December 28th, 2012, 03:15 AM
Kernel object leak from NT Kernel & System process
Hey, I came across here looking for a solution to a problem that the internet doesn't seem so keen on solving: Recently, my system process has been creating handles at a ridiculous rate of about 200/sec, eating up the non-paged pool until it uses my 16GB of memory at around 12 million. I don't know much about programming, but I've been rapidly educating myself. I've downloaded Process Explorer, Debug Diagnostics, and the Windows Debugging kit. The problem I've hit is that these programs, especially the windows debugger, which can identify which process requests handles be made, cannot attach to and diagnose the System processes. I could be going in entirely the wrong direction to find the culprit, which I suspect is a faulty driver or the like (I've also done a system restore to a point well before the problem started to no avail, and looked for some way to set a quota on kernel objects below windows' default of 2^24, similar to "USERProcessHandleQuota"). Any ideas?
Tags for this Thread
Click Here to Expand Forum to Full Width