Using PoolMon to Find a Kernel-Mode Memory Leak

If you suspect there is a kernel-mode memory leak, the easiest way to determine which pool tag is associated with the leak is to use the PoolMon tool.

PoolMon Poolmon. GFlags is included in Debugging Tools for Windows. You must restart Windows for this setting to take effect. For more details, see GFlags. The PoolMon header displays poolmon windows 10 download free total paged and non-paged pool bytes.

The columns show нажмите чтобы прочитать больше use for each pool tag. The display is updated automatically every few seconds.

For example:. PoolMon has command keys that sort the output winfows to various criteria. Press the letter associated with each command in order to re-sort the data. It takes a few seconds for each command to work. Limits the tags shown to nonpaged pool, paged pool, or both. Repeatedly pressing P cycles through poolmon windows 10 download free of these options, in that order.

If you have determined that the ссылка на продолжение is occurring in non-paged pool, press P once; if windwos have determined that it is occurring in paged dowlnoad, press P twice.

Poolmon windows 10 download free you do not know, do not press P and both kinds of pool are included. Take a new screen shot every half hour. By comparing screen shots, determine which tag’s bytes are increasing. Typically, after an application reaches a stable running state, it allocates memory and free memory at roughly the same rate.

If it tends to allocate memory faster than it poolmon windows 10 download free it, its memory use will grow over time. This often indicates a memory leak. After you have вот ссылка which pool tag is associated with the leak, this might reveal all you need to know about the leak. If you need to determine which specific instance of the allocation routine читать causing the leak, see Using the Kernel Debugger to Find Kernel-Mode Memory Leaks.

View all page feedback. In this article. Causes the display to include the paged and non-paged totals across the bottom.


If you do poolmon windows 10 download free specify a local tag file and PoolMon cannot find a localtag. Normally, the size of the non-paged pool rarely exceeds MB. All other parameters are typed while PoolMon is running. Click Properties, go downpoad the details tab to find the Product Name. Starting PoolMon changes the data, so you must let it run until it reaches a steady state and the data is reliable.


Go to the PoolMon directory. Starting PoolMon changes the data, so you must let it run until it reaches a steady state and the data is reliable. Stop PoolMon, wait for 30 minutes, and then restart PoolMon. When data collection is complete, examine the following values for each tag, and note any that continually increase: Diff allocations minus free bytes Bytes number of bytes allocated minus number of bytes freed Examine the allocations that were increasing, and determine whether the bytes are now freed.

Sorted by: Reset to default. Highest score default Date modified newest first Date created oldest first. To see which processes use it, install the Windows Performance Toolkit which is part of the Windows 10 SDK , open a command prompt as admin and run this command: wpr. Also the combined non- paged pool usage is nearly 2GB.

Now look which pooltag uses most memory as shown here: Now open a cmd prompt and run the findstr command. Fixing both issues could get nearly 4GB back. Improve this answer. I tried searching for it in the drivers folder, but no results. Any ideas how to identify the real source? The poolmon didn’t find anything big. I know that Lenovo “RapidBoot Shield” causes it. Show 6 more comments. As a rule, these are network drivers. Please, pay attention to the pool behavior when downloading large files most likely, it grows rapidly.

Maximum non-paged pool size on Windows:. Only the Windows reboot helps to clean up the non-paged pool. This service can be disabled without much loss of Windows functionality.

Or through the registry:. You can try to identify the driver that caused the memory leak in the non-paged pool. To do this, we need the Poolmoon.

Then start the Poolmon. After you have started the tool, press P. The second column will display the tags of the processes that use non-paged memory the Nonp attribute. Then press the B key to sort the driver list by the Bytes column. Booo 2. Not Geeky 3. Average 4. Good 5. Major Geeks Special Offer:. The interface can also be tweaked some, and you can refresh or refresh intervals, dynamic sort, and show or hide the status bar.

PoolMonX doesn’t build upon, nor complicate PoolMon.