memory leak. Trying to figure out what's causing it using poolmon

callanish 1 Reputation point
2021-01-08T23:31:12.657+00:00

Hi, I have a real heavy Paged memory leak that just steals memory to the point where I end up getting a low memory warning in Windows 10 and I need to reboot. I've installed Poolmon and to be honest, deciphering what's causing it is above my pay grade. I'm working with 16GB's of total memrory. 70% of it has now been used and there's no way I'm using anything even remotely close to that with the windows 10 basic things I've been doing. Poolmon is pointing to the paged tag - None which according to the windows memory tag pool master list states that None refers to call to exallocate pool and after a google search when referring to this, all I'm finding is this website https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-exallocatepoolwithtag![54915-pool-paged-memory-leak.jpg][1] ....which frankly isn't really helping me as I'm trying to track down the driver responsible for this memory leak. Originally thought it might be pertaining to macrium reflect as a hunch, but I'll need to uninstall that and wait to see if that's the case. Can anyone guide me in a direction that could explain what 'call to exallocate pool' actually is and what would be causing it to swallow up so much page memory requiring a reboot once it fills completely up. Frankly, I'm head scratching on what to do in order to fix this issue. Thanks for any help. [1]: /api/attachments/54915-pool-paged-memory-leak.jpg?platform=QnA

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,598 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MotoX80 31,571 Reputation points
    2021-01-09T15:44:48.043+00:00

    I tried to help a guy out who had a memory leak with the HalB pool. Maybe this will help you find the source of the problem.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/147a2db6-6701-4caf-a34d-4f345ecff0f5/what-process-owns-nonpaged-pooltag-halb?forum=winserver8gen

    You'll need the Windows Performance Toolkit.

    https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install

    https://blogs.msdn.microsoft.com/ntdebugging/2012/11/30/troubleshooting-pool-leaks-part-7-windows-performance-toolkit/

    This command will monitor the None pool. 

    xperf -on Base+CSwitch+POOL -stackwalk PoolAlloc+PoolFree –PoolTag None -BufferSize 1024 -MaxBuffers 1024 -MaxFile 1024 –FileMode Circular

    Then watch the size with one of these commands. 

    poolmon -u   
poolmon -iNone

    When you see the size grow and grow, generate an .etl file. 

    xperf -d c:\temp\None.etl

    Analyze the .etl with the Performance Analyzer. Instructions are in the "troubleshooting-pool-leaks-part-7-windows" link. See the image that I posted in the first link.

    Hope this helps Good luck.

    0 comments