如何找出导致PTE疲惫的原因?
How to find out what caused PTE exhaustion?
我的 Windows 10 蓝屏好几次,我有内存转储,运行 !vm 生成下面的输出,显示 0 个可用的 PTE。我如何找出泄漏这些信息的事后分析人员或监控导致泄漏的 process/driver 实时系统?
0: kd> !vm
Page File: \??\C:\pagefile.sys
Current: 9961472 Kb Free Space: 9961464 Kb
Minimum: 9961472 Kb Maximum: 62351824 Kb
Page File: \??\C:\swapfile.sys
Current: 16384 Kb Free Space: 16376 Kb
Minimum: 16384 Kb Maximum: 49881460 Kb
No Name for Paging File
Current: 129378408 Kb Free Space: 129362880 Kb
Minimum: 129378408 Kb Maximum: 129378408 Kb
Physical Memory: 16756646 ( 67026584 Kb)
Available Pages: 11876350 ( 47505400 Kb)
ResAvail Pages: 15917045 ( 63668180 Kb)
Locked IO Pages: 0 ( 0 Kb)
Free System PTEs: 0 ( 0 Kb)
********** Running out of system PTEs **************
Modified Pages: 249289 ( 997156 Kb)
Modified PF Pages: 249261 ( 997044 Kb)
Modified No Write Pages: 25 ( 100 Kb)
NonPagedPool Usage: 3042 ( 12168 Kb)
NonPagedPoolNx Usage: 103383 ( 413532 Kb)
NonPagedPool Max: 4294967296 (17179869184 Kb)
PagedPool 0: 144048 ( 576192 Kb)
PagedPool 1: 31595 ( 126380 Kb)
PagedPool 2: 31923 ( 127692 Kb)
PagedPool 3: 31631 ( 126524 Kb)
PagedPool 4: 31714 ( 126856 Kb)
PagedPool Usage: 270911 ( 1083644 Kb)
PagedPool Maximum: 4294967296 (17179869184 Kb)
Processor Commit: 1348 ( 5392 Kb)
Session Commit: 17782 ( 71128 Kb)
Shared Commit: 658461 ( 2633844 Kb)
Special Pool: 0 ( 0 Kb)
Kernel Stacks: 26919 ( 107676 Kb)
Pages For MDLs: 395401 ( 1581604 Kb)
Pages For AWE: 0 ( 0 Kb)
NonPagedPool Commit: 97838 ( 391352 Kb)
PagedPool Commit: 270911 ( 1083644 Kb)
Driver Commit: 19721 ( 78884 Kb)
Boot Commit: 2732 ( 10928 Kb)
PFN Array Commit: 196913 ( 787652 Kb)
System PageTables: 3267 ( 13068 Kb)
ProcessLockedFilePages: 306 ( 1224 Kb)
Pagefile Hash Pages: 0 ( 0 Kb)
Sum System Commit: 1691599 ( 6766396 Kb)
Total Private: 4330147 ( 17320588 Kb)
Misc/Transient Commit: 9281 ( 37124 Kb)
Committed pages: 6031027 ( 24124108 Kb)
Commit limit: 19247014 ( 76988056 Kb)
Pid ImageName Commit SharedCommit Debt
598c vmmem 3677256 Kb 0 Kb 0 Kb
4d4 RemoteDesktopManager.exe 1367276 Kb 473008 Kb 0 Kb
6300 vmmem 1050684 Kb 0 Kb 0 Kb
207c vmmem 1050684 Kb 0 Kb 0 Kb
1d18 vmmem 1050684 Kb 0 Kb 0 Kb
276c powershell.exe 713052 Kb 4660 Kb 0 Kb
483c chrome.exe 635112 Kb 130192 Kb 0 Kb
3ad4 chrome.exe 525988 Kb 20672 Kb 0 Kb
来自 Russinovich,马克;所罗门,大卫;约内斯库,亚历克斯。 Windows 内幕,第 2 部分(第 6 版)(开发人员参考)
you can enable system PTE tracking by creating a new DWORD value in
the HKLM\ SYSTEM\ CurrentControlSet\ Control\ Session Manager\ Memory
Management key called TrackPtes and setting its value to 1. You can
then use !sysptes 4 to show a list of allocators
所以你可以试试
- 设置注册表项并重新启动
- 在 运行 系统上使用
livekd 并执行 !sysptes 4 以获取所有分配器列表
- 或在您收集的转储上执行
!sysptes 4
我的 Windows 10 蓝屏好几次,我有内存转储,运行 !vm 生成下面的输出,显示 0 个可用的 PTE。我如何找出泄漏这些信息的事后分析人员或监控导致泄漏的 process/driver 实时系统?
0: kd> !vm
Page File: \??\C:\pagefile.sys
Current: 9961472 Kb Free Space: 9961464 Kb
Minimum: 9961472 Kb Maximum: 62351824 Kb
Page File: \??\C:\swapfile.sys
Current: 16384 Kb Free Space: 16376 Kb
Minimum: 16384 Kb Maximum: 49881460 Kb
No Name for Paging File
Current: 129378408 Kb Free Space: 129362880 Kb
Minimum: 129378408 Kb Maximum: 129378408 Kb
Physical Memory: 16756646 ( 67026584 Kb)
Available Pages: 11876350 ( 47505400 Kb)
ResAvail Pages: 15917045 ( 63668180 Kb)
Locked IO Pages: 0 ( 0 Kb)
Free System PTEs: 0 ( 0 Kb)
********** Running out of system PTEs **************
Modified Pages: 249289 ( 997156 Kb)
Modified PF Pages: 249261 ( 997044 Kb)
Modified No Write Pages: 25 ( 100 Kb)
NonPagedPool Usage: 3042 ( 12168 Kb)
NonPagedPoolNx Usage: 103383 ( 413532 Kb)
NonPagedPool Max: 4294967296 (17179869184 Kb)
PagedPool 0: 144048 ( 576192 Kb)
PagedPool 1: 31595 ( 126380 Kb)
PagedPool 2: 31923 ( 127692 Kb)
PagedPool 3: 31631 ( 126524 Kb)
PagedPool 4: 31714 ( 126856 Kb)
PagedPool Usage: 270911 ( 1083644 Kb)
PagedPool Maximum: 4294967296 (17179869184 Kb)
Processor Commit: 1348 ( 5392 Kb)
Session Commit: 17782 ( 71128 Kb)
Shared Commit: 658461 ( 2633844 Kb)
Special Pool: 0 ( 0 Kb)
Kernel Stacks: 26919 ( 107676 Kb)
Pages For MDLs: 395401 ( 1581604 Kb)
Pages For AWE: 0 ( 0 Kb)
NonPagedPool Commit: 97838 ( 391352 Kb)
PagedPool Commit: 270911 ( 1083644 Kb)
Driver Commit: 19721 ( 78884 Kb)
Boot Commit: 2732 ( 10928 Kb)
PFN Array Commit: 196913 ( 787652 Kb)
System PageTables: 3267 ( 13068 Kb)
ProcessLockedFilePages: 306 ( 1224 Kb)
Pagefile Hash Pages: 0 ( 0 Kb)
Sum System Commit: 1691599 ( 6766396 Kb)
Total Private: 4330147 ( 17320588 Kb)
Misc/Transient Commit: 9281 ( 37124 Kb)
Committed pages: 6031027 ( 24124108 Kb)
Commit limit: 19247014 ( 76988056 Kb)
Pid ImageName Commit SharedCommit Debt
598c vmmem 3677256 Kb 0 Kb 0 Kb
4d4 RemoteDesktopManager.exe 1367276 Kb 473008 Kb 0 Kb
6300 vmmem 1050684 Kb 0 Kb 0 Kb
207c vmmem 1050684 Kb 0 Kb 0 Kb
1d18 vmmem 1050684 Kb 0 Kb 0 Kb
276c powershell.exe 713052 Kb 4660 Kb 0 Kb
483c chrome.exe 635112 Kb 130192 Kb 0 Kb
3ad4 chrome.exe 525988 Kb 20672 Kb 0 Kb
来自 Russinovich,马克;所罗门,大卫;约内斯库,亚历克斯。 Windows 内幕,第 2 部分(第 6 版)(开发人员参考)
you can enable system PTE tracking by creating a new DWORD value in the HKLM\ SYSTEM\ CurrentControlSet\ Control\ Session Manager\ Memory Management key called TrackPtes and setting its value to 1. You can then use !sysptes 4 to show a list of allocators
所以你可以试试
- 设置注册表项并重新启动
- 在 运行 系统上使用
livekd并执行!sysptes 4以获取所有分配器列表 - 或在您收集的转储上执行
!sysptes 4