Put the pooltag column at first place and add the stack column.
![poolmon.exe for windows 10 poolmon.exe for windows 10](http://evercafe.weebly.com/uploads/1/2/4/9/124951380/995401510.jpg)
Open the ETL with WPA.exe, add the Pool graphs to the analysis pane. MaxFile 1024 -FileMode Circular & timeout -1 & xperf -d C:\pool.etlĬapture 30 -60s of the grow. PoolAlloc+PoolFree+PoolAllocSession+PoolFreeSession -BufferSize 2048 Xperf -on PROC_THREAD+LOADER+POOL -stackwalk
#POOLMON.EXE FOR WINDOWS 10 INSTALL#
Install the WPT from the Windows SDK, open a cmd.exe as admin and run this: You have use xperf to trace what causes the usage. If the pooltag only shows Windows drivers or is listed in the pooltag.txt ( "C:\Program Files (x86)\Windows Kits\10\Debuggers\圆4\triage\pooltag.txt") Click Properties, go to the details tab to find the Product Name. Now, go to the drivers folder ( C:\Windows\System32\drivers) and right-click the driver in question (intmsd.sys in the above image example). Then type findstr /s _ *.*, where _ is the tag (left-most name in poolmon).ĭo this to see which driver uses this tag:
![poolmon.exe for windows 10 poolmon.exe for windows 10](https://i.stack.imgur.com/42Etq.png)
To do this, open cmd prompt and type cd C:\Windows\System32\drivers. Now open a cmd prompt and run the findstr command. Now see which pooltag uses most memory as shown here: Run poolmon by going to the folder where WDK is installed, go to Tools (or C:\Program Files (x86)\Windows Kits\10\Tools\圆4) and click poolmon.exe. Install the Windows WDK, run poolmon, sort it via P after pool type so that non paged is on top and via B after bytes to see the tag which uses most memory.
![poolmon.exe for windows 10 poolmon.exe for windows 10](https://studio-servis.ru/wp-content/uploads/3/c/6/3c651d55a7a9bda45ca7594121d385bc.png)
You can use poolmon to see which driver is causing the high usage. Look at the high value of nonpaged kernel memory. You have a memory leak caused by a driver.