In our example, you can see that most of the RAM in the non-paged pool is used by drivers with tags Nr22, ConT, and smNp. Your task is to identify the driver file using this tag. Then press the B key to sort the driver list by the Bytes column. ![]() The second column will display the tags of the processes that use non-paged memory (the Nonp attribute). Then start the Poolmon.exe (in case of WDK for Windows 10, the tool is located in C:\Program Files (x86)\Windows Kits\10\Tools\ folder).Īfter you have started the tool, press P. Download and install the WDK for your Windows version from Microsoft. ![]() To do this, we need the Poolmoon.exe console tool included in the Windows Driver Kit (WDK). You can try to identify the driver that caused the memory leak in the non-paged pool. Using PoolMon to Find a Kernel-Mode Memory Leak
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |