When a process allocates memory, but does not free it when finished, available memory will eventually be completely used up.
Poorly written device drivers often leak memory.
The Poolmon.exe utility can be used to monitor for memory leaks. Poolmon.exe is available in the Support\Tools folder for Windows 2000, Windows XP, and Windows Server 2003, and from the Windows NT 4.0 Resource Kit.
In order to use Poolmon, you must first enable pool tagging. Pool tagging is enabled by default in Windows Server 2003. To enabled it for the other Windows NT-based operating systems:
1. Start / Run / Gflags.exe / OK.
2. Select Enable Pool Tagging.
3. Press Apply and OK.
4. Shutdown and restart your computer.
NOTE: When you are finished debugging, disable pool tagging.
Prior to using Poolmon, you should adjust the properties of your CMD processor:
1. Start / Run / CMD.exe / OK.
2. Right-click the title bar and press Properties.
3. Select the Options tab.
4. Check QuickEdit Mode and Insert Mode.
5. Select the Layout tab.
6. Change the Screen Buffer Size Height to 99 and press OK.
7. On the Apply Properties to Shortcut dialog, select Modify shortcut that started this window and press OK.
To collect information from Poolmon repeat the following procedure every 15 minutes for at least two hours. Append the collected information at the end of a Notepad file:
1. Start / Run / CMD.exe / OK.
2. Type Poolmon.exe.
3. Press P until Poolmon displays the second column type and shows the value paged.
4. Press B to sort the columns from high to low.
5. Select the whole screen contents and then press ENTER to copy the information to the clipboard.
6. Open Notepad and Paste the information from the clipboard. The first time you do this, use Save As to name the file.
7. Press P until Poolmon displays the second column type and shows the value nonpaged.
8. Select the whole screen contents and then press ENTER to copy the information to the clipboard.
9. Open the file you created in step 6 and Paste the information from the clipboard to the end of the file. Save the file.
Inspect the various memory allocations to determine what is leaking.
NOTE: See How do I determine a driver name from a pool tag?
NOTE: Poolmon commands:
P - Sorts tag list by Paged, Non-Paged, or mixed. Cycles the display. B - Sorts tags by max byte usage. M - Sorts tags by max byte allocation. T - Sort tags alphabetically by tag name. E - Display Paged, Non-paged total across bottom. Cycles the display. A - Sorts tags by allocation size. F - Sorts tags by "frees". S - Sorts tags by the differences of allocs and frees. E - Display Paged, Non-paged total across bottom. Cycles the display. Q - Quit.
