最近很多客户Windows实例上发生360驱动360AntiHacker64.sys导致Windows系统non-paged pool耗尽,进而引起系统内存耗尽,系统无响应等症状的问题。这个问题影响非常广,
non-paged pool过度使用
Windows上,non-paged pool是有线的资源,如果,可以使用任务管理器来查看未分页数,来看系统non-paged pool使用情况。这个单位是M。
大量non-paged pool资源被使用
Physical Memory: 2097054 ( 8388216 Kb)
Page File: \??\C:\pagefile.sys
Current: 8388216 Kb Free Space: 8383720 Kb
Minimum: 8388216 Kb Maximum: 23865532 Kb
Page File: \??\D:\pagefile.sys
Current: 1048576 Kb Free Space: 1043672 Kb
Minimum: 1048576 Kb Maximum: 16384000 Kb
Available Pages: 674482 ( 2697928 Kb)
ResAvail Pages: 1002110 ( 4008440 Kb)
Locked IO Pages: 0 ( 0 Kb)
Free System PTEs: 33517356 ( 134069424 Kb)
Modified Pages: 32930 ( 131720 Kb)
Modified PF Pages: 32920 ( 131680 Kb)
NonPagedPool Usage: 1042863 ( 4171452 Kb)
NonPagedPool Max: 1561848 ( 6247392 Kb)
PagedPool 0 Usage: 21574 ( 86296 Kb)
PagedPool 1 Usage: 5169 ( 20676 Kb)
PagedPool 2 Usage: 2061 ( 8244 Kb)
PagedPool 3 Usage: 2000 ( 8000 Kb)
PagedPool 4 Usage: 2041 ( 8164 Kb)
PagedPool Usage: 32845 ( 131380 Kb)
PagedPool Maximum: 33554432 ( 134217728 Kb)
********** 84826 pool allocations have failed **********
Session Commit: 9586 ( 38344 Kb)
Shared Commit: 4921 ( 19684 Kb)
Special Pool: 0 ( 0 Kb)
Shared Process: 15492 ( 61968 Kb)
Pages For MDLs: 583 ( 2332 Kb)
PagedPool Commit: 32894 ( 131576 Kb)
Driver Commit: 3254 ( 13016 Kb)
Committed pages: 1481008 ( 5924032 Kb)
Commit limit: 4455783 ( 17823132 Kb)
360使用DRPI tag分配大量non-paged pool资源。
0: kd> !poolused 2
....
Sorting by NonPaged Pool Consumed
NonPaged Paged
Tag Allocs Used Allocs Used
DRPI 3070320 3487879616 0 0
UNKNOWN pooltag 'DRPI', please update pooltag.txt
