Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Can the page file be read?


01 Oct 2012   #21
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Gary, let's go back to basics.

The pagefile is an 'extension' of your RAM. Whenever you run short of RAM and there is a request by a program for RAM, Superfetch will page-out the lowest priority (the one that has not been used for the longest time) part of the occupied RAM in order to make room for the new request. Now that could be anything that happens to linger around in RAM at this point in time.

The good news is that with our modern PCs that have 4GB or more of RAM, chances are slim that anything gets paged out at any time. The page requests (hard faults) that you may see e.g. in the Resource Monitor are mostly fake paging requests. Those occur because Superfetch uses the paging mechanism to populate RAM without really populating the page file.


My System SpecsSystem Spec
.

01 Oct 2012   #22
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by logicearth View Post
Furthermore, if your laptop is stolen do you honestly think someone would care enough to pull fragments of your personal information that may or may not be contained in the pagefile when they now have unrestricted access to your personal information stored on the computer in full. Or passwords stored in the browsers log in cache. Why would they bother with the pagefile? (BTW, encryption keys are already protected from being paged out in the first place, they will not be contained in the pagefile.)
Look, none of your comments have had any bearing on my original question. I don't have a laptop, please read the comments.
My System SpecsSystem Spec
01 Oct 2012   #23

Windows 7 32 bit
 
 

Quote   Quote: Originally Posted by Britton30 View Post
Since there is much discussion of overwriting the pagefile.sys I am wondering is there a way to read its contents?

I'd also like to view contents of thumbs.db (I think) just to see what if any info is stored in them.
The storage tends to be data allocated by programs. For example, if I wrote a program that changes a graphics file from one format to another, I might allocate a few hundred MB for a buffer to read the whole file into. If memory is short on the system, when another app needs memory, my data may be "swapped out" to the page file.

Program code is considered to already be "paged" in the exe file that sits on disk. That's one reason why the OS frowns on altering code in memory. That and security/malware reasons. But if you can alter the code in ram then the image on disk is not an accurate copy anymore etc..

If your machine was actually some financial server or constantly processed credit card info, then you may want to encrypt the page file for security.

Here's a couple of links with some more info.

Pagefile.sys - Forensics Wiki

Encrypt Your Windows Pagefile To Improve Security

One way to read your pagefile would be to boot a Linux CD and use a hex editor to view it. Likely some of the contents would be text. Skimming it you would likely find sections with readable text.
My System SpecsSystem Spec
.


01 Oct 2012   #24

Windows 8.1 Pro (x64)
 
 

Quote   Quote: Originally Posted by Britton30 View Post
Look, none of your comments have had any bearing on my original question. I don't have a laptop, please read the comments.
My last post was not directed at you.
My System SpecsSystem Spec
01 Oct 2012   #25
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by whs View Post
Gary, let's go back to basics.

The pagefile is an 'extension' of your RAM. Whenever you run short of RAM and there is a request by a program for RAM, Superfetch will page-out the lowest priority (the one that has not been used for the longest time) part of the occupied RAM in order to make room for the new request. Now that could be anything that happens to linger around in RAM at this point in time.

The good news is that with our modern PCs that have 4GB or more of RAM, chances are slim that anything gets paged out at any time. The page requests (hard faults) that you may see e.g. in the Resource Monitor are mostly fake paging requests. Those occur because Superfetch uses the paging mechanism to populate RAM without really populating the page file.
Quote   Quote: Originally Posted by MilesAhead View Post
The storage tends to be data allocated by programs. For example, if I wrote a program that changes a graphics file from one format to another, I might allocate a few hundred MB for a buffer to read the whole file into. If memory is short on the system, when another app needs memory, my data may be "swapped out" to the page file.

Program code is considered to already be "paged" in the exe file that sits on disk. That's one reason why the OS frowns on altering code in memory. That and security/malware reasons. But if you can alter the code in ram then the image on disk is not an accurate copy anymore etc..

If your machine was actually some financial server or constantly processed credit card info, then you may want to encrypt the page file for security.

Here's a couple of links with some more info.

Pagefile.sys - Forensics Wiki

Encrypt Your Windows Pagefile To Improve Security

One way to read your pagefile would be to boot a Linux CD and use a hex editor to view it. Likely some of the contents would be text. Skimming it you would likely find sections with readable text.
Thanks!
My System SpecsSystem Spec
01 Oct 2012   #26
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by logicearth View Post
Quote   Quote: Originally Posted by Britton30 View Post
Look, none of your comments have had any bearing on my original question. I don't have a laptop, please read the comments.
My last post was not directed at you.
My appologies.
My System SpecsSystem Spec
01 Oct 2012   #27

Windows 7 Pro. 64/SP-1
 
 

This might be of some interest. Couldn't find it our Tutorials.
How to Clear Virtual Memory Pagefile upon shutdown in Windows 7?
My System SpecsSystem Spec
01 Oct 2012   #28
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

My System SpecsSystem Spec
01 Oct 2012   #29

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

That will make for a very slow shutdown BTW. It is something to consider when an OP complains of slow shutdown. A Guy
My System SpecsSystem Spec
01 Oct 2012   #30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by A Guy View Post
That will make for a very slow shutdown BTW. It is something to consider when an OP complains of slow shutdown. A Guy
True, it went from ~48 seconds to 62 for a reboot.
My System SpecsSystem Spec
Reply

 Can the page file be read?




Thread Tools



Similar help and support threads for2: Can the page file be read?
Thread Forum
my windows live profile page is in aribic i cant read aribic Browsers & Mail
How to read Log File Performance & Maintenance
Page file set up? Performance & Maintenance
Can't read bottom of page General Discussion
.dmp file cant read? BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:28 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33