oct 2012
|
#24 | |
|
Quote: Originally Posted by Britton30 Look, none of your comments have had any bearing on my original question. I don't have a laptop, please read the comments. My last post was not directed at you. | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Alienware Aurora ALX R4
OS Windows 7 x64 (SP1)
CPU Intel Core i7-3930K (3.2GHz, Turbo 4GHz)
Motherboard Alienware Aurora-R4 x79
Memory 4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card Nvidia Geforce GTX 690 (Stock)
Sound Card RealTek Integrated Audio
Monitor(s) Displays Dell UltraSharp U3011
Screen Resolution 2560x1600
PSU 875W Some Dell PSU <.<
Hard Drives Samsung P830 256 GB, WD Raptor 150GB, 2x 1TB HDDs
Other Info Dell Inspiron Mini 10v (Intel Atom N270 1.6 GHz; 1GB; Windows 7 Ultimate)
|
01 Oct 2012
|
#25 | |
Windows 7 Ultimate X64 SP1 Mt. Crumpit/Whoville |
Quote: Originally Posted by whs Gary, let's go back to basics.
The pagefile is an 'extension' of your RAM. Whenever you run short of RAM and there is a request by a program for RAM, Superfetch will page-out the lowest priority (the one that has not been used for the longest time) part of the occupied RAM in order to make room for the new request. Now that could be anything that happens to linger around in RAM at this point in time.
The good news is that with our modern PCs that have 4GB or more of RAM, chances are slim that anything gets paged out at any time. The page requests (hard faults) that you may see e.g. in the Resource Monitor are mostly fake paging requests. Those occur because Superfetch uses the paging mechanism to populate RAM without really populating the page file.
Quote: Originally Posted by MilesAhead The storage tends to be data allocated by programs. For example, if I wrote a program that changes a graphics file from one format to another, I might allocate a few hundred MB for a buffer to read the whole file into. If memory is short on the system, when another app needs memory, my data may be "swapped out" to the page file.
Program code is considered to already be "paged" in the exe file that sits on disk. That's one reason why the OS frowns on altering code in memory. That and security/malware reasons. But if you can alter the code in ram then the image on disk is not an accurate copy anymore etc..
If your machine was actually some financial server or constantly processed credit card info, then you may want to encrypt the page file for security.
Here's a couple of links with some more info. Pagefile.sys - Forensics Wiki Encrypt Your Windows Pagefile To Improve Security
One way to read your pagefile would be to boot a Linux CD and use a hex editor to view it. Likely some of the contents would be text. Skimming it you would likely find sections with readable text. Thanks! | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Home Built Desktop By DataTech
OS Windows 7 Ultimate X64 SP1
CPU Intel i5-2550K, Differing ~4.4-4.8GHz No built in GPU
Motherboard ASUS P8Z68-V PRO/GEN3
Memory 16GB G.Skill Sniper 2133MHz 4x4GB
Graphics Card ASUS ENGTX460 DirectCU/2DI/1GD5 GeForce GTX 460
Sound Card Onboard Realtek 5-1
Monitor(s) Displays Samsung P2570HD
Screen Resolution 1920x1080
Keyboard Old, beat-up Dell USB From 10 yrs Ago
Mouse Gigabyte m6900 wired
PSU Corsair HX650W
Case Inwin Dragon Rider
Cooling Hyper 212 EVO w/two Noctua fans, push-pull, @1300 RPM
Hard Drives Crucial M4 128GB for OS, 750GB Seagate MomentusXT for data, 500GB Seagate Constellation for storage
Internet Speed 8-19 Mbs down, 3-4 Mbs up Comcast Cable
Antivirus Norton Internet Security
Browser IE 9, Opera when needed
Other Info 4 case fans, LG BluRay-RE, ASUS DVD-RW, Mr. Fusion power generator with flux capacitor, 1.21 gigawatts.
|
01 Oct 2012
|
#26 | |
Windows 7 Ultimate X64 SP1 Mt. Crumpit/Whoville |
Quote: Originally Posted by logicearth
Quote: Originally Posted by Britton30 Look, none of your comments have had any bearing on my original question. I don't have a laptop, please read the comments. My last post was not directed at you. My appologies.  | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Home Built Desktop By DataTech
OS Windows 7 Ultimate X64 SP1
CPU Intel i5-2550K, Differing ~4.4-4.8GHz No built in GPU
Motherboard ASUS P8Z68-V PRO/GEN3
Memory 16GB G.Skill Sniper 2133MHz 4x4GB
Graphics Card ASUS ENGTX460 DirectCU/2DI/1GD5 GeForce GTX 460
Sound Card Onboard Realtek 5-1
Monitor(s) Displays Samsung P2570HD
Screen Resolution 1920x1080
Keyboard Old, beat-up Dell USB From 10 yrs Ago
Mouse Gigabyte m6900 wired
PSU Corsair HX650W
Case Inwin Dragon Rider
Cooling Hyper 212 EVO w/two Noctua fans, push-pull, @1300 RPM
Hard Drives Crucial M4 128GB for OS, 750GB Seagate MomentusXT for data, 500GB Seagate Constellation for storage
Internet Speed 8-19 Mbs down, 3-4 Mbs up Comcast Cable
Antivirus Norton Internet Security
Browser IE 9, Opera when needed
Other Info 4 case fans, LG BluRay-RE, ASUS DVD-RW, Mr. Fusion power generator with flux capacitor, 1.21 gigawatts.
|
01 Oct 2012
|
#27 | |
Windows 7 Home Premium 64 bit. SP-1 Northern Ohio |
This might be of some interest. Couldn't find it our Tutorials. How to Clear Virtual Memory Pagefile upon shutdown in Windows 7? | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Home made Desktop
OS Windows 7 Home Premium 64 bit. SP-1
CPU Intel i7-960-3.2 @ 4.25
Motherboard ASUS P6X58D-E
Memory KINGSTON KHX2000C9, Hyper X,12 GIGS
Graphics Card MSI/Nvidia/460GTX-Cyclone 1GD5/OC
Monitor(s) Displays DYNEX 40 IN.
Screen Resolution 1920-1080 or 1280-720 HDMI
Keyboard M/S 3000 v 2.0 wireless
Mouse M/S 5000 wireless
PSU Corsair AX-850 Plus Gold
Case Corsair 600T (Black) + side panel with 2 140 mm Noctua fans
Cooling Corsair H50/2 Noctua NF-P12 (120 mm) Push/Pull-
Hard Drives INTEL SSD 120GB-SER 510
Seagate 1TB SATA 600 7200 rpm Hard Drive
Internet Speed 3.0 mb
Antivirus Microsoft Security Eesentials
Browser I.E. 10 default/Firefox
Other Info LG BluRay-Read/Write
Sound system
KLipsch-THX
Asus Router RTN-12
2 Noctua 140 added on top of 600t case
Malwarebytes Anti Malware Professional
Windows 7 Firewall
|
01 Oct 2012
|
#28 | |
Windows 7 Ultimate X64 SP1 Mt. Crumpit/Whoville |
| | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Home Built Desktop By DataTech
OS Windows 7 Ultimate X64 SP1
CPU Intel i5-2550K, Differing ~4.4-4.8GHz No built in GPU
Motherboard ASUS P8Z68-V PRO/GEN3
Memory 16GB G.Skill Sniper 2133MHz 4x4GB
Graphics Card ASUS ENGTX460 DirectCU/2DI/1GD5 GeForce GTX 460
Sound Card Onboard Realtek 5-1
Monitor(s) Displays Samsung P2570HD
Screen Resolution 1920x1080
Keyboard Old, beat-up Dell USB From 10 yrs Ago
Mouse Gigabyte m6900 wired
PSU Corsair HX650W
Case Inwin Dragon Rider
Cooling Hyper 212 EVO w/two Noctua fans, push-pull, @1300 RPM
Hard Drives Crucial M4 128GB for OS, 750GB Seagate MomentusXT for data, 500GB Seagate Constellation for storage
Internet Speed 8-19 Mbs down, 3-4 Mbs up Comcast Cable
Antivirus Norton Internet Security
Browser IE 9, Opera when needed
Other Info 4 case fans, LG BluRay-RE, ASUS DVD-RW, Mr. Fusion power generator with flux capacitor, 1.21 gigawatts.
|
01 Oct 2012
|
#29 | |
Windows 7 Home Premium x64 SP1 Bay Area Peninsula |
That will make for a very slow shutdown BTW. It is something to consider when an OP complains of slow shutdown. A Guy | | My System Specs | | OS Windows 7 Home Premium x64 SP1
CPU INTEL Core i5-750 Quad-Core 3.37GHz
Motherboard ASUS P7P55D
Memory KINGSTON 4GB (2 x 2GB) HyperX PC3-12800 DDR3 1600MHz CL8
Graphics Card MSI N240GT-MD1G/D5 GeForce GT 240 1GB 128-bit GDDR5
Monitor(s) Displays Samsung SyncMaster B2430H 24"
Screen Resolution 1920 x 1080
PSU ANTEC TruePower New TP-550, 80 PLUS, 550W
Case ANTEC Three Hundred Illusion
Cooling COOLER MASTER Hyper 212 Plus, 4 x 120mm 1 x 140mm Noctua's
Hard Drives Intel X25M Gen2 80GB, SEAGATE 500GB Barracudaź 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
Internet Speed 20 + Mbps
Antivirus Avast
Browser Opera
|
01 Oct 2012
|
#30 | |
Windows 7 Ultimate X64 SP1 Mt. Crumpit/Whoville |
Quote: Originally Posted by A Guy That will make for a very slow shutdown BTW. It is something to consider when an OP complains of slow shutdown. A Guy True, it went from ~48 seconds to 62 for a reboot. | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Home Built Desktop By DataTech
OS Windows 7 Ultimate X64 SP1
CPU Intel i5-2550K, Differing ~4.4-4.8GHz No built in GPU
Motherboard ASUS P8Z68-V PRO/GEN3
Memory 16GB G.Skill Sniper 2133MHz 4x4GB
Graphics Card ASUS ENGTX460 DirectCU/2DI/1GD5 GeForce GTX 460
Sound Card Onboard Realtek 5-1
Monitor(s) Displays Samsung P2570HD
Screen Resolution 1920x1080
Keyboard Old, beat-up Dell USB From 10 yrs Ago
Mouse Gigabyte m6900 wired
PSU Corsair HX650W
Case Inwin Dragon Rider
Cooling Hyper 212 EVO w/two Noctua fans, push-pull, @1300 RPM
Hard Drives Crucial M4 128GB for OS, 750GB Seagate MomentusXT for data, 500GB Seagate Constellation for storage
Internet Speed 8-19 Mbs down, 3-4 Mbs up Comcast Cable
Antivirus Norton Internet Security
Browser IE 9, Opera when needed
Other Info 4 case fans, LG BluRay-RE, ASUS DVD-RW, Mr. Fusion power generator with flux capacitor, 1.21 gigawatts.
Can the page file be read? problems? All times are GMT -5. The time now is 07:14 PM. |  |
