In this article, we help you identify and find memory leak with Poolmon in Windows environments.
Of many issues, you may face with your Windows ecosystem, one pressing issue that may need attention would be the memory leak problem. Memory leaks can be of quite a few types. One standard error you may come across includes Kernel level Memory Leak issue. How would you solve it? We will guide you through the process in today’s tutorial.
What is a Memory Leak?
Under normal circumstances, a process allocates the memory from a paged or non paged pool. However, it can at times fail to free the memory. While new processes are allocated memory, the older memory allocated to the previous processes is not released back to the OS.
This causes the limited memory of the pools to deplete over time. As a result, your system begins slowing down. When the memory in the pools is completely exhausted, it causes a complete failure of your system. The process involved in finding a memory leak and resolving it would necessarily require the exact root-cause of the memory leak and address it.
Ideally, memory leaks can happen in two ways- a Kernel Mode Memory Leak and a User Mode Memory Leak. There are several ways employed to address a memory leak issue depending upon the cause of the problem.
If you are suspecting a Kernel Mode memory leak in your device, the best option you can employ to resolve it is to use Poolmon. Poolmon is a utility that keeps track of the memory usage by the pool by their tag name.
Poolmon is included into your Windows Driver Kit, usually referred to as WDK. Here is how you would be able to use Poolmon to address the concern of Kernel Mode memory Leak.
Here are the steps you can follow to identify memory leaks in kernel Mode through Poolmon.
If you are on Windows XP or Windows 2000, you would need to enable it. If you are on the later version of Windows, you will find it already enabled by default.
Here is how you can enable Poolmon on Windows XP and Windows 200 –
Restart your computer for all the changes you made to take effect.
Poolmon displays the paged and non paged pool bytes in its header. The information is updated every few seconds.
Follow the procedure here to find the memory leak in your system –
Stop the test and repeat the tests after a while once again. Check how much memory was released. Ideally, an application should allocate and free memory almost at a constant rate. In case if you find an application allocating memory at a faster pace than that it frees, then it would be an indication to prove that there is a memory leak.
If you are using Poolmon, you should be aware of a few commands so that you can work with it appropriately. Here is the list of the commands used with Poolmon.
Please note that Poolmon is only a monitoring utility. It would monitor the pool tags and the memory usage handled by them. Thus, you can use them to guide you on which tags are using a high amount of memory and therefore are causing a memory leak. It cannot be used to solve the issue of memory leaks.
Once you have identified the tag that is associated with the memory leak, you can use other tools to determine the exact reason to identify the instances of memory leak. Kernel Debugger can be one of the tools that can be helpful in that regard. Explaining those tools, however, is beyond the scope of this article. However, Poolmon can be your best bet if you are facing memory leak issues and attempting to sort it out.
Poolmon is indeed an excellent choice for identifying the memory leak issues on your device at the Kernel level. Memory leak issues can severely degrade the performance of your system and as such need to be addressed right in time. We assume we have been able to guide you in the right way to use Poolmon in identifying the occurrence of memory leak on your Windows system. Once you have found the existence of the leak and the tags that are causing it, it should be quite easy to see the solutions through other means.
Comments are closed.