Debugging memory leak with resource exhaustion detector warning 2004.

Hi guys, in this post, I will share a sample of debugging memory leak issue with resource exhaustion detector warning 2004. Recently I worked on a problem that system recorded resource exhaustion warning 2004 in System event log. The source of this event is Resource-Exhaustion-Detector.

In the event properties page, I saw that Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory. But while checked the memory used by the list of processes, they did not actually use large part of the virtual memory.

Checked the details tab of this warning message, found that when the warning was recorded, there was about 26GB paged pool memory usage. The system commit limit, which is the maximum of virtual memory in this server, was about 34GB, then the problem here is the paged pool usage.

Here we can see in the details tab that the top consumer Tag is NCcb. To figure out the driver that is using a pool tag, we can use findstr tool as below. Actually the command will search string "NCcb" in all the driver files and list the found drivers. In this sample the driver was from some Anti Virus software.

-Justin