How to use Memory Pool Monitor (Poolmon.exe) to troubleshoot kernel mode memory leaks

INTRODUCTION

This article describes how to use the Memory Pool Monitor utility, Poolmon.exe, as a troubleshooting tool to monitor memory tags.

Poolmon displays data that the operating system collects about memory allocations from the system paged and nonpaged kernel pools and about the memory pools used for Terminal Services sessions. The data is grouped by pool allocation tag. This information can be used by Microsoft Technical Support to find kernel mode memory leaks.

A memory leak is caused by an application or by a process that allocates memory for use but that does not free the memory when the application or process finishes. Therefore, available memory is completely used over time. Frequently, this condition causes the system to stop functioning correctly.

In this case, the following events may be logged in the System log:

More Information

The first section that follows describes how to enable tag mode for using Poolmon. The second section describes how to gather the information for troubleshooting by using Poolmon.

Enabling Tag Mode

Before running PoolMon, you must enable pool tagging and then restart your computer. The pool tagging feature collects and calculates statistics about pool memory sorted by the tag value of the memory allocation.

Note It is not necessary to enable pool tagging in Windows Server 2003 as it is enabled by default.

To enable pool tagging on a Windows NT 4.0-based, Windows 2000-based, or Windows XP-based computer, use one of the following methods:

Method 1: Edit the Registry

To change the registry value that enables tag mode for Poolmon.exe, follow these steps.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. Run Registry Editor.
  2. Locate the following key in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  3. Write down the value of GlobalFlag, or save the Session Manager key.
  4. Double-click the GlobalFlag value in the right pane.
  5. Change the value to 0x00000400hexadecimal.

    Note When you add the global flag value 0x00000400, it only shows up as being 0x400 after it is added. It is important to add all of the leading zeros or some of the Poolmon information will not display on the output screen.
  6. Restart the computer.
Note When you are finished debugging, change the GlobalFlag value back to the original value that you were instructed to write down in step 3.

Method 2: Use the Gflags.exe Utility

You can also use the Global Flags Editor (Gflags.exe) utility to enable pool tagging. Gflags.exe is available in the Windows NT 4.0 Resource Kit and in the \Support\Tools folder of Windows 2000, Windows XP, and Windows Server 2003 CD-ROMs.

Note Because pool tagging is permanently enabled in Windows Server 2003, the Enable Pool Tagging check box in the Global Flags dialog box is dimmed and commands to enable or disable pool tagging fail.

To make the change by using Gflags.exe, follow these steps:
  1. Click Start, click Run, type gflags.exe, and then click
    OK.
  2. Select Enable Pool Tagging.
  3. Click Apply, and then click
    OK.
  4. Restart the computer.
Note When you are finished debugging, repeat the above steps to disable pool tagging.

Using Poolmon to Collect Information

PoolMon displays pool tag information within a command window. Use the arrow keys or the PAGE UP and PAGE DOWN keys to display all the tag information returned by the tool.

Poolmon.exe is available in the Windows NT 4.0 Resource Kit and in the \Support\Tools folder of Windows 2000, Windows XP, and Windows Server 2003 CD-ROMs.

Use the following steps to copy and store the tag information. Repeat these steps for two hours at 15 minute intervals. Append each update to the end of the Notepad file.
  1. Click Start, point to
    Settings, click Control Panel, and then double-click Console.

    Note For Windows 2000 you must perform the following steps:
    1. Click Start, click
      Run, type cmd, and then click
      OK.
    2. Right-click the title bar, and then click
      Properties.
  2. Click the Options tab, click
    QuickEdit Mode, and then click Insert Mode.
  3. Click the Layout tab, change the
    Screen Buffer Size value to 99, and then click OK.
  4. Click Start, point to
    Programs, and then click Command Prompt.
  5. Locate Poolmon.exe in the Support\Debug\platform folder on the Windows NT 4.0 CD. Change to the drive and folder where Poolmon.exe is located. On the Windows 2000 CD Poolmon.exe is in the Support.CAB file. Support.CAB is located under the \Support\Tools folder.
  6. Type Poolmon.exe.
  7. Press P until Poolmon displays the second column "type" and shows the value paged.
  8. Press B to sort the columns from largest to smallest.
  9. Select the whole screen contents, and then press ENTER.
  10. Click Start, point to
    Programs, point to Accessories, and then click Notepad.
  11. On the Edit menu, click
    Paste.
  12. Repeat step 7 to look for the value nonpaged.
  13. Repeat steps 8 - 11 to paste.
Poolmon.exe also has a few command keys that sort the output for you. Press the letter indicated below to perform the operation. It takes a few seconds for each command to work. Here is a list of a few of the commands:
P - Sorts tag list by Paged, Non-Paged, or mixed. Note that P cycles through each one.
B - Sorts tags by max byte usage.
M - Sorts tags by max byte allocation.
T - Sort tags alphabetically by tag name.
E - Display Paged, Non-paged total across bottom. Cycles through.
A - Sorts tags by allocation size.
F - Sorts tags by "frees".
S - Sorts tags by the differences of allocs and frees.
E - Display Paged, Non-paged total across bottom. Cycles through.
Q - Quit.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

298102 How to find pool tags that are used by third-party drivers

Atribuudid

Artikli ID: 177415 – viimati läbi vaadatud: 15. märts 2008 – redaktsioon: 1

Tagasiside