Memory Leaks in Nonpaged Pool

Found this video on Youtube.  It's a good introduction to finding nonpaged pool memory leaks. This really isn't as much of a problem in Windows Server 2008 R2 and above, but good information here.

https://support.microsoft.com/en-us/kb/177415

How to Enable Procmon Boot Logging with Script

Scenario:

In order to use Procmon to log operations on boot up, you have to go to Options and then select Enable Boot Logging. Once you have done that, you can reboot your computer, logon to your computer, launch Procmon again, and then you can save the boot log.  There may be an occasion when you want to enable it on multiple machines using a script.  This is not something that you can do given the current command line arguments.

Using Analytic and Debug Logs

It's common for IT administrators to use the native Windows logs to search for problems.  Two of the most commonly used logs are the "System" and the "Application" logs.  However, not everyone takes advantage of the the other built in operational logs.  When you go to event viewer, you can expand "Applications and Services Logs" to reveal a vast array of logs. Many of them are empty, but many of them are capturing useful data that can help you discover what is going on with your computer.

For more information on what each of these logs and log types are visit this link https://technet.microsoft.com/en-us/library/cc722404.aspx

In this post, I want to talk about the analytic and debug logs.  The Windows Logs give you information across your system.  It will show you hardware events, system events, security events, application events, etc.  It will do this for all sorts of components and application.  The Applications and Services Logs will drill into individual components and report only on those.