I'm trying to debug a memory leak in a printer driver. I'm pretty sure it's a resource leak, not just a plain memory leak because analyzing heap with !heap -s in windbg doesn't show any increase. How do I monitor other kinds of objects with windbg? Number of GDI objects and open handles is not growing either, so what could it be?
The symptom of memory leak is that private bytes are growing up to 180Mb and then printing starts experiencing random problems.
It could be direct calls to VirtualAlloc. Try to isolate the memory type using "!address -summary". Better yet, find a copy of vadump.exe from an old resource kit. It gives a more readable breakdown.
You might get some clues by diff'ing the output from two runs of windbg's !vadump command, and then dumping some of the newly allocated RAM. If you have symbol files and you dump RAM using the dps command, windbg will display symbol matches for each DWORD. In other words, if a value has a name in the symbol file, you'll see it. A nice example of that is when dumping C++ objects with vtables. The vtable has a symbol, so you'll see what type it is.
Last but not least, you could breakpoint VirtualAlloc and dump the stack for each call. Even absent a rigorous comparison between allocs and frees, you might notice an interesting call stack or allocation size. The breakpoint syntax to dump the stack and continue is
bp kernel32!virtualalloc "kb;g"
Hope that helps, Gary Kratkin
Sorry, I should have specified a breakpoint on VirtualAllocEx in addition to VirtualAlloc. AFAIK, most process-initiated VAD allocations should hit the bp, except those that are implemented in the kernel, such as file mappings (CreateFileMapping/MapViewOfFile) and maybe LoadLibrary. -Gary