Catch Memory Leak in Non Paged Pool

Here is a quick example about how to find out why our “favorite” task manager don’t show who allocate all RAM.
Here is my screen from physical server which is running out of memory.
1
And everything ok from details tab because kernel memory doesn’t included in the view.
5

There is poolmon.exe utility from MS which will list kernel memory.
Of course you need to download 100500 GB image file and install almost all applications in the Universe from Microsoft to get 28 Kilobytes poolmon.

I`ve archived poolmon for x86 and x64 and you can directly download from here.

You just need to execute it from cmd.

2
ALPC driver which ate all memory.
Now from :\Windows\System32\Drivers run findstr to find which file contain this string.
4
pcmcie.sys in my case the reason why my server is stuck.

Have a Good Day.