Author: DeJag
Subject: procmon driver leak non paged pool
Posted: 22 February 2013 at 11:45am
Hello all,
I had a strange memory leak previously on a 2003 server.
I had to monitor the server for an intermittent issue probably caused by registry permission issue.
In order to keep procmon trace small and memory free, I use a backup file.
Every 5 minutes I open the backup file, filter it using a config file and dropping unused event and save it.
I should have put a bigger timer than 5 minutes as this is what make the memory leak to appear faster.
Using poolmon, I noticed that each time process monitor is executed, the non paged pool under tag Pmn1 and Pmn8 are increasing. But when you close procmon, the memory is not freed !
So my attempt to keep memory free fail as the driver do not release properly non paged memory.
I used last version of Procmon 3.03 and the procmon driver is procmon23.sys.
I have noticed the problem on a 2003 std 32bit and a 2003 and 64bit.
Do any body have an idea how I can unload the procmon driver or release the non paged memory without reboot ?
Thanks
De Jag
Edited by DeJag - 11 hours 14 minutes ago at 11:46am
Subject: procmon driver leak non paged pool
Posted: 22 February 2013 at 11:45am
Hello all,
I had a strange memory leak previously on a 2003 server.
I had to monitor the server for an intermittent issue probably caused by registry permission issue.
In order to keep procmon trace small and memory free, I use a backup file.
Every 5 minutes I open the backup file, filter it using a config file and dropping unused event and save it.
I should have put a bigger timer than 5 minutes as this is what make the memory leak to appear faster.
Using poolmon, I noticed that each time process monitor is executed, the non paged pool under tag Pmn1 and Pmn8 are increasing. But when you close procmon, the memory is not freed !
So my attempt to keep memory free fail as the driver do not release properly non paged memory.
I used last version of Procmon 3.03 and the procmon driver is procmon23.sys.
I have noticed the problem on a 2003 std 32bit and a 2003 and 64bit.
Do any body have an idea how I can unload the procmon driver or release the non paged memory without reboot ?
Thanks
De Jag
Edited by DeJag - 11 hours 14 minutes ago at 11:46am