How do I get the information shown in vmmap programatically?

Question

As anyone who has watched the Mark Russovich talk "Mysteries of Memory Management Revealed" knows, the vmmap tool can show you things that count against your process limit (2GB on vanilla 32 bit windows) that few other tools seem to know about.

I would like to be able to programmatically monitor my real total memory size (the one that's germane to the process limit) so I can at least log what's going on when I approach the process limit. Is there any information publicly available on how vmmap does this?

... Also, why is this information so darn hard to get??

Things I know about that (AFAIK) don't quite give you the full picture:

• ::GetProcessMemoryInfo looks like it only returns info about private memory usage
• System.Diagnostics.Process.VirtualMemorySize64 returns a pretty large number that still doesn't quite match the total shown by vmmap -- in fact it doesn't match ANYTHING shown in vmmap :(

Answer 1

I used the Dependency Walker to look at which Windows API functions were imported from Kernel32.dll by vmmap.exe and found the following functions which are probably relevant:

VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtectEx
VirtualQueryEx

Take a look at those and see if you can find what vmmap is doing. Of course any other API calls made dynamically (i.e. via LoadLibrary) would not show up in the dependency walker. It's also known to be broke when dealing with side-bys-de loaded DLLs.

Answer 2

There is an open-source command-line implementation of VMMap-like functionality in twpol/vmmap, and it successfully shows all of the same information about a process that SysInternals VMMap does.

See also this fork which implements fast heap enumeration, but I haven't personally tested this one.