|
From: Szakacsits S. <sz...@si...> - 2004-03-24 14:03:29
|
On Mon, 1 Mar 2004, Szakacsits Szabolcs wrote: > Might pagefile.sys has data used between reboots, as sometimes Linux swap? Veteran Microsoft engineer writes to his blog at http://blogs.msdn.com/larryosterman/archive/2004/03/18/92010.aspx Nowadays, NT doesn't always write the entire contents of memory out - it's controlled by a setting in the Startup and Recovery settings dialog on the Advanced tab of the system control panel applet - there are 4 choices - None, a small "minidump", a Kernel memory dump and a full memory dump. Only the full memory dump will write all of RAM, the others limit the amount of memory that's written out. But it still goes to the paging file. Of course I believe when I checked it out, although I suspected this. And since there is this often used thus robust feature then perhaps it's also used in other cases ... This also lead again to a very important question: how do we know if Windows crashed and NTFS is dirty? I thought the VOLUME_IS_DIRTY flag is supposed to mark this. I checked it out and it doesn't. After a crash it isn't set. Apparently it isn't even set when NTFS is mounted. Szaka |
