Windows guru Mark Russinovich and his trusty companion, Bryce Cogswell, have done it again: They’ve released a new tool called RAMMap 1.0 as part of Windows Sysinternals. In this post, we’ll show you what the new tool is for and how useful it’s been to us.
A map of your RAM
The name says it all—RAMMap gives you a detailed overview of how your computer’s main memory is used. For instance, you can easily identify the amount of memory being taken up by processes (programs and services) or from device drivers. Even more importantly, RAMMAP shows you all of the files that Windows has currently loaded into RAM. However, please note that RAMMap is for Windows Vista, 7 and Server 2008 only.
Using RAMMap to find out what eats up your memory
If your PC is sluggish, and you have two or four GB of RAM installed, there may be a memory hog eating up all of your resources. Let’s go through the tool step-by-step to find out everything you need to know about your PC’s memory and what you can do to improve it.
- Click here to download RAMMap 1.0. There is no installation required, just unzip the file, and run “RAMMap.exe” on a 32-bit machine or “RAMMap64.exe” under a 64-bit configuration.
- On the first page, you’ll see an overview of the different memory areas and types. (Going deeper and explaining these in more detail would go way beyond the scope of this blog post. To do this, you’d have to understand how Windows Memory Management works. If you’re interested, we recommend Mark Russinovich, David Al Solomon and Alex Ionesco’s fantastic (and very complex) book, “Windows Internals 5th Edition”. It’s absolutely worth a read if you’re even slightly fascinated by how Windows works.) Next, click on “File Summary”.
- You’ll see each and every file Windows has stored in memory. To spot memory hogs, filter by size by clicking on “Total.”
If you see a file that’s taking up an unusual amount of RAM, for example, 200 or more MB, you should investigate further. For instance, when you see a file or process that uses up a lot of memory, do an online search, and figure out what it is. Maybe it’s part of a program that you don’t need and can safely uninstall. Or, maybe it’s part of a startup program that you can turn off.
In fact, on one machine used by a family member of mine, I ran the tool and found this “little” file:
This made me quite suspicious: An executable file inside Windows 7′s log file directory taking up over 200 MB of RAM?! That doesn’t add up. A Google search didn’t reveal anything, and the virus scanner installed showed that everything was okay.
To me, this looked like a virus disguising itself deep inside the Windows directory, creating a random “.exe” filename for itself and taking up unusual amounts of RAM. I deleted the file in Windows safe mode (where it was apparently not loaded) and performed a thorough scan using Microsoft Security Essentials which is currently my favorite virus scanner. The scanner found not one but many undetected viruses, and was able to delete them.
So, in fact, by being curious and testing RAMMap on a handful of systems, I found not only a memory hog but also a virus!
Intrigued? This was only one area in which RAMMap could help identify memory-related problems on your machine. What have you found on your machines? If you identified a memory hog, let us know.