How to Use Poolmon to Troubleshoot Kernel Mode Memory Leaks
ID: Q177415
|
The information in this article applies to:
-
Microsoft Windows NT Workstation version 4.0
-
Microsoft Windows NT Server version 4.0
IMPORTANT: This article contains information about editing the registry.
Before you edit the registry, make sure you understand how to restore it
if a problem occurs. For information about how to do this, view the
"Restoring the Registry" Help topic in Regedit.exe or the "Restoring a
Registry Key" Help topic in Regedt32.exe.
SUMMARY
This article describes how to use the Windows NT 4.0 utility, Poolmon.exe,
as a troubleshooting tool to monitor memory tags. This information can be
used by Microsoft Technical Support to find kernel mode memory leaks.
A memory leak is caused by an application or by a process that allocates
memory for use, but does not free it up when finished. The result is that
available memory is completely used over time, often causing the system
to stop functioning properly.
MORE INFORMATION
The first section that follows describes how to enable tag mode for using
Poolmon. The second section describes how to gather the information for
troubleshooting.
Enabling Tag Mode
Use the following steps to change the registry value that enables tag mode
for Poolmon.exe.
WARNING: Using Registry Editor incorrectly can cause serious problems that
may require you to reinstall Windows. Microsoft cannot guarantee that
problems resulting from the incorrect use of Registry Editor can be
solved. Use Registry Editor at your own risk.
For information about how to edit the registry, view the "Changing Keys
And Values" online Help topic in Registry Editor (Regedit.exe) or the "Add
and Delete Information in the Registry" and "Edit Registry Data" online
Help topics in Regedt32.exe. Note that you should back up the registry
before you edit it.
- Run Registry Editor (Regedt32.exe).
- Go to the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
- Write down the value of GlobalFlag, or save the Session Manager key.
- Double-click the GlobalFlag value in the right pane.
- Change the value to 0x00000400 hex.
NOTE: When you add the global flag value 0x00000400, it only shows
up as being 0x400 after it is added. It is important to add all of the
leading zeros or some of the Poolmon information will not display on
the output screen.
- Restart the computer.
NOTE: When you are finished debugging, change the GlobalFlag value
back to the original value that you were instructed to write down in
step 3.
There is a utility available in the Windows NT Resource Kit to make the
above change without manually editing the registry. The utility is called
Gflags.exe.
To make the change using Gflags.exe:
- Click Start, and then click Run.
- Type gflags.exe, and then click OK.
- Click Enable Pool Tagging
- Click Apply, and then click OK.
Using Poolmon to Collect Information
The Poolmon utility displays all pool tag information on the screen.
Scroll down to view all of the tag information. Use the following steps to
copy and store the tag information. Repeat these steps for two hours at 15
minute intervals. Append each update to the end of the Notepad file.
- Click Start, point to Settings, click Control Panel, and then double-
click Console.
- Click the Options tab and select QuickEdit Mode and Insert Mode.
Click the Layout tab and change the Screen Buffer Size to 99. Click OK.
- Click Start, point to Programs, and then click Command Prompt.
- You will find Poolmon.exe in the Support\Debug\<platform> folder on the
Windows NT 4.0 compact disc. Change to the drive and folder where
Poolmon.exe is located.
- Type Poolmon.exe.
- Press P until Poolmon comes up with the second column "type" showing
the value "paged."
- Press B. This will sort the columns bytes from largest to smallest.
- Select the entire screen contents and press Enter.
- Click Start. Point to Programs, point to Accessories, and then click
Notepad.
- On the Edit menu, click Paste.
- Repeat step 6 looking for the value "nonpaged."
- Repeat 7 - 10 to paste.
Poolmon.exe also has a few command keys that sort the output for you.
Press the letter indicated below to perform the operation. It takes a few
seconds for each command to work. Here is a list of a few of the commands:
P - Sorts tag list by Paged, Non-Paged, or mixed.
Note that P cycles through each one.
B - Sorts tags by max byte usage.
M - Sorts tags by max byte allocation.
T - Sort tags alphabetically by tag name.
E - Display Paged, Non-paged total across bottom.
Cycles through.
A - Sorts tags by allocation size.
F - Sorts tags by "frees".
S - Sorts tags by the differences of allocs and frees.
E - Display Paged, Non-paged total across bottom.
Cycles through.
Q - Quit.
For more information on interpreting the information collected by Poolmon,
please contact Microsoft Technical Support.
Additional query words:
debugref allocs frees krnl paged nonp nonpaged non-paged pages
Keywords : ntgeneral NTSrvWkst
Version : WinNT:4.0
Platform : winnt
Issue type : kbhowto
Last Reviewed: January 26, 1999