Silver's Weblog - Empty Windows' System File Cache

Empty Windows' System File Cache

Reading Startup, part 1, where Vladimir Vukićević is measuring warm and cold start times for Firefox, he mentions that he is doing the work on Mac OS X rather than Windows because there is a simple tool to empty the system's file cache to test cold starts without actually restarting the OS. I like challenges.

There isn't, it seems, a nicely documented API for doing this on Windows - it certainly isn't something the majority of applications would want to do, though, either. However, there is an undocumented API for it: NtSetSystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG) (it has a slightly documented sibling for getting information, NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG)). These are actually fairly generic wrappers around a whole load of kernel things; the undocumented information class of interest here is "SystemCacheInformation" (value 0x15), which lets you get and set information about the system file cache.

Each information class for NtSetSystemInformation/NtQuerySystemInformation has a single structure, which goes into the 2nd argument (and its size into the 3rd). For 32bit (applications; not OS) the cache information structure can be defined like this:

   typedef struct _SYSTEM_CACHE_INFORMATION {
       unsigned long CurrentSize;
       unsigned long PeakSize;
       unsigned long PageFaultCount;
       unsigned long MinimumWorkingSet;
       unsigned long MaximumWorkingSet;
       unsigned long Unused1;
       unsigned long Unused2;
       unsigned long Unused3;
       unsigned long Unused4;

Along very similar lines to SetProcessWorkingSetSize, specifying the minimum and maximum working set values as 0xFFFFFFFF signals to flush as much as possible out of the system file cache, which gets it down to less than 100KB by the time I can check it afterwards.

Simple, really.

The rest of the code I wrote is to enable the SE_INCREASE_QUOTA privilege Administrator users have, which is necessary to call the API. I believe the executable will work on anything from Windows 2000 and up, with no external dependencies; I've tested it on Windows XP 32bit and Windows 7 64bit. You will obviously need to run it elevated (run as Administrator).

Executable and Code: purge.exe and purge.cpp.

Permalink | Author: | Tags: Cache, File, Windows | Posted: 01:28AM on Wednesday, 29 July, 2009 | Comments: 0

Powered by the Content Parser System, copyright 2002 - 2014 James G. Ross.