Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Finding driver using a tag (as discovered through Poolmon)

Answered Finding driver using a tag (as discovered through Poolmon)

  • Wednesday, March 20, 2013 8:45 PM
     
     
    Sign In to Vote
    0

    We saw an instance of Event ID 2019 yesterday, and had to reboot the server to restore service. I'm trying to determine if there is a memory leak, but am running into trouble with some directions. I'm trying to follow the steps in this blog post. I installed the Windows Debug Tools and have Process Explorer, strings.exe, and poolmon. 

    I have two problems.

    1. Using poolmon, I've identified a tag I want to investigate, but I can't correlate it to a driver file. I ran the command: c:\WINDOWS\system32\drivers>"c:\Documents and Settings\username\Desktop\strings.exe" * | findstr MmCm, but it doesn't return any files. Given the tag, how else can I find the driver/application?
    2. In the blog post, there is a graph that shows an increase in the nonpaged pool usage (figure 4). He doesn't say what tool was used to display that graph and I don't see where I can see that view in Process Explorer. Where do I find the graph pictured in the blog post?

    Thanks.

     

All Replies

  • Thursday, March 21, 2013 6:42 AM
     
     
    Sign In to Vote
    0

    We saw an instance of Event ID 2019 yesterday, and had to reboot the server to restore service. I'm trying to determine if there is a memory leak, but am running into trouble with some directions. I'm trying to follow the steps in this blog post. I installed the Windows Debug Tools and have Process Explorer, strings.exe, and poolmon. 

    I have two problems.

    1. Using poolmon, I've identified a tag I want to investigate, but I can't correlate it to a driver file. I ran the command: c:\WINDOWS\system32\drivers>"c:\Documents and Settings\username\Desktop\strings.exe" * | findstr MmCm, but it doesn't return any files. Given the tag, how else can I find the driver/application?
    2. In the blog post, there is a graph that shows an increase in the nonpaged pool usage (figure 4). He doesn't say what tool was used to display that graph and I don't see where I can see that view in Process Explorer. Where do I find the graph pictured in the blog post?

    Thanks.

    Please contact the author of the blog post which you have followed and he/she might be able to help you !
     
  • Thursday, March 21, 2013 5:22 PM
     
     
    Sign In to Vote
    0
    Nobody else knows how to use poolmon?
     
  • Thursday, March 21, 2013 8:59 PM
     
     Answered
    Sign In to Vote
    0

    1.  You should check pooltag.txt before doing a string find on .sys files, MmCm is in there for example (Calls made to MmAllocateContiguousMemory)

    2.  Not completely sure, but it is easy to get the same information with Performance Monitor.

    • Marked As Answer by mhashemi Friday, March 22, 2013 4:10 PM
    •  
     
  • Thursday, March 21, 2013 9:41 PM
     
     
    Sign In to Vote
    0

    Darn, I checked that, but didn't see MmCm. I must have been trouble with "Find". Computers are hard, you know? :)

    Thanks.