none
New Version of Procmon using up too much memory - will it be fixed? RRS feed

  • Question

  • The new version of Procmon no longer honours the dropping of filtered events or the event depth (not sure which) so that when executed with filters in place it quickly runs out of memory. The older versions however honour the restrictions correctly so looks like someone has messed up in the newer version.

    Tuesday, November 19, 2019 5:31 PM

All replies

  • Are you logging in the swap file or are you using a dedicated pml backing file?

    With what version exactly you are seeing this??

    I'm using 3.52.. it is using very few memory.. around 30 MB..

     

    And the file on disk is just 4Mb.. and it will grew up in 4MB chunk..

    So, what is exactly your problem?? provide the steps to repro please together with all the details about ProcMon version and OS version

    Thanks

    -mario

    Tuesday, November 19, 2019 6:53 PM
  • In memory logging. Filtering on PID with dropped filtered events and limited to 1 million events. In older versions of procmon this used very little memory but in the March 2019 latest version it runs riot with memory seeing 4GB used in just over 1 minute. It acts exactly the same as if the filtered events where not being dropped. It seems to do this when you quit procmon and reopen it but the settings on the UI seem correct but the application acts like they are not set.
    I’m logged off at present but can get more details tomorrow maybe.
    • Edited by skyline69_uk Tuesday, November 19, 2019 7:30 PM More info
    Tuesday, November 19, 2019 7:28 PM
  • I set your exact condition and it works fine..

    No memory pressure at all.. filtered on PID 4428, set depth to 1 million events..

    When started it said 1.5 GB free of page file memory

    So, it used just around 200 mb of memory after 10 minutes of trace..

    So, what version are you using? on what OS?

    Catch you tomorrow..

    Thanks
    -mario

    Tuesday, November 19, 2019 9:14 PM
  • Did you quit and restart Procmon Mario as that is where we see the problem. On the first time setting them it seems to work fine but once you close Procmon and then open it again it shows the options as set but behaves like they are not. This time the server is Win2012.
    Tuesday, November 19, 2019 10:10 PM
  • I can't repro in any case.. i tried Windows 10 and 2012 R2. Configured Procmon and restarted 4 or 5 time , no way.. it works well.. Is there any chance you can grab a screenshot of Process Explorer showing how much memory is using Process Monitor??

    Thanks
    -mario

    Wednesday, November 20, 2019 8:30 AM
  • Hi Mario, we reverted to an older version of Procmon on that server last night (we are tracking a live issue at present) so I can't get the details for it.

    I tried the new Procmon on my local PC and it works fine so there must be a set of circumstances that cause the issue.

    I'll put this on hold until I can reproduce the issue elsewhere again and get back with more information.

    Wednesday, November 20, 2019 10:04 AM