Look at the documentation for the “j” command in the kernel debugger. It
gives you conditional-anything.
-----Original Message-----
From: Smith, Joel [mailto:xxxxx@ntpsoftware.com]
Sent: Thursday, January 25, 2001 8:34 AM
To: File Systems Developers
Subject: [ntfsd] RE: Figuring out why non-paged pool is growing
I once tried setting a breakpoint in the disassembly of
ExAllocatePoolWithTag. You can see the pooltag sitting on the stack.
The idea was to look for the tag in question and look at the callstack
for a good indication of where the allocation is coming from. The
problem was I couldn’t figure out how to configure a ‘conditional’ break
point such that the breakpoint would be triggered if some the value at
some memory addresses (offset from [esp]) were a certain value (i.e the
value of the pooltag). Maybe this can’t be done?
-----Original Message-----
From: Brad Sahr [mailto:xxxxx@macromedia.com]
Sent: Thursday, January 25, 2001 10:54 AM
To: File Systems Developers
Subject: [ntfsd] RE: Figuring out why non-paged pool is growing
I figured out why the pool tag is growing - SeQueryInformationToken
returns
a pointer to a buffer, and the caller must free the buffer. DDK doco
doesn’t
really say this, but the function does return a pointer to a buffer so I
should assume that memory was allocated.
I’d still like to know if there is a general way to determine which
components are using which pool tags.
Brad
-----Original Message-----
From: Brad Sahr [mailto:xxxxx@macromedia.com]
Sent: Thursday, January 25, 2001 8:56 AM
To: File Systems Developers
Subject: RE: [ntfsd] RE: Figuring out why non-paged pool is growing
After running my filter driver overnight with stress tests,
Pooltag reports an interesting entry:
Pool Tag: Se
Memory: PAGed
#Allocs: 2,629,902
#Frees: 22,587
Delta Alloc-Free: 2,607,315
Bytes Used: 166,868,160
Anyone know what Module is using the pool tag of Se ('Se’curity)?
Is there a general way to determine which modules are using which
pool tags (i.e. CM = Cache Manager)? I suspect that finding out
what this module is will help me to determine what my filter is
doing to cause this.
Brad
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Brad Sahr
> Sent: Wednesday, January 24, 2001 8:11 AM
> To: File Systems Developers
> Subject: [ntfsd] RE: Figuring out why non-paged pool is growing
>
>
> I am running the driver verifier. The strange thing is that pooltag
> displayed -some- of my non-paged pool allocations (not
currently doing any
> paged allocations), but not all.
>
> Thank you everyone for the great information about using pooltag,
> pooltag’s
> interactions with the driver verifier, and how to get !poolused
> and !handle
> from within windbg (haven’t tried this one yet, though).
>
> Brad
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf Of Ken Galipeau
> > Sent: Tuesday, January 23, 2001 4:46 PM
> > To: File Systems Developers
> > Subject: [ntfsd] RE: Figuring out why non-paged pool is growing
> >
> >
> > Also note PoolTag does not work if you are also running the
> > Driver Verifier.
> > I imagine if a certain verifier option is turned off it might
> > then work but
> > I don’t know which one.
> > Ken
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf Of Mark Cariddi
> > Sent: Tuesday, January 23, 2001 1:57 PM
> > To: File Systems Developers
> > Subject: [ntfsd] RE: Figuring out why non-paged pool is growing
> >
> >
> > You should be taking any memory that you allocate and you can
> use POOLTAG
> > (www.osr.com) to figure out what memory is leaking.
> >
> > --Mark
> >
> > Mark J. Cariddi
> > Consulting Associate
> > Open Systems Resources, Inc.
> > http:\www.osr.com\
> >
> > -----Original Message-----
> > From: Brad Sahr [mailto:xxxxx@macromedia.com]
> > Sent: Tuesday, January 23, 2001 2:42 PM
> > To: File Systems Developers
> > Subject: [ntfsd] Figuring out why non-paged pool is growing
> >
> >
> > On my target machine, I’m running my FS filter. While the
> filter is stable
> > and the applications accessing the file system are not
growing paged or
> > non-paged pools, the Task Manager shows the Paged pool (as
> viewed from the
> > Performance tab) consistently increasing when the filter is
exercised.
> >
> > The filter code does not explicitly allocate any paged pool - I
> suspect it
> > may be the result of something that the filter code is doing.
> >
> > How can I use windbg to verify that my filter is somehow
> > neglecting to free
> > paged pool?
> >
> > Brad
You are currently subscribed to ntfsd as: xxxxx@ntpsoftware.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: xxxxx@exchange.microsoft.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com