driver-online
  log-inmypagesitemap
top
   Խ
   α׺
    ߿
    ý
    Beginning Driver
    &
   CrashDumpм(beta)
   QnA
    WDM Թ
    USB
    NDIS
    File System
    Debugging
    
 

Understanding Pool Consumption and Event ID: 2020 or 2019
 ·ۼ 2008.06.10:19.04 (ȭ)  · ۼ Jeff  · ȸ 6,183


" http://blogs.msdn.com/ntdebugging blog ̸ ڷᰡ ֽϴ. ڷ ǰ ֽñ blog 湮Ͻ ֽϴ. (http://blogs.msdn.com/ntdebugging/archive/2006/12/18/Understanding-Pool-Consumption-and-Event-ID_3A00_--2020-or-2019.aspx)"

Understanding Pool Consumption and Event ID: 2020 or 2019

 

ȳϼ ̸ Tate Դϴ. Microsoft Critical Problem Resolution Platforms Team Escalation Engineer Դϴ. CPR Team мϴ Ϲ Ѱ ؼ ϰ մϴ. ٺ pool Ҹ ̰ ذ ã ִ.

 

Pool ҸǴ ߸ мǰ 90% ٸ ذå ã ִ.

 

 ù°, Ʒ Event ǹ̴?

Event ID 2020
Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2020
Description:
The server was unable to allocate from the system paged pool because the pool was empty.

 

Event ID 2019
Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2019
Description:
The server was unable to allocate from the system NonPaged pool because the pool was empty.

 

 ̰ Ư pool type free memory Ÿ ģ Server Service report Դϴ. Server Service (srv.sys) ߸ǰų ƴϰ ҽ Event Log ϵȴ. Ƹ () system hang ̳ driver application out of resource ¡İ Ÿų Ÿ.

 

Pool ̶ ΰ

 

 ù° Pool System ִ RAM Ÿ Windows boot virtual memory ι̳ address space Ǿ ִ. Pool address space ̴. ֳϸ 32bit(x86) machine 2^32 4Giga address ϴ. Windows ()2GB application ϰ 2GB kernel Ѵ. 2GB Kernel Ÿ PTEs ϸ 32Bit(x86) Paged pool ~460MB paged pool ϴ. 64Bit(x64) ū address space ؼ Ͽ Ѵ. ( : Windows Vista kernel ޸ Ҵ dynamic Ǿ paged pool Ѱ谡 ޸𸮿 Ҵ ŭ Ҵ ִ.)

 

 

* pool 200MB Ҵ ִ° Ȯ϶.

 

Pool About Memory Management -> Memory pools

Vista Ǿ. Dynamic Kernel Address Space 

 

Pool ϴ°?

 

Pool kernel ϱ⵵ ϰ Application û system ϱ⵵ Ѵ.(CreateFile ) Ǵ system ġǾ ִ Driver pool allocation Լ Ͽ Ҵϱ⵵ Ѵ.

 

״ Nonpaged disk page ʴ ޸ Ҵ ̾߱ ϴ ׻ ޸ ġ ϰ ̰ driver ߿ Ư̴. Paged disk page ִ. ޸ Ҵ Լ ExAllocatePoolWithTag Ѵ.

 

 

׷ٸ ̰ / ϴ°( ´°?) 

 

windows Ǵ windows Ե component driver Ǵ application û kernel Ҵ ִٴ ˾Ҵ. ׷ٸ ã ?

 

Ϲ ϴ 4 ִ.(̵

 

1.)    Handle ã?

 

Handle ׷. Application OS 𰡸 ûϿ Ǵ ϱ ǰ process handle Եȴ.

 

Machine hang ʾ Task Manager Ȯϴ ̴. Ctrl+Shift+Esc Processes tab View, Select Columns, handle count handle column Ͽ ū ִ Ȯ ִ. ( perfmon.exe, process explorer, handle.exe ԵǾ ִ.)

 

ٴ ̶? Ϲ 5000 Ѱ ִ. 5000 Ѵ ٴ ƴϴ.   Ѵٴ Ϳ ٴ ̰ handle Ѵٴ NonPaged Ǵ Paged Pool Object Memory þ ִٴ ̴.

 

100,000 ڵ ϴ mybadapp.exe ִٰ ؾ ұ?

 

̰ service ̰ ֽϴ.( handle Դϴ.) Ǵ Application ̶ ̰ 󸶳 kernel memory (Paged Ǵ NonPaged ?) پ Ȯ ֽϴ. 400MB paged pool ( ǿ kernel memory paged) ϰ ־ 100,000 handle

ϴ  mybadapp.exe Ͽ 100MB Ǿٸ ߸ ̰ Type handle Ҹ Ǿ Ȯ ִ.( sysinternals process exploere Ǵ Windows debugger )

 

Tip : legacy application ϱ ʿ䰡 . Perfmonce monitor Ͽ handle count õ ٴٸ ְ ִ. (perfmance object : process, Counter : handle count) ׷ ִ application system hang/crash ϴ ã ִ ̴.

 

2.) Pooltag (poolmon.exe

 

׷ handle count ʴ°? .

 

Windows 2003 machine pool Ҹ Ȯ ִ pooltag enable Ǿ ִ. OS gflags.exe ؼ Enable Pool Tagging Ȱȭ Ѿ ߴ( ؾ ȴ.) ̰ kernel api Ͽ pool Ҵ 3° Ķͷ 3-4 ڿ̴. ִ 4 ڿ ȿ ִ´.

 

Poolmon.exe Ͽ pooltag Ǿ Ȯ ִ. cmd prompt Ͽ Ų B ư Byte ָ P ư Pool type (Paged, NonPaged, Both) ְ ǽð ȭ ִ. Tag ̸ ȮϿ ľ ִ. Poolmon.exe ޱ  Ǵ  poolmon.exe

 

̰Ե OS ϴ Tag ̹ pooltag.txt Ͽ ȭ Ǿ ְ Windows Component Ȯ ִ. MmSt Tag ϰ ִٸ pooltag.txt Memory manager Ѵٴ ְ Tag search engine Ͽ ˻ϸ Ƹ KB304101 ã ذ ̴.

 

Pooltag.txt windbg ġ triage ȿ ִ.

 

̷ list ʴ´ٸ, ʴ.

 

ٸ Ͽ tag ڸ ã ִ.

 

32bit version windows poolmon /c ϸ ǻ ȿ(%SystemRoot%System32\Drivers\*.sys) ִ ̹ ִ Tag Ͽ local tag . ⺻ ̸ localtag.txt ̴.

 

 Windows 2000 ̳ Windows NT 4.0 file ã Ʒ KB ϴ FindStr ̳ åâ ִ.

 From:  http://www.microsoft.com/whdc/driver/tips/PoolMem.mspx

 

 

3.)     Driver Verifier

Driver verifier ϴ м õ̴. Driver Verifier Driver ڰ Driver ϱ ϱ Ư ̹ ϴ ̴.

 

 ׷ driver pooltag Ű pool tracking Ȯ ִ.

 

Pool tracking ġ ̹ Ϻ ʾ Bouescreen ߻ϰų ߸ Ǵ ¸ ̴.

 

ڸ Driver verifier ſ tool ̴. ׷ ؾ ϰ ذ ʴ´

 

4.)  Debug (live Ǵ м)

̾߱ Ͱ pool allocate ExAllocatePoolWithTag Ѵ. Kernel debugger ϰ ִٸ ̰ break point ִ. ׷ ̰ ʰ ̷ ̾߱ ִ. Down time þ°? â live debug ʿϰ ߿ ̾߱ ʿϴ.

 

Ϲ debugging м Hang ߻ memory.dmp м ϰ ȴ. System hang ߻ϰ keyboard Ǵ Ctrl+Alt+Del    Ctrl+Scroll Lock KB244139 ִ.

 

Memory.dmp windbg.exe kd.exe load Ͽ Ʒ system ¸ ľ ִ.

 

 

Debugger output Example 1.1  (the !vm command)

 

2: kd> !vm 

*** Virtual Memory Usage ***
Physical Memory:   262012   ( 1048048 Kb)
Page File: \??\C:\pagefile.sys
   Current:   1054720Kb Free Space:    706752Kb
   Minimum:   1054720Kb Maximum:      1054720Kb
Page File: \??\E:\pagefile.sys
   Current:   2490368Kb Free Space:   2137172Kb
   Minimum:   2490368Kb Maximum:      2560000Kb
Available Pages:    63440   (  253760 Kb)
ResAvail Pages:    194301   (  777204 Kb)
Modified Pages:       761   (    3044 Kb)
NonPaged Pool Usage: 52461   (  209844 Kb)<<
! ִ밪 ϴ.
NonPaged Pool Max:   54278   (  217112 Kb)
********** Excessive NonPaged Pool Usage *****

 

NonPaged pool ִ 깞ٴ NonPaged Pool ϴٴ ˷ش.

 

!poolused Ͽ poolmon ִ.

 

Debugger output Example 1.2  (!poolused 2)

 

 2 NonPaged ϶ Ķ̴.

2: kd> !poolused 2
   Sorting by NonPaged Pool Consumed

  Pool Used:
            NonPaged            Paged
 Tag    Allocs     Used    Allocs     Used
 Thre   120145 76892800         0        0
 File   187113 29946176         0        0
 AfdE    89683 25828704         0        0
 TCPT    41888 18765824         0        0
 AfdC    90964 17465088         0        0
 

 

 Thre Tag ϵ Ȯ ְ pooltag.txt Ͽ Ʒ Ȯ ִ.

Thre - nt!ps        - Thread objects

 

! տ ִ nt NT ̰ų kernel Thread object tag ̴.

տ ̾߱ Ͱ Thread object ִٸ Ƹ system ִ Application handle Thread ã ִ.

 

 Debugger !process 0 0 ؼ TableSize ( Handle Count ) 90,000 Ѵ Ȯ ִ.

Debugger output Example 1.3  (the !process command continued)

 

 !process ΰ 0 process ȮѴٴ ǹ ̴.

 

PROCESS 884e6520  SessionId: 0  Cid: 01a0    Peb: 7ffdf000  ParentCid: 0124
DirBase: 110f6000  ObjectTable: 88584448  TableSize: 90472
Image: mybadapp.exe

 

  thread Ȯ ִ.

Debugger output Example 1.4  (the !process command continued)

 

0: kd> !PROCESS 884e6520 4
PROCESS 884e6520  SessionId: 0  Cid: 01a0    Peb: 7ffdf000  ParentCid: 0124
DirBase: 110f6000  ObjectTable: 88584448  TableSize: 90472.
Image: mybadapp.exe

        THREAD 884d8560  Cid 1a0.19c  Teb: 7ffde000  Win32Thread: a208f648 WAIT
        THREAD 88447560  Cid 1a0.1b0  Teb: 7ffdd000  Win32Thread: 00000000 WAIT
        THREAD 88396560  Cid 1a0.1b4  Teb: 7ffdc000  Win32Thread: 00000000 WAIT
        THREAD 88361560  Cid 1a0.1bc  Teb: 7ffda000  Win32Thread: 00000000 WAIT
        THREAD 88335560  Cid 1a0.1c0  Teb: 7ffd9000  Win32Thread: 00000000 WAIT
        THREAD 88340560  Cid 1a0.1c4  Teb: 7ffd8000  Win32Thread: 00000000 WAIT

 And the list goes on

 

 !thread 88340560 ս Thread Ȯ ִ.

 

Applicatoin ̶ code level ȮϿ  Thread  Լ ؿ ְ  Ȯ ̴.

 

 

 

Limit 460MB ó ϸ鼭 200 MB Ҵ ִ°

 

  system Boot ޸ ũ /3GB Option ȮϿ ִ Size X մϴ. Max size Ȯ ִ ֽϴ.

1.)   Process Explorer Task Manager – View.. system information.. kernel memory section

 

Dbghelp.dll symbol ùٸ Ǿ ־ Ѵ

 

 

         Dbghelp.dll path:

c:\<path to debugging tools for windows>\dbghelp.dll

 

Symbols path:

SRV*C:\websymbols*http://msdl.microsoft.com/download/symbols

 

2.) Debugger ( live Ǵ Dump Ͽ !vm )

 

 NonPaged pool size /3GB .

3GB ϸ 128MB ̰ 256mb ̴.

 

Paged pool size PagedPoolSize Ʈ Ͽ ִ Size ִ. KB304101 Ȯ ִ..

 

 

 Perfmon process object pool paged byte ΰ?

 

Application ExAllocatePoolWithQuotaTag Ͽ Ҵ ̴. Ϲ ExAllocatePoolWithTag ϰ count ȿ ̴. ׷ perfmon ġƾ Ѵ.. Ȱϸ ذ ִ.

 

 

Additional Resources:

 

 Who's Using the Pool? from Driver Fundamentals > Tips: What Every Driver Writer Needs to Know

http://www.microsoft.com/whdc/driver/tips/PoolMem.mspx

 

Poolmon Remarks:  http://technet2.microsoft.com/WindowsServer/en/library/85b0ba3b-936e-49f0-b1f2-8c8cb4637b0f1033.mspx

 

 

 

 

  Ǿ⸦ ٶϴ. ׸ event Ǵ Pool Ҹ Ǿ⸦ ٶϴ.

*亯 Ѿ ƼԴϴ.
 
  

: Desktop Heap Overview

: [CDA] ũ м (Part 13)

 
quick-menu
event
study
QnA
pds
family-site concert used used2 intro
address
address