Menu
Active3 years, 8 months ago
![Windows Windows](/uploads/1/2/4/9/124959450/648419909.png)
Windows 8.1
I am trying to use poolmon.exe to find memory issues on a Windows 2008 server. Does anyone know instructions on how to use this tool for a 2008 server? I have some instructions for 2003 but it does not seem to be the same. This article describes a memory leak issue that occurs in the svhdxflt.sys filter driver in Windows Server 2012 R2. The leak occurs against nonpaged pool with the svxp tag. You can fix this issue by using the update in this article. Before you install this update, see the Prerequisites and the Restart requirement section. What is Event ID 2012 In Windows Server 2012 R2? We explain in detail and possible solutions to resolve and fix the problem in your environment. Before running any version of PoolMon on Windows XP or earlier versions of Windows, you must enable pool tagging. Pool tagging is permanently enabled on Windows Server 2003 and later versions of Windows. The pool tagging feature collects and calculates statistics about pool memory sorted by the tag value of the allocation. There are several available techniques to schedule poolmon, however that is beyond the scope of this article. Poolmon has shipped with many different packages over the years; it is currently available with the Windows Driver Kit. If you install the WDK to the default folder, poolmon will be in “C: Program Files (x86) Windows Kits 8.0 Tools.
I have non-pool memory value about 3 Gb from total 6 Gb on windows server 2012. I think it's memory leak, see screens:
Top process:
Bamboo uses Microsoft Visual Studio 2013 to build project and run tests.
- How to determine bad process?
- And how to solve problem? May be it's possible to dispose this leak?
Andrey Burykin
Andrey BurykinAndrey Burykin
1 Answer
You have a memory leak caused by a driver, not by an application. Look at the high value of nonpaged kernel memory. In your case this is 2.7 GB. You can use poolmon to see which driver is causing the high usage.
Install the Windows WDK, run poolmon, sort it via P after pool type so that non paged is on top and via B after bytes to see the tag which uses most memory. Run poolmon by going to the folder where WDK is installed, go to Tools (or C:Program Files (x86)Windows Kits8.1Toolsx64) and click poolmon.exe.
SynopsisIn the year After Colony 195, after decades of oppression from the United Earth Sphere Alliance and its secret weapons organization, OZ, a group of rebels in the space colonies send down five mobile suits known as 'Gundams' to overthrow the militaristic regime.
Four of the Gundams successfully make it to Earth, but the fifth, Wing Gundam, is intercepted during its descent by OZ's Lieutenant Zechs Merquise and it crashes into the Pacific Ocean.
![Gundam wing episode 1](https://vignette.wikia.nocookie.net/toonami/images/9/9a/MRGundamWing.jpg/revision/latest?cb=20160726185703)
Now look which pooltag uses most memory as shown here:
Now open a cmd prompt and run the findstr command. To do this, open cmd prompt and type 'cd C:WindowsSystem32drivers' to go to the drivers directory, without quotes. Then type
findstr /s __ *.*
, where __
is the tag that you see in poolmon.After doing this to see which driver uses this tag:
Now, go to the drivers folder (C:WindowsSystem32drivers) and right-click the driver in question (
intmsd.sys
in the above image example). Click Properties, go to the details tab to find the Product Name. Look for an update for that product.If you can't find a driver to the pooltag, look in the pooltag.txt if the tag is used by a Windows driver.
If you find the tag in the pooltag.txt, you need to capture a grow of the pool usage with xperf. First, you have to install the Windows Performance Toolkit. Next open a cmd prompt (cmd.exe) as admin and run this:
xperf -on BASE+Pool -stackwalk PoolAlloc+PoolFree -buffersize 2048 -MaxFile 1024 -FileMode Circular && timeout -1 && xperf -d C:trace_pool_alloc.etl
Now open it in WPA.exe, load the debug symbols and look for the tag that you saw in poomon under
AIFO
(allocated insde freed outside) and expend the stack. From the function names you may have any idea what is going on.In this example the
magicandre1981magicandre1981FILE
tag usage comes from a tool called locate32 which scans the HDD to build up its search index.18.4k33 gold badges5555 silver badges9191 bronze badges
Not the answer you're looking for? Browse other questions tagged visual-studio-2013memory-leaksserverbamboowindows-server-2012-r2 or ask your own question.
Active3 years, 10 months ago
Is there a version of poolmon available for Windows Server 2008 64-bit? This KB article says it only applies to versions up to Server 2003. Is this tool (or something equivalent) available for Server 2008?
(I'm new to the Windows Server world, and looking for tools to help track down an apparent kernel-space memory leak on some servers running particular web services. I would also welcome any suggestions for other tools to use.)
Adam HolmbergAdam Holmberg
3 Answers
this version of poolmon works on my Windows 7 X64 bit, and on 2008 i am pretty sure
Mathieu ChateauMathieu Chateau
If you get the Windows Driver Kit from Microsoft and install it selecting the tools option, it will install both a 32 bit and 64 bit Poolmon in the ..ToolsOther folder. Command line options can be found in this msdn documentation.
Leigh RiffelPoolmon Windows Server 2012 R2 Key
Leigh Riffel41022 gold badges99 silver badges2222 bronze badges
Download Windows Driver Kit (WDK) 8.1 Update to get the tools to build, test, debug, and deploy drivers for Windows 8.1 Update, Windows 8.1, Windows 8, and Windows 7. When you have the WDK, we recommend that you install the WDK 8.1 Test Pack. It has tests for device fundamentals, graphics, imaging, mobile broadband (CDMA, GSM, and WLAN), sensors, and other utilities. Learn what's new in the WDK.
sambonsambon