Tuesday, March 14, 2006

Using Poolmon to find kernel memory leaks...

Just so it's easier for me to find, here is the technet site that covers all the Support Tools

http://technet2.microsoft.com/WindowsServer/en/Library/eb0d5bd1-89c3-4ee7-975f-596b2e37e3aa1033.mspx

I was going to post up some stuff about using Poolmon and Memsnap, but you might as well just read the overview, syntax and example pages for these tools from the Technet site! Just make sure you enable gflags first on a Windows 2000 box, which requires a reboot before it becomes active. It's on by default in 2003.

I will add some small things... so when you've identified and offending tag, if the tag name isn't in pooltag.txt then open %windir%\System32\Drivers and do a search within files for the tag name. So thats search for files named '*' containing text 'tag'... or you could use findstr /m /l tag *.sys too I guess.

Also, while poolmon.exe comes with the Support Tools, pooltag.txt actually comes with both the Resource Kit and WinDbg. It's not a static file, so your best bet is to go with the most recent version, which is usually WinDbg. You'll find it in the /triage subdirectory.

Speaking of WinDbg, here is the symbol search path I always use (and lose - that's why it's going up here!)

C:\Windows\symbols\2000BASE;C:\Windows\symbols\2000SP4;
C:\Windows\symbols\2000SP4U1;C:\Windows\symbols\2003BASE;
C:\Windows\symbols\2003SP1;
SRV*C:\Windows\symbols\download*http://msdl.microsoft.com/download/symbols


Hmmm I'm gonna have to do something about this stylesheet eh!

No comments: