Windows Tools

PoolMon Examples

Overview | Notes | Syntax | Examples | Related Tools Open Command Prompt

Example 1: Detect Memory Leakage

In this scenario, a memory leak is caused by an application or by a process that allocates memory for use, but does not free it when finished. The result is that available memory is completely used over time, often causing the system to stop functioning properly.

It will probably take a few hours of generating data before you can make a determination about what is causing the problem. Starting your test will cause the counters to jump. It may take a while for the memory pools to reach a steady state.

  1. Run PoolMon.
  2. Press P until PoolMon comes up with the second column "Type" showing the value "Paged".
  3. Press B. This will sort the tag usage bytes from largest to smallest.
  4. Start your test, and leave it running.
  5. Save the information generated by PoolMon, either as a screenshot, or by copying it out of the command window and pasting it into Notepad.
  6. Press P until only "Non-paged" tags are displayed.
  7. Press B. This will sort the tag usage bytes from largest to smallest.
  8. Save the information generated by PoolMon, either as a screenshot, or by copying it out of the command window and pasting it into Notepad.
  9. Repeat these steps approximately every half-hour, for at least two hours.

At the end of this time, you can analyze the tags to see which ones are continuing to increase in size. Stop your test and wait a few hours. See how many of the tag(s) you found that were increasing in size have freed their allocations. The ones that have not been freed, or have continued to increase in size are likely culprits.

Example 2: Analyze Pool Memory Leak Using the Drsd Tag

The Drsd tag is attached to all allocations made by the Drvalloc() function in the Rasdd.dll and Hprasdd.dll files. All print drivers use this tag for allocating Graphical Device Interface (GDI) objects and memory. If a print driver has an object leak, it can cause the Drsd tag to also leak.

Note

We will use the following steps to identify which driver is triggering the memory leak.

  1. Run GFlags.
  2. Click Enable Pool Tagging.
  3. Click Apply and then click OK.
  4. Restart the computer so that the pool tagging changes can take effect.
  5. Use the /i parameter to have PoolMon display information only for a specified tag. Remember that pool tags are case sensitive so you must type Drsd (not drsd or DRSD) if that is the tag for which you want to see information. Type the following at the command line:

    poolmon /iDrsd

  6. Record the diff number for the Drsd tag. The diff number for the following PoolMon sample is 21 and the number of bytes is 17472.

    The output will look similar to the following:

    Memory:  130480K Avail:   91856K  PageFlts:  1220   InRam Krnl: 2484K P: 7988K
     Commit:  30104K Limit: 248432K Peak:  34028K			Pool N: 2224K P: 8004K
     Tag  Type	 Allocs			Frees			Diff   Bytes	Per Alloc
    
     Drsd Paged	 560 ( 177)	 539 ( 171)	 21   17472 (  4992)	832 
    
    
  7. Print a job to a single printer, wait about one minute for the computer system to return to normal, and then record the diff number after you performed the print job.

    The output will look similar to the following:

    Memory:  130480K Avail:   91808K  PageFlts:  1240   InRam Krnl: 2488K P: 7996K
     Commit:  30152K Limit: 248432K Peak:  34052K			Pool N: 2224K P: 8012K
     Tag  Type	 Allocs			Frees			Diff   Bytes	Per Alloc
    
     Drsd Paged	 737 (   0)	 710 (   0)	 27   22464 (	 0)	832  
    
    

In this example, the diff number is 27, and the number of bytes is now 22464. The difference between the initial and subsequent output means that six Drsd blocks, with a total of 4992 bytes, leaked during the print job. If the diff number had returned to its original value of 21 after the print job, you could interpret such an output to indicate that the driver did not leak.

If Drsd was not the leaking driver, you could perform these steps for each print driver on your computer system, until you identify the driver that was leaking memory.

For more information

When you identify the leaking driver, go to the Product Support Services (http://go.microsoft.com/fwlink/?LinkId=1679) Web site and search the Knowledge Base for relevant articles.