- /
- /
- /
Find Memory Leak using PoolMon
Download and install WDK from Microsoft website.
https://download.microsoft.com/download/c/f/8/cf80b955-d578-4635-825c-2801911f9d79/wdk/wdksetup.exe
Then start C:\Program Files (x86)\Windows Kits\10\Tools\x64\Poolmon.exe.
After you have started the tool, press P.
Then sort the drivers list by the Bytes column by pressing B.
Find the associated driver (EICN example):
Download and run Sigcheck (EICN example):
(Etwr & EtwB example):
Etwr & EtwB are both used to do tracing with Event Tracing for Windows (ETW).
Check which Event loggers are running in Computer Management > Performance > Data Collector Sets
Stop some of them until you find which one causes the usage.
If you stop Eventlog-XXX, you no longer get entries in event log if you have crashes.