Browse by Tags

Related Posts
  • Blog Post: Understanding Pool Corruption Part 3 – Special Pool for Double Frees

    In Part 1 and Part 2 of this series we discussed pool corruption and how special pool can be used to identify the cause of such corruption.  In today’s article we will use special pool to catch a double free of pool memory.   A double free of ...read more
  • Blog Post: Understanding Pool Corruption Part 1 – Buffer Overflows

    Before we can discuss pool corruption we must understand what pool is.  Pool is kernel mode memory used as a storage space for drivers.  Pool is organized in a similar way to how you might use a notepad when taking notes from a lecture or a ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 7 – Windows Performance Toolkit

    In Part 1 of this series we identified a pool leak in non paged pool.  In Part 2 and Part 3 of this series we identified what pool tag was leaking.  In Part 5 and Part 6 we got call stacks showing the memory being allocated.  In this article ...read more
  • Blog Post: Stop 0x19 in a Large Pool Allocation

    Hello all, Scott Olson here again to share another interesting issue I recently debugged with pool corruption and found that using special pool does not work with large pool allocations ( pool allocations greater than a PAGE_SIZE ).   Here is an ...read more
  • Blog Post: Understanding Pool Corruption Part 2 – Special Pool for Buffer Overruns

    In our previous article we discussed pool corruption that occurs when a driver writes too much data in a buffer.  In this article we will discuss how special pool can help identify the driver that writes too much data.   Pool is typically organized ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 5 – PoolHitTag

    In Part 4 we narrowed the source of the leaked pool memory to the specific driver which is allocating it, and we identified where in the driver this allocation was taking place.  However, we did not capture contextual information such as the call ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 4 – Debugging Multiple Users for a Tag

    In our previous articles we discussed various techniques for identifying a pool memory leak and narrowing the scope of the leak to an individual pool tag.  Knowing the leaking pool tag is often sufficient to identify the cause of the problem and ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 3 – Debugging

    In our previous articles we discussed identifying a pool leak with perfmon , and narrowing the source of the leak with poolmon .  These tools are often preferred because they are easy to use, provide verbose information, and can be run on a system ...read more
  • Blog Post: Call Stacks for Pool Allocations

    Hello, it's the Debug Ninja back again for another NtDebugging Blog article.   For as long as I can remember user mode debuggers have had an easy way to get call stacks for heap allocations.   On more recent versions of Windows this has been ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 1 – Perfmon

    Over the years the NTDebugging Blog has published several articles about pool memory and pool leaks.  However, we haven’t taken a comprehensive approach to understanding and troubleshooting pool memory usage.  This upcoming series of articles ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 2 – Poolmon

    In our previous article we discussed how to identify a pool leak using perfmon.  Although it may be interesting to know that you have a pool leak, most customers are interested in identifying the cause of the leak so that it can be corrected.  ...read more