![]() Using this procedure, you can determine which code resident in memory is overallocating pool with the tag Abc. Each time the debugger breaks on one of these allocations or free operations, use the kb (Display Stack Backtrace) debugger command to view the stack trace. The debugger will break every time that pool is allocated or freed with the tag Abc. To verify the current value of PoolHitTag, use the db (Display Memory) command: kd> db nt!poolhittag L4 So use the following command: kd> ed nt!poolhittag ' cbA' Because pool tags are always four characters, this tag is actually A-b-c-space, not merely A-b-c. The tag value must be entered in little-endian format (that is, backward). The module name "nt" should be specified for faster symbol resolution. ![]() Set PoolHitTag equal to the tag that you suspect to be the source of the memory leak. This global variable causes the debugger to break whenever a pool tag matching its value is used. Use the ed (Enter Values) command to modify the value of the global system variable PoolHitTag. Therefore, the memory leak is most likely to be in this driver.Īfter you have determined the pool tag associated with the leak, follow this procedure to locate the leak itself: ![]() In this example, the driver using the tag "Abc" is using the most memory-almost 34 MB. Include the flag "4" to sort the output by paged memory use: kd> !poolused 4ĭetermine which pool tag is associated with the greatest usage of memory. For details, see Using PoolMon to Find Kernel-Mode Memory Leaks.Īlternatively, you can use the kernel debugger to look for tags associated with large pool allocations. To determine which pool tag is associated with the leak, it is usually easiest to use the PoolMon tool for this step. On Windows Server 2003 and later versions of Windows, pool tagging is always enabled. ![]() You must restart Windows for this setting to take effect. Start GFlags, choose the System Registry tab, check the Enable Pool Tagging box, and then select Apply. ![]() GFlags is included in Debugging Tools for Windows. You must first use GFlags to enable pool tagging. The kernel debugger determines the precise location of a kernel-mode memory leak. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |